Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
slapos
Commits
d98f21c4
Commit
d98f21c4
authored
Oct 09, 2020
by
Łukasz Nowak
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
caddy-frontend: Simplify parameters passed to apache-custom-slave-list
parent
edcf83eb
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
56 additions
and
63 deletions
+56
-63
software/caddy-frontend/buildout.hash.cfg
software/caddy-frontend/buildout.hash.cfg
+2
-2
software/caddy-frontend/instance-apache-frontend.cfg.in
software/caddy-frontend/instance-apache-frontend.cfg.in
+16
-24
software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
.../caddy-frontend/templates/apache-custom-slave-list.cfg.in
+38
-37
No files found.
software/caddy-frontend/buildout.hash.cfg
View file @
d98f21c4
...
...
@@ -22,7 +22,7 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-caddy-frontend]
filename = instance-apache-frontend.cfg.in
md5sum =
3f0b109d039ca79d6a50ae32028c727c
md5sum =
584095eaee849764d55983beeb35c0e7
[profile-caddy-replicate]
filename = instance-apache-replicate.cfg.in
...
...
@@ -30,7 +30,7 @@ md5sum = 74beef8d78df18e7fe9d5a6a3a9bf43c
[profile-slave-list]
_update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
md5sum =
30d87315036c7e538c81139cb7cc4620
md5sum =
23b6d77683b369707407cc78660864d5
[profile-replicate-publish-slave-information]
_update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
...
...
software/caddy-frontend/instance-apache-frontend.cfg.in
View file @
d98f21c4
...
...
@@ -282,11 +282,7 @@ stop-on-error = True
depends = ${caddyprofiledeps:recipe}
template = {{ parameter_dict['profile_slave_list'] }}
filename = custom-personal-instance-slave-list.cfg
slave_instance_list = {{ dumps(instance_parameter['slave-instance-list']) }}
extra_slave_instance_list = {{ dumps(instance_parameter.get('configuration.extra_slave_instance_list')) }}
master_key_download_url = {{ dumps(slapparameter_dict['master-key-download-url']) }}
local_ipv4 = {{ dumps(instance_parameter['ipv4-random']) }}
local_ipv6 = {{ dumps(instance_parameter['ipv6-random']) }}
software_type = single-custom-personal
bin_directory = {{ parameter_dict['bin_directory'] }}
caddy_executable = {{ parameter_dict['caddy'] }}
...
...
@@ -300,46 +296,32 @@ extra-context =
import urlparse_module urlparse
import furl_module furl
key caddy_executable :caddy_executable
key http_port configuration:plain_http_port
key https_port configuration:port
key public_ipv4 configuration:public-ipv4
key slave_instance_list :slave_instance_list
key extra_slave_instance_list :extra_slave_instance_list
key master_key_download_url :master_key_download_url
key autocert caddy-directory:autocert
key master_certificate caddy-configuration:master-certificate
key caddy_log_directory caddy-directory:slave-log
key expose_csr_id_organization :organization
key expose_csr_id_organizational_unit :organizational-unit
key local_ipv4 :local_ipv4
key local_ipv6 :local_ipv6
key global_ipv6 slap-network-information:global-ipv6
key empty_template software-release-path:template-empty
key template_default_slave_configuration software-release-path:template-default-slave-virtualhost
key software_type :software_type
key frontend_lazy_graceful_reload frontend-caddy-lazy-graceful:rendered
key frontend_graceful_reload caddy-configuration:frontend-graceful-command
section frontend_configuration frontend-configuration
section caddy_configuration caddy-configuration
key monitor_base_url monitor-instance-parameter:monitor-base-url
key bin_directory :bin_directory
key enable_http2_by_default configuration:enable-http2-by-default
key global_disable_http2 configuration:global-disable-http2
key ciphers configuration:ciphers
key access_log caddy-configuration:access-log
key error_log caddy-configuration:error-log
key sixtunnel_executable :sixtunnel_executable
key not_found_file caddy-configuration:not-found-file
key custom_ssl_directory caddy-directory:custom-ssl-directory
section kedifa_configuration kedifa-configuration
# BBB: SlapOS Master non-zero knowledge BEGIN
key apache_certificate apache-certificate:rendered
# BBB: SlapOS Master non-zero knowledge END
## backend haproxy
key template_backend_haproxy_configuration software-release-path:template-backend-haproxy-configuration
section backend_haproxy_configuration backend-haproxy-configuration
## full configuration
## Configuration passed by section
section configuration configuration
section backend_haproxy_configuration backend-haproxy-configuration
section instance_parameter instance-parameter
section frontend_configuration frontend-configuration
section caddy_configuration caddy-configuration
section kedifa_configuration kedifa-configuration
# Deploy Caddy Frontend with Jinja power
[dynamic-caddy-frontend-template]
...
...
@@ -1035,5 +1017,15 @@ config-command =
{%- if key.startswith('configuration.') %}
{{ key.replace('configuration.', '') }} = {{ dumps(value) }}
{%- endif -%}
{%- endfor %}
[instance-parameter]
{#- There are dangerous keys like recipe, etc #}
{#- XXX: Some other approach would be useful #}
{%- set DROP_KEY_LIST = ['recipe', '__buildout_signature__', 'computer', 'partition', 'url', 'key', 'cert'] %}
{%- for key, value in instance_parameter.iteritems() -%}
{%- if not key.startswith('configuration.') and key not in DROP_KEY_LIST %}
{{ key }} = {{ dumps(value) }}
{%- endif -%}
{%- endfor -%}
{%- endif -%} {# if instance_parameter['slap-software-type'] == software_type #}
software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
View file @
d98f21c4
...
...
@@ -4,21 +4,22 @@
{%- set backend_slave_list = [] %}
{%- set part_list = [] %}
{%- set cache_port = caddy_configuration.get('cache-port') %}
{%- set cache_access = "http://%s:%s" % (
local_ipv4
, cache_port) %}
{%- set ssl_cache_access = "http://%s:%s/HTTPS" % (
local_ipv4
, cache_port) %}
{%- set backend_haproxy_http_url = 'http://%s:%s' % (
local_ipv4
, backend_haproxy_configuration['http-port']) %}
{%- set backend_haproxy_https_url = 'http://%s:%s' % (
local_ipv4
, backend_haproxy_configuration['https-port']) %}
{%- set cache_access = "http://%s:%s" % (
instance_parameter['ipv4-random']
, cache_port) %}
{%- set ssl_cache_access = "http://%s:%s/HTTPS" % (
instance_parameter['ipv4-random']
, cache_port) %}
{%- set backend_haproxy_http_url = 'http://%s:%s' % (
instance_parameter['ipv4-random']
, backend_haproxy_configuration['http-port']) %}
{%- set backend_haproxy_https_url = 'http://%s:%s' % (
instance_parameter['ipv4-random']
, backend_haproxy_configuration['https-port']) %}
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
{%- set generic_instance_parameter_dict = { 'cache_access': cache_access, 'local_ipv4':
local_ipv4, 'http_port': http_port, 'https_port': https_port
} %}
{%- set generic_instance_parameter_dict = { 'cache_access': cache_access, 'local_ipv4':
instance_parameter['ipv4-random'], 'http_port': configuration['plain_http_port'], 'https_port': configuration['port']
} %}
{%- set slave_log_dict = {} %}
{%- if extra_slave_instance_list %}
{%- set slave_instance_information_list = [] %}
{%- set slave_instance_list = slave_instance_list + json_module.loads(extra_slave_instance_list) %}
{%- set slave_instance_information_list = [] %}
{%- set slave_instance_list = instance_parameter['slave-instance-list'] %}
{%- if configuration['extra_slave_instance_list'] %}
{%- do slave_instance_list.extend(json_module.loads(configuration['extra_slave_instance_list'])) %}
{%- endif %}
{%- if master_key_download_url %}
{%- do kedifa_updater_mapping.append((master_key_download_url,
master_certificate
, apache_certificate)) %}
{%- do kedifa_updater_mapping.append((master_key_download_url,
caddy_configuration['master-certificate']
, apache_certificate)) %}
{%- else %}
{%- do kedifa_updater_mapping.append(('notreadyyet',
master_certificate
, apache_certificate)) %}
{%- do kedifa_updater_mapping.append(('notreadyyet',
caddy_configuration['master-certificate']
, apache_certificate)) %}
{%- endif %}
{%- if kedifa_configuration['slave_kedifa_information'] %}
{%- set slave_kedifa_information = json_module.loads(kedifa_configuration['slave_kedifa_information']) %}
...
...
@@ -53,7 +54,7 @@ context =
{%- if slave_ciphers %}
{%- set slave_cipher_list = ' '.join(slave_ciphers) %}
{%- else %}
{%- set slave_cipher_list = c
iphers
.strip() %}
{%- set slave_cipher_list = c
onfiguration['ciphers']
.strip() %}
{%- endif %}
{%- do slave_instance.__setitem__('cipher_list', slave_cipher_list) %}
{#- Manage common instance parameters #}
...
...
@@ -102,8 +103,8 @@ context =
{%- do part_list.extend([slave_logrotate_section, slave_section_title]) %}
{%- set slave_log_folder = '${logrotate-directory:logrotate-backup}/' + slave_reference + "-logs" %}
{#- Pass HTTP2 switch #}
{%- do slave_instance.__setitem__('enable_http2_by_default',
enable_http2_by_default
) %}
{%- do slave_instance.__setitem__('global_disable_http2',
global_disable_http2
) %}
{%- do slave_instance.__setitem__('enable_http2_by_default',
configuration['enable-http2-by-default']
) %}
{%- do slave_instance.__setitem__('global_disable_http2',
configuration['global-disable-http2']
) %}
{#- Pass backend timeout values #}
{%- for key in ['backend-connect-timeout', 'backend-connect-retries', 'request-timeout', 'authenticate-to-backend'] %}
{%- if slave_instance.get(key, '') == '' %}
...
...
@@ -128,7 +129,7 @@ context =
{%- set slave_log_access_url = urlparse_module.unquote(furled.tostr()) %}
{%- do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %}
{%- do slave_publish_dict.__setitem__('slave-reference', slave_reference) %}
{%- do slave_publish_dict.__setitem__('public-ipv4',
public_ipv4
) %}
{%- do slave_publish_dict.__setitem__('public-ipv4',
configuration['public-ipv4']
) %}
{%- do slave_publish_dict.__setitem__('backend-client-caucase-url', backend_client_caucase_url) %}
{#- Set slave domain if none was defined #}
{%- if slave_instance.get('custom_domain', None) == None %}
...
...
@@ -224,7 +225,7 @@ cert-content = {{ dumps(slave_instance.get('ssl_crt') + '\n' + slave_instance.ge
extra-context =
key content :cert-content
{%- else %}
{%- do kedifa_updater_mapping.append((key_download_url, certificate,
master_certificate
)) %}
{%- do kedifa_updater_mapping.append((key_download_url, certificate,
caddy_configuration['master-certificate']
)) %}
{%- endif %}
{#- BBB: SlapOS Master non-zero knowledge END #}
...
...
@@ -233,9 +234,9 @@ extra-context =
[{{ slave_configuration_section_name }}]
certificate = {{ certificate }}
https_port = {{ dumps('' ~
https_port
) }}
http_port = {{ dumps('' ~
http_port
) }}
local_ipv4 = {{ dumps('' ~
local_ipv4
) }}
https_port = {{ dumps('' ~
configuration['port']
) }}
http_port = {{ dumps('' ~
configuration['plain_http_port']
) }}
local_ipv4 = {{ dumps('' ~
instance_parameter['ipv4-random']
) }}
{%- for key, value in slave_instance.iteritems() %}
{%- if value is not none %}
{{ key }} = {{ dumps('' ~ value) }}
...
...
@@ -283,7 +284,7 @@ config-frequency = 720
{#- ############################### #}
{#- Publish Slave Information #}
{%- if not
extra_slave_instance_list
%}
{%- if not
configuration['extra_slave_instance_list']
%}
{%- set publish_section_title = 'publish-%s-connection-information' % slave_instance.get('slave_reference') %}
{%- do part_list.append(publish_section_title) %}
[{{ publish_section_title }}]
...
...
@@ -320,27 +321,27 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
[tunnel-6to4-base-http_port]
<= tunnel-6to4-base
ipv4-port = {{
http_port
}}
ipv6-port = {{
http_port
}}
ipv4-port = {{
configuration['plain_http_port']
}}
ipv6-port = {{
configuration['plain_http_port']
}}
[tunnel-6to4-base-https_port]
<= tunnel-6to4-base
ipv4-port = {{
https_port
}}
ipv6-port = {{
https_port
}}
ipv4-port = {{
configuration['port']
}}
ipv6-port = {{
configuration['port']
}}
{#- Define log access #}
[caddy-log-access-parameters]
caddy_log_directory = {{ dumps(caddy_log_directory) }}
caddy_configuration_directory = {{ dumps(caddy_configuration_directory) }}
local_ipv4 = {{ dumps(
local_ipv4
) }}
local_ipv4 = {{ dumps(
instance_parameter['ipv4-random']
) }}
global_ipv6 = {{ dumps(global_ipv6) }}
https_port = {{ dumps(
https_port
) }}
http_port = {{ dumps(
http_port
) }}
https_port = {{ dumps(
configuration['port']
) }}
http_port = {{ dumps(
configuration['plain_http_port']
) }}
ip_access_certificate = {{ frontend_configuration.get('ip-access-certificate') }}
access_log = {{ dumps(
access_log
) }}
error_log = {{ dumps(
error_log
) }}
not_found_file = {{ dumps(
not_found_file
) }}
access_log = {{ dumps(
caddy_configuration['access-log']
) }}
error_log = {{ dumps(
caddy_configuration['error-log']
) }}
not_found_file = {{ dumps(
caddy_configuration['not-found-file']
) }}
[caddy-log-access]
< = jinja2-template-base
...
...
@@ -352,7 +353,7 @@ extra-context =
section parameter_dict caddy-log-access-parameters
[slave-introspection-parameters]
local-ipv4 = {{ dumps(
local_ipv4
) }}
local-ipv4 = {{ dumps(
instance_parameter['ipv4-random']
) }}
global-ipv6 = {{ dumps(global_ipv6) }}
https-port = {{ frontend_configuration['slave-introspection-https-port'] }}
ip-access-certificate = {{ frontend_configuration.get('ip-access-certificate') }}
...
...
@@ -384,9 +385,9 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
{#- Publish information for the instance #}
[publish-caddy-information]
recipe = slapos.cookbook:publish.serialised
public-ipv4 = {{
public_ipv4
}}
private-ipv4 = {{
local_ipv4
}}
{%- if
extra_slave_instance_list
%}
public-ipv4 = {{
configuration['public-ipv4']
}}
private-ipv4 = {{
instance_parameter['ipv4-random']
}}
{%- if
configuration['extra_slave_instance_list']
%}
{#- sort_keys are important in order to avoid shuffling parameters on each run #}
slave-instance-information-list = {{ json_module.dumps(slave_instance_information_list, sort_keys=True) }}
{%- endif %}
...
...
@@ -407,8 +408,8 @@ recipe = slapos.cookbook:wrapper
command-line = {{ kedifa_configuration['kedifa-updater'] }}
--server-ca-certificate {{ kedifa_configuration['ca-certificate'] }}
--identity {{ kedifa_configuration['certificate'] }}
--master-certificate {{
master_certificate
}}
--on-update "{{
frontend_graceful_reload
}}"
--master-certificate {{
caddy_configuration['master-certificate']
}}
--on-update "{{
caddy_configuration['frontend-graceful-command']
}}"
${kedifa-updater-mapping:file}
{{ kedifa_configuration['kedifa-updater-state-file'] }}
...
...
@@ -418,7 +419,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
[kedifa-updater-run]
recipe = plone.recipe.command
stop-on-error = True
command = {{ kedifa_configuration['kedifa-updater'] }} --prepare-only ${kedifa-updater-mapping:file} --on-update "{{
frontend_graceful_reload
}}"
command = {{ kedifa_configuration['kedifa-updater'] }} --prepare-only ${kedifa-updater-mapping:file} --on-update "{{
caddy_configuration['frontend-graceful-command']
}}"
update-command = ${:command}
[kedifa-updater-mapping]
...
...
@@ -452,7 +453,7 @@ extra-context =
{%- for key, value in backend_haproxy_configuration.items() %}
{{ key }} = {{ value }}
{%- endfor %}
local-ipv4 = {{ dumps('' ~
local_ipv4
) }}
local-ipv4 = {{ dumps('' ~
instance_parameter['ipv4-random']
) }}
global-ipv6 = ${slap-network-information:global-ipv6}
request-timeout = {{ dumps('' ~ configuration['request-timeout']) }}
backend-connect-timeout = {{ dumps('' ~ configuration['backend-connect-timeout']) }}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment