Commit 60918e63 authored by Jérome Perrin's avatar Jérome Perrin

Merge remote-tracking branch 'upstream/master' into zope4py2

parents 59843d01 f7b39cc0
...@@ -32,6 +32,7 @@ md5sum = bfb5b09a0d1f887c8c42a6d5f26971ab ...@@ -32,6 +32,7 @@ md5sum = bfb5b09a0d1f887c8c42a6d5f26971ab
patches = patches =
https://gitlab.com/redhat/centos-stream/src/qemu-kvm/-/merge_requests/87.diff#ad41b138aa6f330f95811c9a83637b85 https://gitlab.com/redhat/centos-stream/src/qemu-kvm/-/merge_requests/87.diff#ad41b138aa6f330f95811c9a83637b85
patch-options = -p1 patch-options = -p1
patch-binary = ${patch:location}/bin/patch
pre-configure = pre-configure =
sed -i '/^libmigration\b/s/$/ dependencies: [zlib],/' meson.build sed -i '/^libmigration\b/s/$/ dependencies: [zlib],/' meson.build
sed -i 's/\bsnappy,/zlib, \0/' dump/meson.build sed -i 's/\bsnappy,/zlib, \0/' dump/meson.build
...@@ -59,7 +60,7 @@ configure-options = ...@@ -59,7 +60,7 @@ configure-options =
environment = environment =
CFLAGS=-I${librbd:location}/include/ -I${gettext:location}/include -I${libaio:location}/include -I${liburing:location}/include -I${libcap-ng:location}/include CFLAGS=-I${librbd:location}/include/ -I${gettext:location}/include -I${libaio:location}/include -I${liburing:location}/include -I${libcap-ng:location}/include
LDFLAGS=-L${librbd:location}/lib -Wl,-rpath=${librbd:location}/lib -L${gettext:location}/lib -L${libaio:location}/lib -L${libcap-ng:location}/lib -Wl,-rpath=${libcap-ng:location}/lib -Wl,-rpath=${glib:location}/lib -Wl,-rpath=${gnutls:location}/lib -Wl,-rpath=${nettle:location}/lib -Wl,-rpath=${pixman:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${gettext:location}/lib -Wl,-rpath=${libpng:location}/lib -Wl,-rpath=${libaio:location}/lib -Wl,-rpath=${liburing:location}/lib -Wl,-rpath=${libcap-ng:location}/lib LDFLAGS=-L${librbd:location}/lib -Wl,-rpath=${librbd:location}/lib -L${gettext:location}/lib -L${libaio:location}/lib -L${libcap-ng:location}/lib -Wl,-rpath=${libcap-ng:location}/lib -Wl,-rpath=${glib:location}/lib -Wl,-rpath=${gnutls:location}/lib -Wl,-rpath=${nettle:location}/lib -Wl,-rpath=${pixman:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${gettext:location}/lib -Wl,-rpath=${libpng:location}/lib -Wl,-rpath=${libaio:location}/lib -Wl,-rpath=${liburing:location}/lib -Wl,-rpath=${libcap-ng:location}/lib
PATH=${patch:location}/bin:${pkgconfig:location}/bin:${bzip2:location}/bin:%(PATH)s PATH=${pkgconfig:location}/bin:${bzip2:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${glib:location}/lib/pkgconfig:${gnutls:location}/lib/pkgconfig:${gnutls:pkg-config-path}:${libpng:location}/lib/pkgconfig:${liburing:location}/lib/pkgconfig:${ncurses:location}/lib/pkgconfig:${pcre:location}/lib/pkgconfig:${pixman:location}/lib/pkgconfig:${librbd:location}/lib/pkgconfig PKG_CONFIG_PATH=${glib:location}/lib/pkgconfig:${gnutls:location}/lib/pkgconfig:${gnutls:pkg-config-path}:${libpng:location}/lib/pkgconfig:${liburing:location}/lib/pkgconfig:${ncurses:location}/lib/pkgconfig:${pcre:location}/lib/pkgconfig:${pixman:location}/lib/pkgconfig:${librbd:location}/lib/pkgconfig
[qemu:sys.version_info < (3,6)] [qemu:sys.version_info < (3,6)]
......
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
# not need these here). # not need these here).
[template] [template]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = 051ae51b86f9aba169a6777fa2239901 md5sum = f1f04e7f27bc6e40a655dd4badb2a8af
[profile-common] [profile-common]
filename = instance-common.cfg.in filename = instance-common.cfg.in
...@@ -22,19 +22,19 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68 ...@@ -22,19 +22,19 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-caddy-frontend] [profile-caddy-frontend]
filename = instance-apache-frontend.cfg.in filename = instance-apache-frontend.cfg.in
md5sum = 1e912fb970401a4b7670b25ba8284a5b md5sum = 874133120f3a4eda1d0505b8608b280f
[profile-caddy-replicate] [profile-caddy-replicate]
filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
md5sum = 57388e76c7e61b3d7213df8aac0b407d md5sum = 02a10d92d2b0e270454998cf865b6895
[profile-slave-list] [profile-slave-list]
_update_hash_filename_ = templates/apache-custom-slave-list.cfg.in _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
md5sum = 964a7f673f441f3a3e90c88ab03e3351 md5sum = 268a945e5c7a52c8766b54a817215c4c
[profile-replicate-publish-slave-information] [profile-replicate-publish-slave-information]
_update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in _update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
md5sum = be54431846fe7f3cee65260eefc83d62 md5sum = b3422f3624054f57b78d0e50a0de399a
[profile-caddy-frontend-configuration] [profile-caddy-frontend-configuration]
_update_hash_filename_ = templates/Caddyfile.in _update_hash_filename_ = templates/Caddyfile.in
...@@ -98,11 +98,11 @@ md5sum = f6f72d03af7d9dc29fb4d4fef1062e73 ...@@ -98,11 +98,11 @@ md5sum = f6f72d03af7d9dc29fb4d4fef1062e73
[caddyprofiledeps-dummy] [caddyprofiledeps-dummy]
filename = caddyprofiledummy.py filename = caddyprofiledummy.py
md5sum = b41b8de115ad815d0b0db306ad650365 md5sum = 1c866272ec0ea0c161f0c0d80cb6e584
[profile-kedifa] [profile-kedifa]
filename = instance-kedifa.cfg.in filename = instance-kedifa.cfg.in
md5sum = b5426129668f39ace55f14012c4a2fd2 md5sum = 2f1c9cc9a3d2f4c6ac59eba5a99d4983
[template-backend-haproxy-rsyslogd-conf] [template-backend-haproxy-rsyslogd-conf]
_update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in _update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in
...@@ -110,7 +110,7 @@ md5sum = 3336d554661b138dcef97b1d1866803c ...@@ -110,7 +110,7 @@ md5sum = 3336d554661b138dcef97b1d1866803c
[template-slave-introspection-httpd-nginx] [template-slave-introspection-httpd-nginx]
_update_hash_filename_ = templates/slave-introspection-httpd-nginx.conf.in _update_hash_filename_ = templates/slave-introspection-httpd-nginx.conf.in
md5sum = 3067e6ba6c6901821d57d2109517d39c md5sum = b79addf01b6fb93c2f3d018e83eff766
[template-expose-csr-nginx-conf] [template-expose-csr-nginx-conf]
_update_hash_filename_ = templates/expose-csr-nginx.conf.in _update_hash_filename_ = templates/expose-csr-nginx.conf.in
......
from __future__ import print_function
import caucase.client import caucase.client
import caucase.utils import caucase.utils
import os import os
import ssl import ssl
import sys import sys
import urllib import urllib.request, urllib.parse, urllib.error
import urlparse import urllib.parse
from cryptography import x509 from cryptography import x509
from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives import serialization
...@@ -24,7 +24,7 @@ class Recipe(object): ...@@ -24,7 +24,7 @@ class Recipe(object):
def validate_netloc(netloc): def validate_netloc(netloc):
# a bit crazy way to validate that the passed parameter is haproxy # a bit crazy way to validate that the passed parameter is haproxy
# compatible server netloc # compatible server netloc
parsed = urlparse.urlparse('scheme://'+netloc) parsed = urllib.parse.urlparse('scheme://'+netloc)
if ':' in parsed.hostname: if ':' in parsed.hostname:
hostname = '[%s]' % parsed.hostname hostname = '[%s]' % parsed.hostname
else: else:
...@@ -33,7 +33,7 @@ def validate_netloc(netloc): ...@@ -33,7 +33,7 @@ def validate_netloc(netloc):
def _check_certificate(url, certificate): def _check_certificate(url, certificate):
parsed = urlparse.urlparse(url) parsed = urllib.parse.urlparse(url)
got_certificate = ssl.get_server_certificate((parsed.hostname, parsed.port)) got_certificate = ssl.get_server_certificate((parsed.hostname, parsed.port))
if certificate.strip() != got_certificate.strip(): if certificate.strip() != got_certificate.strip():
raise ValueError('Certificate for %s does not match expected one' % (url,)) raise ValueError('Certificate for %s does not match expected one' % (url,))
...@@ -44,7 +44,7 @@ def _get_exposed_csr(url, certificate): ...@@ -44,7 +44,7 @@ def _get_exposed_csr(url, certificate):
self_signed = ssl.create_default_context() self_signed = ssl.create_default_context()
self_signed.check_hostname = False self_signed.check_hostname = False
self_signed.verify_mode = ssl.CERT_NONE self_signed.verify_mode = ssl.CERT_NONE
return urllib.urlopen(url, context=self_signed).read() return urllib.request.urlopen(url, context=self_signed).read().decode()
def _get_caucase_client(ca_url, ca_crt, user_key): def _get_caucase_client(ca_url, ca_crt, user_key):
...@@ -72,7 +72,7 @@ def _csr_match(*csr_list): ...@@ -72,7 +72,7 @@ def _csr_match(*csr_list):
number_list = set([]) number_list = set([])
for csr in csr_list: for csr in csr_list:
number_list.add( number_list.add(
x509.load_pem_x509_csr(str(csr)).public_key().public_numbers()) x509.load_pem_x509_csr(csr.encode()).public_key().public_numbers())
return len(number_list) == 1 return len(number_list) == 1
......
...@@ -99,7 +99,7 @@ hash-salt = ${frontend-node-private-salt:value} ...@@ -99,7 +99,7 @@ hash-salt = ${frontend-node-private-salt:value}
init = init =
import hashlib import hashlib
import base64 import base64
options['value'] = base64.urlsafe_b64encode(hashlib.md5(''.join([options['software-release-url'].strip(), options['hash-salt']])).digest()) options['value'] = base64.urlsafe_b64encode(hashlib.md5(''.join([options['software-release-url'].strip(), options['hash-salt']]).encode()).digest()).decode()
[frontend-node-information] [frontend-node-information]
recipe = slapos.recipe.build recipe = slapos.recipe.build
...@@ -359,9 +359,9 @@ partition_ipv6 = ${slap-configuration:ipv6-random} ...@@ -359,9 +359,9 @@ partition_ipv6 = ${slap-configuration:ipv6-random}
extra-context = extra-context =
key caddy_configuration_directory caddy-directory:slave-configuration key caddy_configuration_directory caddy-directory:slave-configuration
key backend_client_caucase_url :backend-client-caucase-url key backend_client_caucase_url :backend-client-caucase-url
import urlparse_module urlparse
import furl_module furl import furl_module furl
import urllib_module urllib import urllib_module urllib
import operator_module operator
key master_key_download_url :master_key_download_url key master_key_download_url :master_key_download_url
key autocert caddy-directory:autocert key autocert caddy-directory:autocert
key caddy_log_directory caddy-directory:slave-log key caddy_log_directory caddy-directory:slave-log
...@@ -475,9 +475,14 @@ slave-introspection-graceful-command = ${slave-introspection-validate:output} && ...@@ -475,9 +475,14 @@ slave-introspection-graceful-command = ${slave-introspection-validate:output} &&
# BBB: SlapOS Master non-zero knowledge BEGIN # BBB: SlapOS Master non-zero knowledge BEGIN
[get-self-signed-fallback-access] [get-self-signed-fallback-access]
recipe = collective.recipe.shelloutput recipe = slapos.recipe.build
commands = certificate-file = ${self-signed-fallback-access:certificate}
certificate = cat ${self-signed-fallback-access:certificate} init =
import os
options['certificate'] = ''
if os.path.exists(options['certificate-file']):
with open(options['certificate-file'], 'r') as fh:
options['certificate'] = fh.read()
[apache-certificate] [apache-certificate]
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
...@@ -1066,7 +1071,7 @@ config-command = ...@@ -1066,7 +1071,7 @@ config-command =
${logrotate:wrapper-path} -d ${logrotate:wrapper-path} -d
[configuration] [configuration]
{%- for key, value in instance_parameter_dict.iteritems() -%} {%- for key, value in instance_parameter_dict.items() -%}
{%- if key.startswith('configuration.') %} {%- if key.startswith('configuration.') %}
{{ key.replace('configuration.', '') }} = {{ dumps(value) }} {{ key.replace('configuration.', '') }} = {{ dumps(value) }}
{%- endif -%} {%- endif -%}
...@@ -1076,13 +1081,13 @@ config-command = ...@@ -1076,13 +1081,13 @@ config-command =
{#- There are dangerous keys like recipe, etc #} {#- There are dangerous keys like recipe, etc #}
{#- XXX: Some other approach would be useful #} {#- XXX: Some other approach would be useful #}
{%- set DROP_KEY_LIST = ['recipe', '__buildout_signature__', 'computer', 'partition', 'url', 'key', 'cert'] %} {%- set DROP_KEY_LIST = ['recipe', '__buildout_signature__', 'computer', 'partition', 'url', 'key', 'cert'] %}
{%- for key, value in instance_parameter_dict.iteritems() -%} {%- for key, value in instance_parameter_dict.items() -%}
{%- if not key.startswith('configuration.') and key not in DROP_KEY_LIST %} {%- if not key.startswith('configuration.') and key not in DROP_KEY_LIST %}
{{ key }} = {{ dumps(value) }} {{ key }} = {{ dumps(value) }}
{%- endif -%} {%- endif -%}
{%- endfor %} {%- endfor %}
[software-parameter-section] [software-parameter-section]
{%- for key, value in software_parameter_dict.iteritems() %} {%- for key, value in software_parameter_dict.items() %}
{{ key }} = {{ dumps(value) }} {{ key }} = {{ dumps(value) }}
{%- endfor %} {%- endfor %}
...@@ -129,7 +129,7 @@ context = ...@@ -129,7 +129,7 @@ context =
{% set config_key = "-frontend-config-%s-" % i %} {% set config_key = "-frontend-config-%s-" % i %}
{% set config_key_length = config_key | length %} {% set config_key_length = config_key | length %}
{% set config_dict = {} %} {% set config_dict = {} %}
{% for key in slapparameter_dict.keys() %} {% for key in list(slapparameter_dict.keys()) %}
{% if key.startswith(sla_key) %} {% if key.startswith(sla_key) %}
{% do sla_dict.__setitem__(key[sla_key_length:], slapparameter_dict.pop(key)) %} {% do sla_dict.__setitem__(key[sla_key_length:], slapparameter_dict.pop(key)) %}
# We check for specific configuration regarding the frontend # We check for specific configuration regarding the frontend
...@@ -164,7 +164,7 @@ context = ...@@ -164,7 +164,7 @@ context =
{% set critical_rejected_slave_dict = {} %} {% set critical_rejected_slave_dict = {} %}
{% set warning_slave_dict = {} %} {% set warning_slave_dict = {} %}
{% set used_host_list = [] %} {% set used_host_list = [] %}
{% for slave in sorted(instance_parameter_dict['slave-instance-list']) %} {% for slave in sorted(instance_parameter_dict['slave-instance-list'], key=operator_module.itemgetter('slave_reference')) %}
{% set slave_error_list = [] %} {% set slave_error_list = [] %}
{% set slave_critical_error_list = [] %} {% set slave_critical_error_list = [] %}
{% set slave_warning_list = [] %} {% set slave_warning_list = [] %}
...@@ -278,7 +278,7 @@ context = ...@@ -278,7 +278,7 @@ context =
{% if k in slave %} {% if k in slave %}
{% set crt = slave.get(k, '') %} {% set crt = slave.get(k, '') %}
{% set check_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout']) %} {% set check_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout']) %}
{% do check_popen.communicate(crt) %} {% do check_popen.communicate(crt.encode()) %}
{% if check_popen.returncode != 0 %} {% if check_popen.returncode != 0 %}
{% do slave_error_list.append('%s is invalid' % (k,)) %} {% do slave_error_list.append('%s is invalid' % (k,)) %}
{% endif %} {% endif %}
...@@ -296,8 +296,8 @@ context = ...@@ -296,8 +296,8 @@ context =
{% if slave.get('ssl_key') and slave.get('ssl_crt') %} {% if slave.get('ssl_key') and slave.get('ssl_crt') %}
{% set key_popen = popen([software_parameter_dict['openssl'], 'rsa', '-noout', '-modulus']) %} {% set key_popen = popen([software_parameter_dict['openssl'], 'rsa', '-noout', '-modulus']) %}
{% set crt_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout', '-modulus']) %} {% set crt_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout', '-modulus']) %}
{% set key_modulus = key_popen.communicate(slave['ssl_key'])[0] | trim %} {% set key_modulus = key_popen.communicate(slave['ssl_key'].encode())[0] | trim %}
{% set crt_modulus = crt_popen.communicate(slave['ssl_crt'])[0] | trim %} {% set crt_modulus = crt_popen.communicate(slave['ssl_crt'].encode())[0] | trim %}
{% if not key_modulus or key_modulus != crt_modulus %} {% if not key_modulus or key_modulus != crt_modulus %}
{% do slave_error_list.append('slave ssl_key and ssl_crt does not match') %} {% do slave_error_list.append('slave ssl_key and ssl_crt does not match') %}
{% endif %} {% endif %}
...@@ -334,7 +334,7 @@ context = ...@@ -334,7 +334,7 @@ context =
{% do warning_slave_dict.__setitem__(slave.get('slave_reference'), sorted(slave_warning_list)) %} {% do warning_slave_dict.__setitem__(slave.get('slave_reference'), sorted(slave_warning_list)) %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% do authorized_slave_list.sort() %} {% do authorized_slave_list.sort(key=operator_module.itemgetter('slave_reference')) %}
[monitor-instance-parameter] [monitor-instance-parameter]
monitor-httpd-port = {{ master_partition_monitor_monitor_httpd_port }} monitor-httpd-port = {{ master_partition_monitor_monitor_httpd_port }}
...@@ -356,7 +356,7 @@ return = slave-instance-information-list monitor-base-url backend-client-csr-url ...@@ -356,7 +356,7 @@ return = slave-instance-information-list monitor-base-url backend-client-csr-url
{%- do base_node_configuration_dict.__setitem__(key, slapparameter_dict[key]) %} {%- do base_node_configuration_dict.__setitem__(key, slapparameter_dict[key]) %}
{%- endif %} {%- endif %}
{%- endfor %} {%- endfor %}
{% for section, frontend_request in request_dict.iteritems() %} {% for section, frontend_request in request_dict.items() %}
{% set state = frontend_request.get('state', '') %} {% set state = frontend_request.get('state', '') %}
[{{section}}] [{{section}}]
<= replicate <= replicate
...@@ -377,14 +377,14 @@ config-cluster-identification = {{ instance_parameter_dict['root-instance-title' ...@@ -377,14 +377,14 @@ config-cluster-identification = {{ instance_parameter_dict['root-instance-title'
{# sort_keys are important in order to avoid shuffling parameters on each run #} {# sort_keys are important in order to avoid shuffling parameters on each run #}
{% do node_configuration_dict.__setitem__(slave_list_name, json_module.dumps(authorized_slave_list, sort_keys=True)) %} {% do node_configuration_dict.__setitem__(slave_list_name, json_module.dumps(authorized_slave_list, sort_keys=True)) %}
{% do node_configuration_dict.__setitem__("frontend-name", frontend_request.get('name')) %} {% do node_configuration_dict.__setitem__("frontend-name", frontend_request.get('name')) %}
{%- for config_key, config_value in node_configuration_dict.iteritems() %} {%- for config_key, config_value in node_configuration_dict.items() %}
config-{{ config_key }} = {{ dumps(config_value) }} config-{{ config_key }} = {{ dumps(config_value) }}
{% endfor -%} {% endfor -%}
{%- for config_key, config_value in base_node_configuration_dict.iteritems() %} {%- for config_key, config_value in base_node_configuration_dict.items() %}
config-{{ config_key }} = {{ dumps(config_value) }} config-{{ config_key }} = {{ dumps(config_value) }}
{% endfor -%} {% endfor -%}
{% if frontend_request.get('sla') %} {% if frontend_request.get('sla') %}
{% for parameter, value in frontend_request.get('sla').iteritems() %} {% for parameter, value in frontend_request.get('sla').items() %}
sla-{{ parameter }} = {{ value }} sla-{{ parameter }} = {{ value }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
...@@ -489,7 +489,7 @@ config-slave-list = {{ dumps(authorized_slave_list) }} ...@@ -489,7 +489,7 @@ config-slave-list = {{ dumps(authorized_slave_list) }}
config-cluster-identification = {{ instance_parameter_dict['root-instance-title'] }} config-cluster-identification = {{ instance_parameter_dict['root-instance-title'] }}
{% set software_url_key = "-kedifa-software-release-url" %} {% set software_url_key = "-kedifa-software-release-url" %}
{% if slapparameter_dict.has_key(software_url_key) %} {% if software_url_key in slapparameter_dict %}
software-url = {{ slapparameter_dict.pop(software_url_key) }} software-url = {{ slapparameter_dict.pop(software_url_key) }}
{% else %} {% else %}
software-url = ${slap-connection:software-release-url} software-url = ${slap-connection:software-release-url}
...@@ -499,7 +499,7 @@ name = kedifa ...@@ -499,7 +499,7 @@ name = kedifa
return = slave-kedifa-information master-key-generate-auth-url master-key-upload-url master-key-download-url caucase-url kedifa-csr-url csr-certificate monitor-base-url return = slave-kedifa-information master-key-generate-auth-url master-key-upload-url master-key-download-url caucase-url kedifa-csr-url csr-certificate monitor-base-url
{% set sla_kedifa_key = "-sla-kedifa-" %} {% set sla_kedifa_key = "-sla-kedifa-" %}
{% set sla_kedifa_key_length = sla_kedifa_key | length %} {% set sla_kedifa_key_length = sla_kedifa_key | length %}
{% for key in slapparameter_dict.keys() %} {% for key in list(slapparameter_dict.keys()) %}
{% if key.startswith(sla_kedifa_key) %} {% if key.startswith(sla_kedifa_key) %}
sla-{{ key[sla_kedifa_key_length:] }} = {{ slapparameter_dict.pop(key) }} sla-{{ key[sla_kedifa_key_length:] }} = {{ slapparameter_dict.pop(key) }}
{% endif %} {% endif %}
......
...@@ -171,9 +171,14 @@ wrapper-path = ${directory:service}/expose-csr ...@@ -171,9 +171,14 @@ wrapper-path = ${directory:service}/expose-csr
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
[expose-csr-certificate-get] [expose-csr-certificate-get]
recipe = collective.recipe.shelloutput recipe = slapos.recipe.build
commands = certificate-file = ${expose-csr-certificate:certificate}
certificate = cat ${expose-csr-certificate:certificate} init =
import os
options['certificate'] = ''
if os.path.exists(options['certificate-file']):
with open(options['certificate-file'], 'r') as fh:
options['certificate'] = fh.read()
[jinja2-template-base] [jinja2-template-base]
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
...@@ -259,10 +264,8 @@ command = ...@@ -259,10 +264,8 @@ command =
update-command = ${:command} update-command = ${:command}
[{{ slave_reference }}-auth-random] [{{ slave_reference }}-auth-random]
recipe = collective.recipe.shelloutput <= auth-random
file = {{ '${' + slave_reference }}-auth-random-generate:file} file = {{ '${' + slave_reference }}-auth-random-generate:file}
commands =
passwd = cat ${:file} 2>/dev/null || echo "NotReadyYet"
{% endfor %} {% endfor %}
...@@ -273,11 +276,18 @@ command = ...@@ -273,11 +276,18 @@ command =
[ ! -f ${:file} ] && {{ software_parameter_dict['curl'] }}/bin/curl -s -g -X POST https://[${kedifa-config:ip}]:${kedifa-config:port}/reserve-id --cert ${kedifa-config:certificate} --cacert ${kedifa-config:ca-certificate} > ${:file}.tmp && mv ${:file}.tmp ${:file} [ ! -f ${:file} ] && {{ software_parameter_dict['curl'] }}/bin/curl -s -g -X POST https://[${kedifa-config:ip}]:${kedifa-config:port}/reserve-id --cert ${kedifa-config:certificate} --cacert ${kedifa-config:ca-certificate} > ${:file}.tmp && mv ${:file}.tmp ${:file}
update-command = ${:command} update-command = ${:command}
[auth-random]
recipe = slapos.recipe.build
init =
import os
options['passwd'] = 'NotReadyYet'
if os.path.exists(options['file']):
with open(options['file'], 'r') as fh:
options['passwd'] = fh.read()
[master-auth-random] [master-auth-random]
recipe = collective.recipe.shelloutput <= auth-random
file = ${master-auth-random-generate:file} file = ${master-auth-random-generate:file}
commands =
passwd = cat ${:file} 2>/dev/null || echo "NotReadyYet"
[slave-kedifa-information] [slave-kedifa-information]
recipe = slapos.cookbook:publish.serialised recipe = slapos.cookbook:publish.serialised
......
...@@ -34,7 +34,7 @@ replicate = dynamic-profile-caddy-replicate:output ...@@ -34,7 +34,7 @@ replicate = dynamic-profile-caddy-replicate:output
kedifa = dynamic-profile-kedifa:output kedifa = dynamic-profile-kedifa:output
[software-parameter-section] [software-parameter-section]
{% for key,value in software_parameter_dict.iteritems() %} {% for key,value in software_parameter_dict.items() %}
{{ key }} = {{ dumps(value) }} {{ key }} = {{ dumps(value) }}
{% endfor -%} {% endfor -%}
...@@ -54,6 +54,7 @@ filename = instance-caddy-replicate.cfg ...@@ -54,6 +54,7 @@ filename = instance-caddy-replicate.cfg
extra-context = extra-context =
import subprocess_module subprocess import subprocess_module subprocess
import functools_module functools import functools_module functools
import operator_module operator
import validators validators import validators validators
import caddyprofiledummy caddyprofiledummy import caddyprofiledummy caddyprofiledummy
# Must match the key id in [switch-softwaretype] which uses this section. # Must match the key id in [switch-softwaretype] which uses this section.
......
...@@ -22,6 +22,9 @@ parts += ...@@ -22,6 +22,9 @@ parts +=
caddyprofiledeps caddyprofiledeps
kedifa kedifa
[python]
part = python3
[kedifa] [kedifa]
recipe = zc.recipe.egg recipe = zc.recipe.egg
eggs = eggs =
...@@ -57,7 +60,6 @@ recipe = zc.recipe.egg ...@@ -57,7 +60,6 @@ recipe = zc.recipe.egg
eggs = eggs =
caddyprofiledeps caddyprofiledeps
websockify websockify
collective.recipe.shelloutput
[profile-common] [profile-common]
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
......
...@@ -52,13 +52,13 @@ context = ...@@ -52,13 +52,13 @@ context =
{#- * setup defaults to simplify other profiles #} {#- * setup defaults to simplify other profiles #}
{#- * stabilise values for backend #} {#- * stabilise values for backend #}
{%- for key, prefix in [('url', 'http_backend'), ('https-url', 'https_backend')] %} {%- for key, prefix in [('url', 'http_backend'), ('https-url', 'https_backend')] %}
{%- set parsed = urlparse_module.urlparse(slave_instance.get(key, '').strip()) %} {%- set parsed = urllib_module.parse.urlparse(slave_instance.get(key, '').strip()) %}
{%- set info_dict = {'scheme': parsed.scheme, 'hostname': parsed.hostname, 'port': parsed.port or DEFAULT_PORT[parsed.scheme], 'path': parsed.path, 'fragment': parsed.fragment, 'query': parsed.query, 'netloc-list': slave_instance.get(key + '-netloc-list', '').split() } %} {%- set info_dict = {'scheme': parsed.scheme, 'hostname': parsed.hostname, 'port': parsed.port or DEFAULT_PORT[parsed.scheme], 'path': parsed.path, 'fragment': parsed.fragment, 'query': parsed.query, 'netloc-list': slave_instance.get(key + '-netloc-list', '').split() } %}
{%- do slave_instance.__setitem__(prefix, info_dict) %} {%- do slave_instance.__setitem__(prefix, info_dict) %}
{%- endfor %} {%- endfor %}
{%- do slave_instance.__setitem__('ssl_proxy_verify', ('' ~ slave_instance.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES) %} {%- do slave_instance.__setitem__('ssl_proxy_verify', ('' ~ slave_instance.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES) %}
{%- for key, prefix in [('health-check-failover-url', 'http_backend'), ('health-check-failover-https-url', 'https_backend')] %} {%- for key, prefix in [('health-check-failover-url', 'http_backend'), ('health-check-failover-https-url', 'https_backend')] %}
{%- set parsed = urlparse_module.urlparse(slave_instance.get(key, '').strip()) %} {%- set parsed = urllib_module.parse.urlparse(slave_instance.get(key, '').strip()) %}
{%- set info_dict = slave_instance[prefix] %} {%- set info_dict = slave_instance[prefix] %}
{%- do info_dict.__setitem__('health-check-failover-scheme', parsed.scheme) %} {%- do info_dict.__setitem__('health-check-failover-scheme', parsed.scheme) %}
{%- do info_dict.__setitem__('health-check-failover-hostname', parsed.hostname) %} {%- do info_dict.__setitem__('health-check-failover-hostname', parsed.hostname) %}
...@@ -189,7 +189,7 @@ context = ...@@ -189,7 +189,7 @@ context =
{%- do furled.set(password = '${'+ slave_password_section +':passwd}') %} {%- do furled.set(password = '${'+ slave_password_section +':passwd}') %}
{%- do furled.set(path = slave_reference + '/') %} {%- do furled.set(path = slave_reference + '/') %}
{#- We unquote, as furl quotes automatically, but there is buildout value on purpose like ${...:...} in the passwod #} {#- We unquote, as furl quotes automatically, but there is buildout value on purpose like ${...:...} in the passwod #}
{%- set slave_log_access_url = urlparse_module.unquote(furled.tostr()) %} {%- set slave_log_access_url = urllib_module.parse.unquote(furled.tostr()) %}
{%- do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %} {%- do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %}
{%- do slave_publish_dict.__setitem__('slave-reference', slave_reference) %} {%- do slave_publish_dict.__setitem__('slave-reference', slave_reference) %}
{%- do slave_publish_dict.__setitem__('backend-client-caucase-url', backend_client_caucase_url) %} {%- do slave_publish_dict.__setitem__('backend-client-caucase-url', backend_client_caucase_url) %}
...@@ -212,7 +212,7 @@ context = ...@@ -212,7 +212,7 @@ context =
{%- for websocket_path in slave_instance.get('websocket-path-list', '').split() %} {%- for websocket_path in slave_instance.get('websocket-path-list', '').split() %}
{%- set websocket_path = websocket_path.strip('/') %} {%- set websocket_path = websocket_path.strip('/') %}
{#- Unquote the path, so %20 and similar can be represented correctly #} {#- Unquote the path, so %20 and similar can be represented correctly #}
{%- set websocket_path = urllib_module.unquote(websocket_path.strip()) %} {%- set websocket_path = urllib_module.parse.unquote(websocket_path.strip()) %}
{%- if websocket_path %} {%- if websocket_path %}
{%- do websocket_path_list.append(websocket_path) %} {%- do websocket_path_list.append(websocket_path) %}
{%- endif %} {%- endif %}
...@@ -332,7 +332,7 @@ http_port = {{ dumps('' ~ configuration['plain_http_port']) }} ...@@ -332,7 +332,7 @@ http_port = {{ dumps('' ~ configuration['plain_http_port']) }}
local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }} local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
version-hash = {{ version_hash }} version-hash = {{ version_hash }}
node-id = {{ node_id }} node-id = {{ node_id }}
{%- for key, value in slave_instance.iteritems() %} {%- for key, value in slave_instance.items() %}
{%- if value is not none %} {%- if value is not none %}
{{ key }} = {{ dumps(value) }} {{ key }} = {{ dumps(value) }}
{%- endif %} {%- endif %}
...@@ -383,7 +383,7 @@ config-frequency = 720 ...@@ -383,7 +383,7 @@ config-frequency = 720
{%- do part_list.append(publish_section_title) %} {%- do part_list.append(publish_section_title) %}
[{{ publish_section_title }}] [{{ publish_section_title }}]
recipe = slapos.cookbook:publish recipe = slapos.cookbook:publish
{%- for key, value in slave_publish_dict.iteritems() %} {%- for key, value in slave_publish_dict.items() %}
{{ key }} = {{ value }} {{ key }} = {{ value }}
{%- endfor %} {%- endfor %}
{%- else %} {%- else %}
...@@ -463,7 +463,7 @@ csr-certificate = ${expose-csr-certificate-get:certificate} ...@@ -463,7 +463,7 @@ csr-certificate = ${expose-csr-certificate-get:certificate}
{%- do furled.set(password = backend_haproxy_configuration['statistic-password']) %} {%- do furled.set(password = backend_haproxy_configuration['statistic-password']) %}
{%- do furled.set(path = '/') %} {%- do furled.set(path = '/') %}
{#- We unquote, as furl quotes automatically, but there is buildout value on purpose like ${...:...} in the passwod #} {#- We unquote, as furl quotes automatically, but there is buildout value on purpose like ${...:...} in the passwod #}
{%- set statistic_url = urlparse_module.unquote(furled.tostr()) %} {%- set statistic_url = urllib_module.parse.unquote(furled.tostr()) %}
backend-haproxy-statistic-url = {{ statistic_url }} backend-haproxy-statistic-url = {{ statistic_url }}
{#- sort_keys are important in order to avoid shuffling parameters on each run #} {#- sort_keys are important in order to avoid shuffling parameters on each run #}
node-information-json = {{ json_module.dumps(node_information, sort_keys=True) }} node-information-json = {{ json_module.dumps(node_information, sort_keys=True) }}
...@@ -503,7 +503,7 @@ output = ${:file} ...@@ -503,7 +503,7 @@ output = ${:file}
< = jinja2-template-base < = jinja2-template-base
url = {{ template_backend_haproxy_configuration }} url = {{ template_backend_haproxy_configuration }}
output = ${backend-haproxy-config:file} output = ${backend-haproxy-config:file}
backend_slave_list = {{ dumps(sorted(backend_slave_list)) }} backend_slave_list = {{ dumps(sorted(backend_slave_list, key=operator_module.itemgetter('slave_reference'))) }}
extra-context = extra-context =
key backend_slave_list :backend_slave_list key backend_slave_list :backend_slave_list
section configuration backend-haproxy-config section configuration backend-haproxy-config
...@@ -611,9 +611,14 @@ wrapper-path = {{ directory['service'] }}/expose-csr ...@@ -611,9 +611,14 @@ wrapper-path = {{ directory['service'] }}/expose-csr
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
[expose-csr-certificate-get] [expose-csr-certificate-get]
recipe = collective.recipe.shelloutput recipe = slapos.recipe.build
commands = certificate-file = ${expose-csr-certificate:certificate}
certificate = cat ${expose-csr-certificate:certificate} init =
import os
options['certificate'] = ''
if os.path.exists(options['certificate-file']):
with open(options['certificate-file'], 'r') as fh:
options['certificate'] = fh.read()
[promise-logrotate-setup] [promise-logrotate-setup]
<= monitor-promise-base <= monitor-promise-base
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
{% set slave_information_dict = {} %} {% set slave_information_dict = {} %}
# regroup slave information from all frontends # regroup slave information from all frontends
{% for frontend, slave_list_raw in slave_information.iteritems() %} {% for frontend, slave_list_raw in slave_information.items() %}
{% if slave_list_raw %} {% if slave_list_raw %}
{% set slave_list = json_module.loads(slave_list_raw) %} {% set slave_list = json_module.loads(slave_list_raw) %}
{% else %} {% else %}
...@@ -27,21 +27,21 @@ ...@@ -27,21 +27,21 @@
{% endfor %} {% endfor %}
{% endfor %} {% endfor %}
{% for slave_reference, rejected_info_list in rejected_slave_information['rejected-slave-dict'].iteritems() %} {% for slave_reference, rejected_info_list in rejected_slave_information['rejected-slave-dict'].items() %}
{% if slave_reference not in slave_information_dict %} {% if slave_reference not in slave_information_dict %}
{% do slave_information_dict.__setitem__(slave_reference, {}) %} {% do slave_information_dict.__setitem__(slave_reference, {}) %}
{% endif %} {% endif %}
{% do slave_information_dict[slave_reference].__setitem__('request-error-list', json_module.dumps(rejected_info_list)) %} {% do slave_information_dict[slave_reference].__setitem__('request-error-list', json_module.dumps(rejected_info_list)) %}
{% endfor %} {% endfor %}
{% for slave_reference, warning_info_list in warning_slave_information['warning-slave-dict'].iteritems() %} {% for slave_reference, warning_info_list in warning_slave_information['warning-slave-dict'].items() %}
{% if slave_reference not in slave_information_dict %} {% if slave_reference not in slave_information_dict %}
{% do slave_information_dict.__setitem__(slave_reference, {}) %} {% do slave_information_dict.__setitem__(slave_reference, {}) %}
{% endif %} {% endif %}
{% do slave_information_dict[slave_reference].__setitem__('warning-list', json_module.dumps(warning_info_list)) %} {% do slave_information_dict[slave_reference].__setitem__('warning-list', json_module.dumps(warning_info_list)) %}
{% endfor %} {% endfor %}
{% for slave_reference, kedifa_dict in json_module.loads(slave_kedifa_information).iteritems() %} {% for slave_reference, kedifa_dict in json_module.loads(slave_kedifa_information).items() %}
{% if slave_reference not in rejected_slave_information['rejected-slave-dict'] %} {% if slave_reference not in rejected_slave_information['rejected-slave-dict'] %}
{% if slave_reference not in slave_information_dict %} {% if slave_reference not in slave_information_dict %}
{% do slave_information_dict.__setitem__(slave_reference, {}) %} {% do slave_information_dict.__setitem__(slave_reference, {}) %}
...@@ -54,7 +54,7 @@ ...@@ -54,7 +54,7 @@
# Publish information for each slave # Publish information for each slave
{% set active_slave_instance_list = json_module.loads(active_slave_instance_dict['active-slave-instance-list']) %} {% set active_slave_instance_list = json_module.loads(active_slave_instance_dict['active-slave-instance-list']) %}
{% for slave_reference, slave_information in slave_information_dict.iteritems() %} {% for slave_reference, slave_information in slave_information_dict.items() %}
{# Filter out destroyed, so not existing anymore, slaves #} {# Filter out destroyed, so not existing anymore, slaves #}
{# Note: This functionality is not yet covered by tests, please modify with care #} {# Note: This functionality is not yet covered by tests, please modify with care #}
{% if slave_reference in active_slave_instance_list %} {% if slave_reference in active_slave_instance_list %}
...@@ -68,11 +68,11 @@ recipe = slapos.cookbook:publish ...@@ -68,11 +68,11 @@ recipe = slapos.cookbook:publish
{# sort_keys are important in order to avoid shuffling parameters on each run #} {# sort_keys are important in order to avoid shuffling parameters on each run #}
log-access-url = {{ dumps(json_module.dumps(log_access_url, sort_keys=True)) }} log-access-url = {{ dumps(json_module.dumps(log_access_url, sort_keys=True)) }}
{% endif %} {% endif %}
{% for key, value in slave_information.iteritems() %} {% for key, value in slave_information.items() %}
{{ key }} = {{ dumps(value) }} {{ key }} = {{ dumps(value) }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% for frontend_key, frontend_value in frontend_information.iteritems() %} {% for frontend_key, frontend_value in frontend_information.items() %}
{{ frontend_key }} = {{ frontend_value }} {{ frontend_key }} = {{ frontend_value }}
{% endfor %} {% endfor %}
{% endfor %} {% endfor %}
......
...@@ -23,7 +23,7 @@ http { ...@@ -23,7 +23,7 @@ http {
fastcgi_temp_path {{ parameter_dict['var'] }} 1 2; fastcgi_temp_path {{ parameter_dict['var'] }} 1 2;
uwsgi_temp_path {{ parameter_dict['var'] }} 1 2; uwsgi_temp_path {{ parameter_dict['var'] }} 1 2;
scgi_temp_path {{ parameter_dict['var'] }} 1 2; scgi_temp_path {{ parameter_dict['var'] }} 1 2;
{% for slave, directory in slave_log_directory.iteritems() %} {% for slave, directory in slave_log_directory.items() %}
location /{{ slave }} { location /{{ slave }} {
alias {{ directory }}; alias {{ directory }};
autoindex on; autoindex on;
......
This diff is collapsed.
...@@ -13,6 +13,7 @@ extra-eggs += ...@@ -13,6 +13,7 @@ extra-eggs +=
[template] [template]
extra = extra =
# The following list is for SR whose buildout runs only with Python 3. # The following list is for SR whose buildout runs only with Python 3.
caddy-frontend ${slapos.test.caddy-frontend-setup:setup}
erp5testnode ${slapos.test.erp5testnode-setup:setup} erp5testnode ${slapos.test.erp5testnode-setup:setup}
galene ${slapos.test.galene-setup:setup} galene ${slapos.test.galene-setup:setup}
headless-chromium ${slapos.test.headless-chromium-setup:setup} headless-chromium ${slapos.test.headless-chromium-setup:setup}
......
...@@ -359,7 +359,6 @@ extra = ...@@ -359,7 +359,6 @@ extra =
# You should not add more lines here. # You should not add more lines here.
backupserver ${slapos.test.backupserver-setup:setup} backupserver ${slapos.test.backupserver-setup:setup}
beremiz-ide ${slapos.test.beremiz-ide-setup:setup} beremiz-ide ${slapos.test.beremiz-ide-setup:setup}
caddy-frontend ${slapos.test.caddy-frontend-setup:setup}
caucase ${slapos.test.caucase-setup:setup} caucase ${slapos.test.caucase-setup:setup}
cloudooo ${slapos.test.cloudooo-setup:setup} cloudooo ${slapos.test.cloudooo-setup:setup}
dream ${slapos.test.dream-setup:setup} dream ${slapos.test.dream-setup:setup}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment