software/rapid-cdn: Clean up in cluster parameters

Change how defaults are handled in the cluster:

 * master instance handles all defaults for all nodes
   * it is the one place with all defaults
   * depending on parameter style default is global for the cluster or can be
     specified per node with -frontend-config-<i>-parameter
 * kedifa and frontend nodes need everything to be passed, in order to
   simplify the request
 * configuration. defaults are dropped, as their scope is too large - they are
   not only defaulting the value on the master, but on each requested node
   which leads to extreme complexity of parameter passing
 * use extra_slave_instance_list only, as instance-slave-list is reserved
   parameter provided by slapos.cookbook:slapconfiguration, sent by SlapOS
   Master as slave_instance_list, to the master partition; enforce
   transmissions of slave list in extra_slave_instance_list and consider
   it's always present
 * useless replication_number return value is dropped

software/rapid-cdn/buildout.hash.cfg

@@ -14,7 +14,7 @@
 # not need these here).
 [template]
 filename = instance.cfg.in
-md5sum = 0fa7eddb6d4574e1299b967765691e15
+md5sum = a7d4304064abb7bbac413aa4f90bd6b9
 
 [profile-common]
 filename = instance-common.cfg.in
@@ -22,23 +22,23 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
 
 [profile-frontend]
 filename = instance-frontend.cfg.in
-md5sum = e293575e125a1219ab640a9479dfd85f
+md5sum = 86969db87ec9bbbaf5ab62206c325521
 
 [profile-master]
 filename = instance-master.cfg.in
-md5sum = b225c7776cb4345f2b348b92d062bc1b
+md5sum = db613696269d853bd8eda3c7c9a86c00
 
 [profile-slave-list]
 filename = instance-slave-list.cfg.in
-md5sum = 546584898970e603ac20d576e22dec88
+md5sum = 2339dbbdb2f7768ca8950f1f2b61ed39
 
 [profile-master-publish-slave-information]
 filename = instance-master-publish-slave-information.cfg.in
-md5sum = cba4d995962f7fbeae3f61c9372c4181
+md5sum = 83e62c4970892aac98d26fc77602ea5e
 
 [template-frontend-haproxy-configuration]
 _update_hash_filename_ = templates/frontend-haproxy.cfg.in
-md5sum = 545a0ff2f2dfaeb4342232398d8c8ebe
+md5sum = c90e0d9a1bd776e34af984b90cc2ff6c
 
 [template-frontend-haproxy-crt-list]
 _update_hash_filename_ = templates/frontend-haproxy-crt-list.in
@@ -50,7 +50,7 @@ md5sum = d56e2cfab274cbbbe5b387f2f6e417df
 
 [template-backend-haproxy-configuration]
 _update_hash_filename_ = templates/backend-haproxy.cfg.in
-md5sum = 629f4cc34dd7512eb61f10eac4e62d7a
+md5sum = eb6c795b59daa81f12549d2f4c569838
 
 [template-empty]
 _update_hash_filename_ = templates/empty.in
@@ -62,11 +62,11 @@ md5sum = 975177dedf677d24e14cede5d13187ce
 
 [template-trafficserver-records-config]
 _update_hash_filename_ = templates/trafficserver/records.config.jinja2
-md5sum = 715baa302d562a7e4eddc3d1bf72f981
+md5sum = 4d980dbf70413c1758dda72c12c02246
 
 [template-trafficserver-storage-config]
 _update_hash_filename_ = templates/trafficserver/storage.config.jinja2
-md5sum = d022455a8610bac2dd51101edb035987
+md5sum = a45d35e4b847642fda8c2703dff92fcc
 
 [template-trafficserver-logging-yaml]
 _update_hash_filename_ = templates/trafficserver/logging.yaml.jinja2
@@ -102,7 +102,7 @@ md5sum = e82ccdb0b26552a1c88ff523d8fae24a
 
 [profile-kedifa]
 filename = instance-kedifa.cfg.in
-md5sum = b9f1210005bcfff01235255f43d0b088
+md5sum = ea0cdc8349ec957094bfa341ecbe2321
 
 [template-frontend-haproxy-rsyslogd-conf]
 _update_hash_filename_ = templates/frontend-haproxy-rsyslogd.conf.in
@@ -119,3 +119,11 @@ md5sum = b79addf01b6fb93c2f3d018e83eff766
 [template-expose-csr-nginx-conf]
 _update_hash_filename_ = templates/expose-csr-nginx.conf.in
 md5sum = 5620baa8819fcc8340fa6777ee551a1a
+
+[instance-slave-input-schema]
+filename = instance-slave-input-schema.json
+md5sum = f7262223975640d7200bdf9e99dd79e4
+
+[instance-input-schema]
+filename = instance-input-schema.json
+md5sum = 6b547e0ec8e207ce70a4d46388acafac

software/rapid-cdn/instance-frontend.cfg.in

 {% import "caucase" as caucase with context %}
-{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
-{%- set HTTP3_PORT = instance_parameter_dict.get('configuration.http3-port', '443') %}
-{%- if instance_parameter_dict.get('configuration.enable-http3', 'false').lower() in TRUE_VALUES %}
-{%-   set FRONTEND_HTTP3 = True %}
-{%- else %}
-{%-   set FRONTEND_HTTP3 = False %}
-{%- endif %}
+{%- set HTTP3_PORT = instance_parameter_dict['configuration']['http3-port'] %}
+{%- set FRONTEND_HTTP3 = instance_parameter_dict['configuration']['enable-http3'] %}
 {%- if FRONTEND_HTTP3 %}
 {%-   set FRONTEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_quic_executable'] %}
 {%- else %}
@@ -236,7 +231,7 @@ command =
      -new -newkey rsa:2048 -sha256 \
      -nodes -x509 -days 36500 \
      -keyout ${:certificate} \
-     -subj "/CN=Fallback certificate/OU={{ instance_parameter_dict['configuration.frontend-name'] }}" \
+     -subj "/CN=Fallback certificate/OU={{ instance_parameter_dict['configuration']['frontend-name'] }}" \
      -out ${:certificate}'
 
 [jinja2-template-base]
@@ -328,7 +323,7 @@ crl = ${:d}/crl.pem
 [backend-client-login-csr]
 recipe = plone.recipe.command
 organization = {{ instance_parameter_dict['configuration']['cluster-identification'] }}
-organizational_unit = {{ instance_parameter_dict['configuration.frontend-name'] }}
+organizational_unit = {{ instance_parameter_dict['configuration']['frontend-name'] }}
 command =
 {% if instance_parameter_dict['configuration']['backend-client-caucase-url'] %}
   if [ ! -f ${:template-csr} ] && [ ! -f ${:key} ]  ; then
@@ -366,15 +361,17 @@ filename = instance-slave-list.cfg
 master_key_download_url = {{ dumps(instance_parameter_dict['configuration']['master-key-download-url']) }}
 software_type = single-custom-personal
 organization = {{ instance_parameter_dict['configuration']['cluster-identification'] }}
-organizational-unit = {{ instance_parameter_dict['configuration.frontend-name'] }}
+organizational-unit = {{ instance_parameter_dict['configuration']['frontend-name'] }}
 backend-client-caucase-url = {{ instance_parameter_dict['configuration']['backend-client-caucase-url'] }}
 url-ready-file = ${directory:var}/url-ready.txt
-http3-enable = {{ FRONTEND_HTTP3 }}
+http3-enable = {{ dumps(FRONTEND_HTTP3) }}
+SLAVE_DEFAULTS = {{ dumps(SLAVE_DEFAULTS) }}
 extra-context =
     key backend_client_caucase_url :backend-client-caucase-url
     import furl_module furl
     import urllib_module urllib
     import operator_module operator
+    key SLAVE_DEFAULTS :SLAVE_DEFAULTS
     key master_key_download_url :master_key_download_url
     key url_ready_file :url-ready-file
     key expose_csr_organization :organization
@@ -484,8 +481,8 @@ slave-introspection-graceful-command = ${slave-introspection-validate:output} &&
 local_ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }}
 version-hash = ${version-hash:value}
 node-id = ${frontend-node-id:value}
-http3-enable = {{ FRONTEND_HTTP3 }}
-http3-port = {{ HTTP3_PORT }}
+http3-enable = {{ dumps(FRONTEND_HTTP3) }}
+http3-port = {{ dumps(HTTP3_PORT) }}
 
 # BBB: SlapOS Master non-zero knowledge BEGIN
 [get-self-signed-fallback-access]
@@ -817,7 +814,7 @@ statistic-certificate = ${self-signed-ip-access:certificate}
 statistic-port = ${configuration:backend-haproxy-statistic-port}
 statistic-username = ${monitor-instance-parameter:username}
 statistic-password = ${monitor-htpasswd:passwd}
-statistic-identification = {{ instance_parameter_dict['configuration.frontend-name'] + ' @ ' + instance_parameter_dict['configuration']['cluster-identification'] }}
+statistic-identification = {{ instance_parameter_dict['configuration']['frontend-name'] + ' @ ' + instance_parameter_dict['configuration']['cluster-identification'] }}
 statistic-frontend-secure_access = ${backend-haproxy-statistic-frontend:connection-secure_access}
 version-hash = ${version-hash:value}
 node-id = ${frontend-node-id:value}
@@ -959,8 +956,8 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
 # Note: Workaround for monitor stack, which uses monitor-httpd-port parameter
 #       directly, and in our case it can come from the network, thus resulting
 #       with need to strip !py!'u'
-monitor-httpd-port = {{ instance_parameter_dict['configuration.monitor-httpd-port'] | int }}
-password = {{ instance_parameter_dict['configuration.monitor-password'] | string }}
+monitor-httpd-port = {{ instance_parameter_dict['configuration']['monitor-httpd-port'] | int }}
+password = {{ instance_parameter_dict['configuration']['monitor-password'] | string }}
 
 [monitor-conf-parameters]
 private-path-list +=
@@ -1000,20 +997,20 @@ config-url = ${configuration:re6st-verification-url}
 [slave-introspection-frontend]
 <= slap-connection
 recipe = slapos.cookbook:requestoptional
-name = Slave Introspection Frontend {{ instance_parameter_dict['configuration.frontend-name'] }}
+name = Slave Introspection Frontend {{ instance_parameter_dict['configuration']['frontend-name'] }}
 software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
 shared = true
-config-url = https://[${slap-configuration:ipv6-random}]:{{ instance_parameter_dict['configuration.slave-introspection-https-port'] }}/
+config-url = https://[${slap-configuration:ipv6-random}]:{{ instance_parameter_dict['configuration']['slave-introspection-https-port'] }}/
 config-https-only = true
 return = secure_access
 
 [backend-haproxy-statistic-frontend]
 <= slap-connection
 recipe = slapos.cookbook:requestoptional
-name = Backend Haproxy Statistic Frontend {{ instance_parameter_dict['configuration.frontend-name'] }}
+name = Backend Haproxy Statistic Frontend {{ instance_parameter_dict['configuration']['frontend-name'] }}
 software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
 shared = true
-config-url = https://[${slap-configuration:ipv6-random}]:{{ instance_parameter_dict['configuration.backend-haproxy-statistic-port'] }}/
+config-url = https://[${slap-configuration:ipv6-random}]:{{ instance_parameter_dict['configuration']['backend-haproxy-statistic-port'] }}/
 config-https-only = true
 return = domain secure_access
 
@@ -1124,10 +1121,8 @@ config-filename = ${logrotate-setup-validate:state-file}
 config-state = empty
 
 [configuration]
-{%- for key, value in instance_parameter_dict.items() -%}
-{%-   if key.startswith('configuration.') %}
-{{ key.replace('configuration.', '') }} = {{ dumps(value) }}
-{%-   endif -%}
+{% for key, value in instance_parameter_dict['configuration'].items() %}
+{{ key }} = {{ dumps(value) }}
 {%- endfor %}
 
 [instance-parameter-section]
@@ -1135,7 +1130,7 @@ config-state = empty
 {#- XXX: Some other approach would be useful #}
 {%- set DROP_KEY_LIST = ['recipe', '__buildout_signature__', 'computer', 'partition', 'url', 'key', 'cert'] %}
 {%- for key, value in instance_parameter_dict.items() -%}
-{%-   if not key.startswith('configuration.') and key not in DROP_KEY_LIST %}
+{%-   if not key.startswith('configuration') and key not in DROP_KEY_LIST %}
 {{ key }} = {{ dumps(value) }}
 {%-   endif -%}
 {%- endfor %}

software/rapid-cdn/instance-input-schema.json

@@ -4,25 +4,29 @@
     "-frontend-quantity": {
       "description": "Quantity of Frontends Replicate.",
       "title": "Frontend Replication Quantity",
-      "type": "integer"
+      "type": "integer",
+      "default": 1
     },
     "apache-certificate": {
       "description": "SSL Certificate used by the server. By appending to it CA certificate it is possible to use this field to replace not implemented apache-ca-certificate. Deprecated, please use master-key-upload-url.",
       "textarea": true,
       "title": "[DEPRECATED] SSL Certificate, with optional CA certificate",
-      "type": "string"
+      "type": "string",
+      "default": ""
     },
     "apache-key": {
       "description": "SSL Key used by the server. Deprecated, please use master-key-upload-url.",
       "textarea": true,
       "title": "[DEPRECATED] SSL Key",
-      "type": "string"
+      "type": "string",
+      "default": ""
     },
     "domain": {
       "description": "Domain used to generate automatic hostnames for slaves. For example 'example.com' will result with slave hostname 'slaveref.example.com'.",
       "format": "idn-hostname",
       "title": "Domain",
-      "type": "string"
+      "type": "string",
+      "default": "example.org"
     },
     "enable-http2-by-default": {
       "default": "true",
@@ -119,6 +123,16 @@
       "title": "Default size of disk cache on each node (bytes)",
       "description": "The value can be provided with suffix 'K', 'M', 'G'",
       "type": "string"
+    },
+    "plain_http_port": {
+      "default": 8080,
+      "title": "Port to which frontend node shall bind to serve HTTP traffic",
+      "type": "integer"
+    },
+    "port": {
+      "default": 4443,
+      "title": "Port to which frontend node shall bind to serve HTTPS (and HTTP/3) traffic",
+      "type": "integer"
     }
   },
   "title": "Input Parameters",

software/rapid-cdn/instance-kedifa.cfg.in

@@ -25,14 +25,14 @@ parts =
 # Note: Workaround for monitor stack, which uses monitor-httpd-port parameter
 #       directly, and in our case it can come from the network, thus resulting
 #       with need to strip !py!'u'
-monitor-httpd-port = {{ instance_parameter_dict['configuration.monitor-httpd-port'] | int }}
-password = {{ instance_parameter_dict['configuration.monitor-password'] | string }}
+monitor-httpd-port = {{ instance_parameter_dict['configuration']['monitor-httpd-port'] | int }}
+password = {{ instance_parameter_dict['configuration']['monitor-password'] | string }}
 
 [caucased]
 hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
 
 {%  set caucase_host = '[' ~ instance_parameter_dict['ipv6-random'] ~ ']' %}
-{%  set caucase_netloc = caucase_host ~ ':' ~ instance_parameter_dict['configuration.caucase_port'] -%}
+{%  set caucase_netloc = caucase_host ~ ':' ~ instance_parameter_dict['configuration']['caucase_port'] -%}
 {%  set caucase_url = 'http://' ~ caucase_netloc -%}
 {{  caucase.caucased(
       prefix='caucased',
@@ -198,7 +198,7 @@ context =
 
 [kedifa-config]
 ip = {{ instance_parameter_dict['ipv6-random'] }}
-port = {{ instance_parameter_dict['configuration.kedifa_port'] }}
+port = {{ instance_parameter_dict['configuration']['kedifa_port'] }}
 db = ${directory:kedifa}/kedifa.sqlite
 certificate = ${directory:etc-kedifa}/certificate.pem
 key = ${:certificate}
@@ -230,7 +230,7 @@ config-ca-cert-file = ${kedifa-config:ca-certificate}
 <= logrotate-entry-base
 name = kedifa
 log = ${kedifa-config:logfile}
-rotate-num = {{ instance_parameter_dict['configuration.rotate-num'] | int }}
+rotate-num = {{ instance_parameter_dict['configuration']['rotate-num'] | int }}
 delaycompress =
 
 [kedifa]

software/rapid-cdn/instance-master-publish-slave-information.cfg.in

@@ -19,10 +19,6 @@
             'log-access-urls',
             log_access_list
             ) %}
-{%     do current_slave_dict.__setitem__(
-            'replication_number',
-            current_slave_dict.get('replication_number', 0) + 1
-            ) %}
 {%     do slave_information_dict.__setitem__(slave_reference, current_slave_dict) %}
 {%   endfor %}
 {% endfor %}

software/rapid-cdn/instance-slave-input-schema.json

@@ -208,9 +208,8 @@
       "type": "integer"
     },
     "ciphers": {
-      "title": "Ordered space separated list of ciphers",
-      "type": "string",
-      "default": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA"
+      "title": "Ordered space separated list of ciphers. Defaults to cluster setup.",
+      "type": "string"
     },
     "authenticate-to-backend": {
       "description": "If set to true the frontend certificate will be used as authentication certificate to the backend. Note: backend might have to know the frontend CA, available with 'backend-client-caucase-url'.",
@@ -262,25 +261,25 @@
     "health-check-timeout": {
       "title": "Health Check Timeout (seconds)",
       "description": "A timeout to for the request to be fulfilled, after connection happen.",
-      "default": "2",
+      "default": 2,
       "type": "integer"
     },
     "health-check-interval": {
       "title": "Health Check Interval (seconds)",
       "description": "An interval of health check.",
-      "default": "5",
+      "default": 5,
       "type": "integer"
     },
     "health-check-rise": {
       "title": "Health Check Rise",
       "description": "Amount of correct responses from the backend to consider it up.",
-      "default": "1",
+      "default": 1,
       "type": "integer"
     },
     "health-check-fall": {
       "title": "Health Check Fall",
       "description": "Amount of bad responses from the backend to consider it down.",
-      "default": "1",
+      "default": 1,
       "type": "integer"
     },
     "health-check-failover-url": {
@@ -324,7 +323,7 @@
     "strict-transport-security": {
       "title": "Strict Transport Security",
       "description": "Enables Strict Transport Security (HSTS) on the slave, the default 0 results with option disabled. Setting the value enables HSTS and sets the value of max-age. More information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security",
-      "default": "0",
+      "default": 0,
       "type": "integer"
     },
     "strict-transport-security-sub-domains": {

software/rapid-cdn/instance-slave-output-schema.json

@@ -18,10 +18,6 @@
       "description": "List of URLs to access logs",
       "type": "array"
     },
-    "replication_number": {
-      "description": "Number of nodes the slave is replicated",
-      "type": "integer"
-    },
     "secure_access": {
       "description": "URL for HTTP access",
       "type": "string"

software/rapid-cdn/instance.cfg.in

@@ -37,6 +37,50 @@ kedifa = dynamic-profile-kedifa:output
 {{ key }} = {{ dumps(value) }}
 {% endfor -%}
 
+[schema-json-to-default]
+recipe = slapos.recipe.build
+init =
+  import json
+  default_dict = dict()
+  with open(options['input']) as fh:
+    input_json = json.load(fh)
+  input_mapping = {}
+  if 'input-mapping' in options:
+    for mapping_line in options['input-mapping'].splitlines():
+      filename, section = mapping_line.split()
+      input_mapping[filename] = section
+  def fetchLevel(input_json):
+    default_dict = {}
+    for property, value_dict in input_json['properties'].items():
+      if value_dict.get('type') == 'object' and 'allOf' in value_dict:
+        value = {}
+        for entry in value_dict['allOf']:
+          with open(input_mapping[entry['$ref']]) as in_fh:
+            in_input_json = json.load(in_fh)
+            value.update(fetchLevel(in_input_json))
+        default_dict[property] = value
+      elif 'default' in value_dict:
+        if value_dict['default'] in ['false', 'true']:
+          # input schema json type is mostly incorrect, so guess the most
+          # important boolean type
+          default_dict[property] = value_dict['default'] == 'true'
+        else:
+          default_dict[property] = value_dict['default']
+      elif 'properties' in value_dict:
+        default_dict[property] = fetchLevel(value_dict)
+      else:
+        default_dict[property] = None
+    return default_dict
+  options['defaults'] = fetchLevel(input_json)
+
+[instance-slave-default]
+<= schema-json-to-default
+input = {{ software_parameter_dict['instance_slave_input_schema'] }}
+
+[instance-default]
+<= schema-json-to-default
+input = {{ software_parameter_dict['instance_input_schema'] }}
+
 [dynamic-profile-frontend]
 < = jinja2-template-base
 url = {{ software_parameter_dict['profile_frontend'] }}
@@ -44,6 +88,7 @@ filename = instance-frontend.cfg
 extra-context =
   import furl_module furl
   raw software_type single-custom-personal
+  key SLAVE_DEFAULTS instance-slave-default:defaults
 
 [dynamic-profile-master]
 < = jinja2-template-base
@@ -56,6 +101,8 @@ extra-context =
     import operator_module operator
     import validators validators
     import software software
+    key CLUSTER_DEFAULTS instance-default:defaults
+    key SLAVE_DEFAULTS instance-slave-default:defaults
 # Must match the key id in [switch-softwaretype] which uses this section.
     raw software_type RootSoftwareInstance-default-custom-personal-replicate
 
@@ -75,35 +122,3 @@ partition = ${slap-connection:partition-id}
 url = ${slap-connection:server-url}
 key = ${slap-connection:key-file}
 cert = ${slap-connection:cert-file}
-# Define default parameter(s) that will be used later, in case user didn't
-# specify it
-# All parameters are available through the configuration.XX syntax.
-# All possible parameters should have a default.
-configuration.domain = example.org
-configuration.port = 4443
-configuration.plain_http_port = 8080
-configuration.plain_nginx_port = 8081
-configuration.nginx_port = 9443
-configuration.kedifa_port = 7879
-# Warning: Caucase takes also cacuase_port+1
-configuration.caucase_port = 8890
-configuration.caucase_backend_client_port = 8990
-configuration.apache-key =
-configuration.apache-certificate =
-configuration.disk-cache-size = 8G
-configuration.ram-cache-size = 1G
-configuration.re6st-verification-url =
-configuration.enable-http2-by-default = true
-configuration.enable-http3 = false
-configuration.http3-port = 443
-configuration.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA
-configuration.request-timeout = 600
-configuration.frontend-name =
-configuration.backend-connect-timeout = 5
-configuration.backend-connect-retries = 3
-configuration.backend-haproxy-http-port = 21080
-configuration.backend-haproxy-https-port = 21443
-configuration.backend-haproxy-statistic-port = 21444
-configuration.authenticate-to-backend = False
-configuration.rotate-num = 4000
-configuration.slave-introspection-https-port = 22443

software/rapid-cdn/software.cfg

@@ -97,6 +97,8 @@ template_trafficserver_storage_config = ${template-trafficserver-storage-config:
 template_validate_script = ${template-validate-script:target}
 template_wrapper = ${template-wrapper:output}
 template_expose_csr_nginx_conf = ${template-expose-csr-nginx-conf:target}
+instance_slave_input_schema = ${instance-slave-input-schema:target}
+instance_input_schema = ${instance-input-schema:target}
 
 # directories
 bin_directory = ${buildout:bin-directory}
@@ -210,6 +212,12 @@ output = ${buildout:directory}/template-wrapper.cfg
 [template-frontend-haproxy-rsyslogd-conf]
 <=download-template
 
+[instance-slave-input-schema]
+<=download-profile
+
+[instance-input-schema]
+<=download-profile
+
 [versions]
 kedifa = 0.0.7
 # Modern KeDiFa requires zc.lockfile

software/rapid-cdn/templates/backend-haproxy.cfg.in

@@ -77,7 +77,7 @@ frontend https-backend
 {%-           do ssl_list.append('crt %s' % (configuration['certificate'],)) %}
 {%-         endif %}
 {%-         do ssl_list.append('ssl verify') %}
-{%-         if slave_instance['ssl_proxy_verify'] %}
+{%-         if slave_instance['ssl-proxy-verify'] %}
 {%-           if slave_instance['path_to_ssl_proxy_ca_crt']  %}
 {%-             do ssl_list.append('required ca-file %s' % (slave_instance['path_to_ssl_proxy_ca_crt'],)) %}
 {%-           else %}

software/rapid-cdn/templates/frontend-haproxy.cfg.in

-{%- if configuration['http3-enable'] == 'True' %}
-{%-   set HTTP3 = True %}
-{%- else %}
-{%-   set HTTP3 = False %}
-{%- endif %}
 global
   pidfile {{ configuration['pid-file'] }}
   # master-worker is compatible with foreground with process management
@@ -60,7 +55,7 @@ frontend http-frontend
 frontend https-frontend
   bind {{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }}
   bind {{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }}
-{%- if HTTP3 %}
+{%- if configuration['http3-enable'] %}
   bind quic4@{{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3
   bind quic6@{{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3
 {%- endif %}
@@ -76,7 +71,7 @@ frontend https-frontend
 {%-   for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %}
 {%-     set info_dict = slave_instance.get(prefix, slave_instance.get('backend-http-info')) %}
 backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
-{%-     if HTTP3 and slave_instance['enable-http3'] %}
+{%-     if configuration['http3-enable'] and slave_instance['enable-http3'] %}
   http-after-response set-header alt-svc "h3=\":{{ configuration['http3-port'] }}\"; ma=3600"
   {#- Ask Chromium to use HTTP3 #}
   http-after-response set-header alternate-protocol {{ configuration['http3-port'] }}:quic
@@ -112,7 +107,7 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
   http-after-response set-header Strict-Transport-Security "{{ ''.join(strict_transport_security) }}"
 {%-             endif %}
 {%-           endif %}
-{%-           for disabled_cookie in slave_instance['disabled-cookie-list'] %}
+{%-           for disabled_cookie in slave_instance['disabled-cookie-list'].split() %}
   http-request replace-header Cookie (.*)(^{{ disabled_cookie | replace('%', '%%') }}=[^;]*;\ |;\ {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*) \1\3
 {%-           endfor %}
 {%-           if slave_instance['disable-no-cache-request'] %}

software/rapid-cdn/templates/trafficserver/records.config.jinja2

@@ -156,7 +156,7 @@ CONFIG proxy.config.net.max_requests_in INT 10000
 #    https://docs.trafficserver.apache.org/records.config#ram-cache
 #    https://docs.trafficserver.apache.org/en/latest/admin-guide/files/storage.config.en.html
 ##############################################################################
-CONFIG proxy.config.cache.ram_cache.size INT {{ ats_configuration.get('ram-cache-size', '1G') }}
+CONFIG proxy.config.cache.ram_cache.size INT {{ ats_configuration['ram-cache-size'] }}
 CONFIG proxy.config.cache.ram_cache_cutoff INT 4194304
     # https://docs.trafficserver.apache.org/records.config#proxy-config-cache-limits-http-max-alts
 CONFIG proxy.config.cache.limits.http.max_alts INT 5

software/rapid-cdn/templates/trafficserver/storage.config.jinja2

@@ -50,4 +50,4 @@
 # A small default cache (256MB). This is set to allow for the regression test to succeed
 # most likely you'll want to use a larger cache. And, we definitely recommend the use
 # of raw devices for production caches.
-{{ ats_configuration.get("cache-path") }} {{ ats_configuration.get("disk-cache-size") }}
+{{ ats_configuration["cache-path"] }} {{ ats_configuration["disk-cache-size"] }}

software/rapid-cdn/test/test.py

@@ -69,6 +69,7 @@ from cryptography.x509.oid import NameOID
 from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
 from slapos.testing.utils import findFreeTCPPort
 from slapos.testing.utils import getPromisePluginParameterDict
+
 if __name__ == '__main__':
   SlapOSInstanceTestCase = object
 else:
@@ -76,6 +77,7 @@ else:
     os.path.abspath(
         os.path.join(os.path.dirname(__file__), '..', 'software.cfg')))
 
+
 # ports chosen to not collide with test systems
 HTTP_PORT = '11080'
 HTTPS_PORT = '11443'
@@ -1394,7 +1396,6 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
       hostname = reference.replace('_', '').replace('-', '').lower()
     expected_parameter_dict.update(**{
       'domain': '%s.example.com' % (hostname,),
-      'replication_number': '1',
       'url': 'http://%s.example.com' % (hostname, ),
       'site_url': 'http://%s.example.com' % (hostname, ),
       'secure_access': 'https://%s.example.com' % (hostname, ),
@@ -4867,7 +4868,7 @@ class TestSlaveHttp3(TestSlave):
     'kedifa_port': KEDIFA_PORT,
     'caucase_port': CAUCASE_PORT,
     'request-timeout': '12',
-    'enable-http3': 'True',
+    'enable-http3': True,
     'http3-port': HTTPS_PORT,
   }
   max_client_version = '3.0'
@@ -4993,7 +4994,6 @@ class TestReplicateSlave(
     self.assertEqual(
       {
         'domain': 'replicate.example.com',
-        'replication_number': '2',
         'url': 'http://replicate.example.com',
         'site_url': 'http://replicate.example.com',
         'secure_access': 'https://replicate.example.com',
@@ -6479,7 +6479,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
     self.assertEqual(
       {
         'domain': 'defaultpathunsafe.example.com',
-        'replication_number': '1',
         'url': 'http://defaultpathunsafe.example.com',
         'site_url': 'http://defaultpathunsafe.example.com',
         'secure_access': 'https://defaultpathunsafe.example.com',
@@ -6822,14 +6821,18 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
         'backend-client-caucase-url': backend_client_caucase_url,
         'backend-connect-retries': '1',
         'backend-connect-timeout': '2',
+        'backend-haproxy-http-port': 21080,
+        'backend-haproxy-https-port': 21443,
+        'backend-haproxy-statistic-port': 21444,
         'ciphers': 'ciphers',
         'cluster-identification': 'testing partition 0',
+        'disk-cache-size': '8G',
         'domain': 'example.com',
         'enable-http2-by-default': 'True',
-        'enable-http3': 'false',
+        'enable-http3': False,
         'extra_slave_instance_list': '[]',
         'frontend-name': 'caddy-frontend-1',
-        'http3-port': '443',
+        'http3-port': 443,
         'kedifa-caucase-url': kedifa_caucase_url,
         'monitor-cors-domains': 'monitor.app.officejs.com',
         'monitor-httpd-port': 8411,
@@ -6839,6 +6842,8 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
         'ram-cache-size': '512K',
         're6st-verification-url': 're6st-verification-url',
         'request-timeout': '100',
+        'rotate-num': 4000,
+        'slave-introspection-https-port': 22443,
         'slave-kedifa-information': '{}'
       },
       'caddy-frontend-2': {
@@ -6849,14 +6854,18 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
         'backend-client-caucase-url': backend_client_caucase_url,
         'backend-connect-retries': '1',
         'backend-connect-timeout': '2',
+        'backend-haproxy-http-port': 21080,
+        'backend-haproxy-https-port': 21443,
+        'backend-haproxy-statistic-port': 21444,
         'ciphers': 'ciphers',
         'cluster-identification': 'testing partition 0',
+        'disk-cache-size': '8G',
         'domain': 'example.com',
         'enable-http2-by-default': 'True',
-        'enable-http3': 'false',
+        'enable-http3': False,
         'extra_slave_instance_list': '[]',
         'frontend-name': 'caddy-frontend-2',
-        'http3-port': '443',
+        'http3-port': 443,
         'kedifa-caucase-url': kedifa_caucase_url,
         'monitor-cors-domains': 'monitor.app.officejs.com',
         'monitor-httpd-port': 8412,
@@ -6866,6 +6875,8 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
         'ram-cache-size': '256K',
         're6st-verification-url': 're6st-verification-url',
         'request-timeout': '100',
+        'rotate-num': 4000,
+        'slave-introspection-https-port': 22443,
         'slave-kedifa-information': '{}'
       },
       'caddy-frontend-3': {
@@ -6876,22 +6887,29 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
         'backend-client-caucase-url': backend_client_caucase_url,
         'backend-connect-retries': '1',
         'backend-connect-timeout': '2',
+        'backend-haproxy-http-port': 21080,
+        'backend-haproxy-https-port': 21443,
+        'backend-haproxy-statistic-port': 21444,
         'ciphers': 'ciphers',
         'cluster-identification': 'testing partition 0',
+        'disk-cache-size': '8G',
         'domain': 'example.com',
         'enable-http2-by-default': 'True',
-        'enable-http3': 'false',
+        'enable-http3': False,
         'extra_slave_instance_list': '[]',
         'frontend-name': 'caddy-frontend-3',
-        'http3-port': '443',
+        'http3-port': 443,
         'kedifa-caucase-url': kedifa_caucase_url,
         'monitor-cors-domains': 'monitor.app.officejs.com',
         'monitor-httpd-port': 8413,
         'monitor-username': 'admin',
         'plain_http_port': '11080',
         'port': '11443',
+        'ram-cache-size': '1G',
         're6st-verification-url': 're6st-verification-url',
         'request-timeout': '100',
+        'rotate-num': 4000,
+        'slave-introspection-https-port': 22443,
         'slave-kedifa-information': '{}'
       },
       'kedifa': {
@@ -6902,6 +6920,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
         'monitor-cors-domains': 'monitor.app.officejs.com',
         'monitor-httpd-port': '8402',
         'monitor-username': 'admin',
+        'rotate-num': 4000,
         'slave-list': []
       },
       'testing partition 0': {
@@ -7084,7 +7103,7 @@ backend _health-check-connect-http
   timeout connect 5s
   retries 3
   server _health-check-connect-backend-http %s   check inter 5s"""
-      """ rise 1 fall 2
+      """ rise 1 fall 1
   timeout check 2s""" % (backend,),
       'health-check-custom': """\
 backend _health-check-custom-http
@@ -7101,7 +7120,7 @@ backend _health-check-default-http
   timeout connect 5s
   retries 3
   server _health-check-default-backend-http %s   check inter 5s"""
-      """ rise 1 fall 2
+      """ rise 1 fall 1
   option httpchk GET / HTTP/1.1
   timeout check 2s""" % (backend, )
     }

software/rapid-cdn/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test00cluster_request_instance_parameter_dict.txt

@@ -25,6 +25,7 @@
       "monitor-httpd-port": "8402",
       "monitor-password": "@@monitor-password@@",
       "monitor-username": "admin",
+      "rotate-num": 4000,
       "slave-list": []
     },
     "full_address_list": [],
@@ -39,12 +40,24 @@
   },
   {
     "_": {
+      "apache-certificate": "",
+      "apache-key": "",
+      "authenticate-to-backend": false,
       "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
+      "backend-connect-retries": 3,
+      "backend-connect-timeout": 5,
+      "backend-haproxy-http-port": 21080,
+      "backend-haproxy-https-port": 21443,
+      "backend-haproxy-statistic-port": 21444,
+      "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
       "cluster-identification": "testing partition 0",
-      "enable-http3": "false",
+      "disk-cache-size": "8G",
+      "domain": "example.org",
+      "enable-http2-by-default": true,
+      "enable-http3": false,
       "extra_slave_instance_list": "[]",
       "frontend-name": "caddy-frontend-1",
-      "http3-port": "443",
+      "http3-port": 443,
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
       "monitor-cors-domains": "monitor.app.officejs.com",
@@ -53,6 +66,11 @@
       "monitor-username": "admin",
       "plain_http_port": "11080",
       "port": "11443",
+      "ram-cache-size": "1G",
+      "re6st-verification-url": null,
+      "request-timeout": 600,
+      "rotate-num": 4000,
+      "slave-introspection-https-port": 22443,
       "slave-kedifa-information": "{}"
     },
     "full_address_list": [],

software/rapid-cdn/test/test_data/test.TestMasterRequest.test00cluster_request_instance_parameter_dict.txt

@@ -23,6 +23,7 @@
       "monitor-httpd-port": "8402",
       "monitor-password": "@@monitor-password@@",
       "monitor-username": "admin",
+      "rotate-num": 4000,
       "slave-list": []
     },
     "full_address_list": [],
@@ -37,12 +38,24 @@
   },
   {
     "_": {
+      "apache-certificate": "",
+      "apache-key": "",
+      "authenticate-to-backend": false,
       "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
+      "backend-connect-retries": 3,
+      "backend-connect-timeout": 5,
+      "backend-haproxy-http-port": 21080,
+      "backend-haproxy-https-port": 21443,
+      "backend-haproxy-statistic-port": 21444,
+      "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
       "cluster-identification": "testing partition 0",
-      "enable-http3": "false",
+      "disk-cache-size": "8G",
+      "domain": "example.org",
+      "enable-http2-by-default": true,
+      "enable-http3": false,
       "extra_slave_instance_list": "[]",
       "frontend-name": "caddy-frontend-1",
-      "http3-port": "443",
+      "http3-port": 443,
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
       "monitor-cors-domains": "monitor.app.officejs.com",
@@ -51,6 +64,11 @@
       "monitor-username": "admin",
       "plain_http_port": "11080",
       "port": "11443",
+      "ram-cache-size": "1G",
+      "re6st-verification-url": null,
+      "request-timeout": 600,
+      "rotate-num": 4000,
+      "slave-introspection-https-port": 22443,
       "slave-kedifa-information": "{}"
     },
     "full_address_list": [],

software/rapid-cdn/test/test_data/test.TestMasterRequestDomain.test00cluster_request_instance_parameter_dict.txt

@@ -24,6 +24,7 @@
       "monitor-httpd-port": "8402",
       "monitor-password": "@@monitor-password@@",
       "monitor-username": "admin",
+      "rotate-num": 4000,
       "slave-list": []
     },
     "full_address_list": [],
@@ -38,13 +39,24 @@
   },
   {
     "_": {
+      "apache-certificate": "",
+      "apache-key": "",
+      "authenticate-to-backend": false,
       "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
+      "backend-connect-retries": 3,
+      "backend-connect-timeout": 5,
+      "backend-haproxy-http-port": 21080,
+      "backend-haproxy-https-port": 21443,
+      "backend-haproxy-statistic-port": 21444,
+      "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
       "cluster-identification": "testing partition 0",
+      "disk-cache-size": "8G",
       "domain": "example.com",
-      "enable-http3": "false",
+      "enable-http2-by-default": true,
+      "enable-http3": false,
       "extra_slave_instance_list": "[]",
       "frontend-name": "caddy-frontend-1",
-      "http3-port": "443",
+      "http3-port": 443,
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
       "monitor-cors-domains": "monitor.app.officejs.com",
@@ -53,6 +65,11 @@
       "monitor-username": "admin",
       "plain_http_port": "11080",
       "port": "11443",
+      "ram-cache-size": "1G",
+      "re6st-verification-url": null,
+      "request-timeout": 600,
+      "rotate-num": 4000,
+      "slave-introspection-https-port": 22443,
       "slave-kedifa-information": "{}"
     },
     "full_address_list": [],

software/rapid-cdn/test/test_data/test.TestRe6stVerificationUrlSlave.test00cluster_request_instance_parameter_dict.txt

@@ -33,6 +33,7 @@
       "monitor-httpd-port": "8402",
       "monitor-password": "@@monitor-password@@",
       "monitor-username": "admin",
+      "rotate-num": 4000,
       "slave-list": [
         {
           "enable_cache": true,
@@ -53,13 +54,24 @@
   },
   {
     "_": {
+      "apache-certificate": "",
+      "apache-key": "",
+      "authenticate-to-backend": false,
       "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
+      "backend-connect-retries": 3,
+      "backend-connect-timeout": 5,
+      "backend-haproxy-http-port": 21080,
+      "backend-haproxy-https-port": 21443,
+      "backend-haproxy-statistic-port": 21444,
+      "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
       "cluster-identification": "testing partition 0",
+      "disk-cache-size": "8G",
       "domain": "example.com",
-      "enable-http3": "false",
+      "enable-http2-by-default": true,
+      "enable-http3": false,
       "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
       "frontend-name": "caddy-frontend-1",
-      "http3-port": "443",
+      "http3-port": 443,
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
       "monitor-cors-domains": "monitor.app.officejs.com",
@@ -68,7 +80,11 @@
       "monitor-username": "admin",
       "plain_http_port": "11080",
       "port": "11443",
+      "ram-cache-size": "1G",
       "re6st-verification-url": "http://@@_ipv4_address@@:@@_server_http_port@@/re6st.html",
+      "request-timeout": 600,
+      "rotate-num": 4000,
+      "slave-introspection-https-port": 22443,
       "slave-kedifa-information": "{\"_default\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@default_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@default_key-generate-auth-url@@/@@default_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@default_key-generate-auth-url@@?auth=\"}}"
     },
     "full_address_list": [],

software/rapid-cdn/test/test_data/test.TestReplicateSlave.test00cluster_request_instance_parameter_dict.txt

@@ -36,6 +36,7 @@
       "monitor-httpd-port": "8402",
       "monitor-password": "@@monitor-password@@",
       "monitor-username": "admin",
+      "rotate-num": 4000,
       "slave-list": [
         {
           "enable_cache": true,
@@ -56,13 +57,24 @@
   },
   {
     "_": {
+      "apache-certificate": "",
+      "apache-key": "",
+      "authenticate-to-backend": false,
       "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
+      "backend-connect-retries": 3,
+      "backend-connect-timeout": 5,
+      "backend-haproxy-http-port": 21080,
+      "backend-haproxy-https-port": 21443,
+      "backend-haproxy-statistic-port": 21444,
+      "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
       "cluster-identification": "testing partition 0",
+      "disk-cache-size": "8G",
       "domain": "example.com",
-      "enable-http3": "false",
+      "enable-http2-by-default": true,
+      "enable-http3": false,
       "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_replicate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
       "frontend-name": "caddy-frontend-1",
-      "http3-port": "443",
+      "http3-port": 443,
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
       "monitor-cors-domains": "monitor.app.officejs.com",
@@ -71,6 +83,11 @@
       "monitor-username": "admin",
       "plain_http_port": "11080",
       "port": "11443",
+      "ram-cache-size": "1G",
+      "re6st-verification-url": null,
+      "request-timeout": 600,
+      "rotate-num": 4000,
+      "slave-introspection-https-port": 22443,
       "slave-kedifa-information": "{\"_replicate\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@replicate_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@replicate_key-generate-auth-url@@/@@replicate_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@replicate_key-generate-auth-url@@?auth=\"}}"
     },
     "full_address_list": [],
@@ -85,13 +102,24 @@
   },
   {
     "_": {
+      "apache-certificate": "",
+      "apache-key": "",
+      "authenticate-to-backend": false,
       "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
+      "backend-connect-retries": 3,
+      "backend-connect-timeout": 5,
+      "backend-haproxy-http-port": 21080,
+      "backend-haproxy-https-port": 21443,
+      "backend-haproxy-statistic-port": 21444,
+      "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
       "cluster-identification": "testing partition 0",
+      "disk-cache-size": "8G",
       "domain": "example.com",
-      "enable-http3": "false",
+      "enable-http2-by-default": true,
+      "enable-http3": false,
       "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_replicate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
       "frontend-name": "caddy-frontend-2",
-      "http3-port": "443",
+      "http3-port": 443,
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
       "monitor-cors-domains": "monitor.app.officejs.com",
@@ -100,6 +128,11 @@
       "monitor-username": "admin",
       "plain_http_port": "11080",
       "port": "11443",
+      "ram-cache-size": "1G",
+      "re6st-verification-url": null,
+      "request-timeout": 600,
+      "rotate-num": 4000,
+      "slave-introspection-https-port": 22443,
       "slave-kedifa-information": "{\"_replicate\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@replicate_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@replicate_key-generate-auth-url@@/@@replicate_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@replicate_key-generate-auth-url@@?auth=\"}}"
     },
     "full_address_list": [],

software/rapid-cdn/test/test_data/test.TestSlaveCiphers.test00cluster_request_instance_parameter_dict.txt

@@ -41,6 +41,7 @@
       "monitor-httpd-port": "8402",
       "monitor-password": "@@monitor-password@@",
       "monitor-username": "admin",
+      "rotate-num": 4000,
       "slave-list": [
         {
           "enable_cache": true,
@@ -67,14 +68,24 @@
   },
   {
     "_": {
+      "apache-certificate": "",
+      "apache-key": "",
+      "authenticate-to-backend": false,
       "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
+      "backend-connect-retries": 3,
+      "backend-connect-timeout": 5,
+      "backend-haproxy-http-port": 21080,
+      "backend-haproxy-https-port": 21443,
+      "backend-haproxy-statistic-port": 21444,
       "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384",
       "cluster-identification": "testing partition 0",
+      "disk-cache-size": "8G",
       "domain": "example.com",
-      "enable-http3": "false",
+      "enable-http2-by-default": true,
+      "enable-http3": false,
       "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default_ciphers\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"ciphers\": \"ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256\", \"enable_cache\": true, \"slave_reference\": \"_own_ciphers\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
       "frontend-name": "caddy-frontend-1",
-      "http3-port": "443",
+      "http3-port": 443,
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
       "monitor-cors-domains": "monitor.app.officejs.com",
@@ -83,6 +94,11 @@
       "monitor-username": "admin",
       "plain_http_port": "11080",
       "port": "11443",
+      "ram-cache-size": "1G",
+      "re6st-verification-url": null,
+      "request-timeout": 600,
+      "rotate-num": 4000,
+      "slave-introspection-https-port": 22443,
       "slave-kedifa-information": "{\"_default_ciphers\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@default_ciphers_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@default_ciphers_key-generate-auth-url@@/@@default_ciphers_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@default_ciphers_key-generate-auth-url@@?auth=\"}, \"_own_ciphers\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@own_ciphers_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@own_ciphers_key-generate-auth-url@@/@@default_ciphers_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@own_ciphers_key-generate-auth-url@@?auth=\"}}"
     },
     "full_address_list": [],

software/rapid-cdn/test/test_data/test.TestSlaveHostHaproxyClash.test00cluster_request_instance_parameter_dict.txt

@@ -56,6 +56,7 @@
       "monitor-httpd-port": "8402",
       "monitor-password": "@@monitor-password@@",
       "monitor-username": "admin",
+      "rotate-num": 4000,
       "slave-list": [
         {
           "custom_domain": "*.example.com",
@@ -93,13 +94,24 @@
   },
   {
     "_": {
+      "apache-certificate": "",
+      "apache-key": "",
+      "authenticate-to-backend": false,
       "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
+      "backend-connect-retries": 3,
+      "backend-connect-timeout": 5,
+      "backend-haproxy-http-port": 21080,
+      "backend-haproxy-https-port": 21443,
+      "backend-haproxy-statistic-port": 21444,
+      "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
       "cluster-identification": "testing partition 0",
+      "disk-cache-size": "8G",
       "domain": "example.com",
-      "enable-http3": "false",
+      "enable-http2-by-default": true,
+      "enable-http3": false,
       "extra_slave_instance_list": "[{\"custom_domain\": \"*.example.com\", \"server-alias\": \"example.com\", \"slave_reference\": \"_01wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/01wildcard\"}, {\"custom_domain\": \"*.alias1.example.com\", \"server-alias\": \"alias1.example.com\", \"slave_reference\": \"_02wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/02wildcard\"}, {\"custom_domain\": \"zspecific.example.com\", \"slave_reference\": \"_03zspecific\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/03zspecific\"}, {\"custom_domain\": \"zspecific.alias1.example.com\", \"slave_reference\": \"_04zspecific\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/04zspecific\"}]",
       "frontend-name": "caddy-frontend-1",
-      "http3-port": "443",
+      "http3-port": 443,
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
       "monitor-cors-domains": "monitor.app.officejs.com",
@@ -108,7 +120,11 @@
       "monitor-username": "admin",
       "plain_http_port": "11080",
       "port": "11443",
+      "ram-cache-size": "1G",
+      "re6st-verification-url": null,
       "request-timeout": "12",
+      "rotate-num": 4000,
+      "slave-introspection-https-port": 22443,
       "slave-kedifa-information": "{\"_01wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@01wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@01wildcard_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@01wildcard_key-generate-auth-url@@?auth=\"}, \"_02wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@02wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@02wildcard_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@02wildcard_key-generate-auth-url@@?auth=\"}, \"_03zspecific\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@03zspecific_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@03zspecific_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@03zspecific_key-generate-auth-url@@?auth=\"}, \"_04zspecific\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@04zspecific_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@04zspecific_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@04zspecific_key-generate-auth-url@@?auth=\"}}"
     },
     "full_address_list": [],

software/rapid-cdn/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test00cluster_request_instance_parameter_dict.txt

@@ -34,6 +34,7 @@
       "monitor-httpd-port": "8402",
       "monitor-password": "@@monitor-password@@",
       "monitor-username": "admin",
+      "rotate-num": 4000,
       "slave-list": [
         {
           "enable_cache": true,
@@ -56,13 +57,22 @@
     "_": {
       "apache-certificate": "@@certificate_pem@@",
       "apache-key": "@@key_pem@@",
+      "authenticate-to-backend": false,
       "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
+      "backend-connect-retries": 3,
+      "backend-connect-timeout": 5,
+      "backend-haproxy-http-port": 21080,
+      "backend-haproxy-https-port": 21443,
+      "backend-haproxy-statistic-port": 21444,
+      "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
       "cluster-identification": "testing partition 0",
+      "disk-cache-size": "8G",
       "domain": "example.com",
-      "enable-http3": "false",
+      "enable-http2-by-default": true,
+      "enable-http3": false,
       "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master_kedifa_overrides_master_certificate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
       "frontend-name": "caddy-frontend-1",
-      "http3-port": "443",
+      "http3-port": 443,
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
       "monitor-cors-domains": "monitor.app.officejs.com",
@@ -71,6 +81,11 @@
       "monitor-username": "admin",
       "plain_http_port": "11080",
       "port": "11443",
+      "ram-cache-size": "1G",
+      "re6st-verification-url": null,
+      "request-timeout": 600,
+      "rotate-num": 4000,
+      "slave-introspection-https-port": 22443,
       "slave-kedifa-information": "{\"_ssl_from_master_kedifa_overrides_master_certificate\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@/@@ssl_from_master_kedifa_overrides_master_certificate_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@?auth=\"}}"
     },
     "full_address_list": [],

software/rapid-cdn/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test00cluster_request_instance_parameter_dict.txt

@@ -34,6 +34,7 @@
       "monitor-httpd-port": "8402",
       "monitor-password": "@@monitor-password@@",
       "monitor-username": "admin",
+      "rotate-num": 4000,
       "slave-list": [
         {
           "enable_cache": true,
@@ -56,13 +57,22 @@
     "_": {
       "apache-certificate": "@@certificate_pem@@",
       "apache-key": "@@key_pem@@",
+      "authenticate-to-backend": false,
       "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
+      "backend-connect-retries": 3,
+      "backend-connect-timeout": 5,
+      "backend-haproxy-http-port": 21080,
+      "backend-haproxy-https-port": 21443,
+      "backend-haproxy-statistic-port": 21444,
+      "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
       "cluster-identification": "testing partition 0",
+      "disk-cache-size": "8G",
       "domain": "example.com",
-      "enable-http3": "false",
+      "enable-http2-by-default": true,
+      "enable-http3": false,
       "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
       "frontend-name": "caddy-frontend-1",
-      "http3-port": "443",
+      "http3-port": 443,
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
       "monitor-cors-domains": "monitor.app.officejs.com",
@@ -71,6 +81,11 @@
       "monitor-username": "admin",
       "plain_http_port": "11080",
       "port": "11443",
+      "ram-cache-size": "1G",
+      "re6st-verification-url": null,
+      "request-timeout": 600,
+      "rotate-num": 4000,
+      "slave-introspection-https-port": 22443,
       "slave-kedifa-information": "{\"_ssl_from_master\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@/@@ssl_from_master_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@?auth=\"}}"
     },
     "full_address_list": [],