Commit 615f4977 authored by Łukasz Nowak's avatar Łukasz Nowak Committed by Łukasz Nowak

caddy-frontend: Use cookbook:wrapper for caddy wrapper

parent 9d866327
......@@ -26,7 +26,6 @@ Generally things to be done with ``caddy-frontend``:
* ``apache-ca-certificate``
* ``apache-certificate`` and ``apache-key``
* drop jinja2 template for ``caddy-wrapper``
* use `slapos!326 <https://lab.nexedi.com/nexedi/slapos/merge_requests/326>`_, and especially `note about complex restart scenarios <https://lab.nexedi.com/nexedi/slapos/merge_requests/326#note_60198>`_, instead of self-developed graceful restart scripts
* move out ``test/utils.py`` and use it from shared python distribution
* provide various tricks for older browsers::
......
......@@ -22,7 +22,7 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b
[template-apache-frontend]
filename = instance-apache-frontend.cfg.in
md5sum = da1f58f77e81e11264e5e2131794dc19
md5sum = 5221f4e8dc39a8f97c6a107549c4a682
[template-apache-replicate]
filename = instance-apache-replicate.cfg.in
......@@ -76,10 +76,6 @@ md5sum = c2314c3a9c3412a38d14b312d3df83c1
filename = templates/wrapper.in
md5sum = 8cde04bfd0c0e9bd56744b988275cfd8
[template-caddy-wrapper]
filename = templates/caddy-wrapper.in
md5sum = c5816275757124613920078b6bec1caf
[template-trafficserver-records-config]
filename = templates/trafficserver/records.config.jinja2
md5sum = 84baef0a49c9a65e8f2d2ffdb8c1d39c
......
......@@ -64,7 +64,6 @@ template_cached_slave_virtualhost = ${template-cached-slave-virtualhost:target}
template_caddy_frontend_configuration = ${template-caddy-frontend-configuration:target}
template_caddy_graceful_script = ${template-caddy-graceful-script:target}
template_caddy_lazy_script_call = ${template-caddy-lazy-script-call:target}
template_caddy_wrapper = ${template-caddy-wrapper:output}
template_default_slave_virtualhost = ${template-default-slave-virtualhost:target}
template_empty = ${template-empty:target}
template_log_access = ${template-log-access:target}
......@@ -159,12 +158,6 @@ filename = template-log-access.conf.in
<=download-template
filename = empty.in
[template-caddy-wrapper]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/templates/caddy-wrapper.in
output = ${buildout:directory}/template-caddy-wrapper.cfg
mode = 0644
[template-wrapper]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/templates/wrapper.in
......
......@@ -216,19 +216,19 @@ extra-context =
key password monitor-htpasswd:passwd
[caddy-wrapper]
< = jinja2-template-base
template = {{ parameter_dict['template_caddy_wrapper'] }}
rendered = ${directory:bin}/caddy-wrapper
mode = 0700
extra-context =
raw caddy {{ parameter_dict['caddy'] }}
key conf dynamic-caddy-frontend-template:rendered
key log caddy-configuration:error-log
key grace configuration:mpm-graceful-shutdown-timeout
recipe = slapos.cookbook:wrapper
command-line = {{ parameter_dict['caddy'] }}
-conf ${dynamic-caddy-frontend-template:rendered}
-log ${caddy-configuration:error-log}
-http2=true
-grace {{ instance_parameter['configuration.mpm-graceful-shutdown-timeout'] }}s
-disable-http-challenge
-disable-tls-sni-challenge
wrapper-path = ${directory:bin}/caddy-wrapper
[caddy-frontend]
recipe = slapos.cookbook:wrapper
command-line = ${caddy-wrapper:rendered} -pidfile ${caddy-configuration:pid-file}
command-line = ${caddy-wrapper:wrapper-path} -pidfile ${caddy-configuration:pid-file}
wrapper-path = ${directory:service}/frontend_caddy
wait-for-files =
${ca-frontend:cert-file}
......@@ -256,7 +256,7 @@ frontend-configuration = ${directory:etc}/Caddyfile
access-log = ${directory:log}/frontend-access.log
error-log = ${directory:log}/frontend-error.log
pid-file = ${directory:run}/httpd.pid
frontend-configuration-verification = ${caddy-wrapper:rendered} -validate > /dev/null
frontend-configuration-verification = ${caddy-wrapper:wrapper-path} -validate > /dev/null
frontend-graceful-command = ${:frontend-configuration-verification}; if [ $? -eq 0 ]; then kill -USR1 $(cat ${:pid-file}); fi
not-found-file = ${caddy-directory:document-root}/notfound.html
# Communication with ATS
......@@ -266,7 +266,7 @@ ssl-cache-through-port = 26012
[configtest]
recipe = slapos.cookbook:wrapper
command-line = ${caddy-wrapper:rendered} -validate
command-line = ${caddy-wrapper:wrapper-path} -validate
wrapper-path = ${directory:bin}/caddy-configtest
[certificate-authority]
......@@ -616,19 +616,19 @@ curl_path = {{ parameter_dict['curl'] }}/bin/curl
# Nginx
#
[nginx-wrapper]
< = jinja2-template-base
template = {{ parameter_dict['template_caddy_wrapper'] }}
rendered = ${directory:bin}/nginx-wrapper
mode = 0700
extra-context =
raw caddy {{ parameter_dict['caddy'] }}
key conf dynamic-nginx-frontend-template:rendered
key log nginx-configuration:error_log
key grace configuration:mpm-graceful-shutdown-timeout
recipe = slapos.cookbook:wrapper
command-line = {{ parameter_dict['caddy'] }}
-conf ${dynamic-nginx-frontend-template:rendered}
-log ${nginx-configuration:error_log}
-http2=true
-grace {{ instance_parameter['configuration.mpm-graceful-shutdown-timeout'] }}s
-disable-http-challenge
-disable-tls-sni-challenge
wrapper-path = ${directory:bin}/nginx-wrapper
[nginx-frontend]
recipe = slapos.cookbook:wrapper
command-line = ${nginx-wrapper:rendered} -pidfile ${nginx-configuration:pid-file}
command-line = ${nginx-wrapper:wrapper-path} -pidfile ${nginx-configuration:pid-file}
wrapper-path = ${directory:service}/frontend_nginx
[dynamic-nginx-frontend-template]
......@@ -659,7 +659,7 @@ worker_connections = 1024
slave-configuration-directory = ${caddy-directory:nginx-slave-configuration}
pid-file = ${directory:run}/nginx.pid
nginx-graceful-command = ${:nginx-configuration-verification}; if [ $? -eq 0 ]; then kill -HUP $(cat ${:pid-file}); fi
nginx-configuration-verification = ${nginx-wrapper:rendered} -validate
nginx-configuration-verification = ${nginx-wrapper:wrapper-path} -validate
ssl_certificate = ${ca-frontend:cert-file}
ssl_key = ${ca-frontend:key-file}
......
#!${dash-output:dash}
exec {{ caddy }} \
-conf {{ conf }} \
-log {{ log }} \
-http2=true \
-grace {{ grace }}s \
-disable-http-challenge \
-disable-tls-sni-challenge \
"$@"
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment