XXX ceckpoit frontend node instantiates

software/rapid-cdn/README.rst

@@ -101,11 +101,9 @@ Example sessions is::
 
   curl -g --upload-file bundle.pem --cacert "${frontend_name}.ca.crt" --crlfile "${frontend_name}.crl" master-key-upload-url+authtoken
 
-This replaces old request parameters:
+This replaces old request parameter:
 
- * ``apache-certificate``
- * ``apache-key``
- * ``apache-ca-certificate``
+ * ``certificate-chain``
 
 (*Note*: They are still supported for backward compatibility, but any value send to the ``master-key-upload-url`` will supersede information from SlapOS Master.)
 

software/rapid-cdn/buildout.hash.cfg

@@ -22,7 +22,7 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
 
 [profile-frontend]
 filename = instance-frontend.cfg.in
-md5sum = 6150e2f928ee95525960b287ebd1d528
+md5sum = 2dc6f1e1ad7ab7be4c8cd262e095ece5
 
 [profile-master]
 filename = instance-master.cfg.in
@@ -30,7 +30,7 @@ md5sum = 291f73c3782040d02fd56a46f61c201b
 
 [profile-slave-list]
 filename = instance-slave-list.cfg.in
-md5sum = 4243791e4ba4fc7012ad02ca2bb0986d
+md5sum = 017bb67d641af15d694fe808cda12e9e
 
 [profile-master-publish-slave-information]
 filename = instance-master-publish-slave-information.cfg.in

software/rapid-cdn/instance-frontend.cfg.in

@@ -361,19 +361,14 @@ master-key-download-url = {{ dumps(instance_parameter_dict['configuration']['mas
 expose-csr-organization = {{ instance_parameter_dict['configuration']['cluster-identification'] }}
 expose-csr-organizational-unit = {{ instance_parameter_dict['instance-title'] }}
 url-ready-file = ${directory:var}/url-ready.txt
-global_ipv6 = ${slap-configuration:ipv6-random}
+global-ipv6 = ${slap-configuration:ipv6-random}
 empty-template = ${software-release-path:template-empty}
 template-expose-csr-nginx-conf = ${software-release-path:template-expose-csr-nginx-conf}
-frontend-lazy-graceful-reload = ${frontend-haproxy-lazy-graceful:output}
 monitor-base-url = ${monitor-instance-parameter:monitor-base-url}
-node-id = ${frontend-node-id:value}
-version-hash = ${version-hash:value}
-software-release-url = ${version-hash:software-release-url}
 node-information = ${frontend-node-information:value}
 # BBB: SlapOS Master non-zero knowledge BEGIN
-apache-certificate = ${certificate-chain:output}
+certificate-chain = ${certificate-chain:output}
 # BBB: SlapOS Master non-zero knowledge END
-custom-ssl-directory = ${frontend-directory:custom-ssl-directory}
 ## frontend haproxy
 template-frontend-haproxy-configuration = ${software-release-path:template-frontend-haproxy-configuration}
 template-frontend-haproxy-crt-list = ${software-release-path:template-frontend-haproxy-crt-list}

software/rapid-cdn/instance-slave-list.cfg.in

@@ -14,9 +14,9 @@
 {%- set slave_instance_information_list = [] %}
 {%- set slave_instance_list = dynamic_profile_configuration['extra-slave-instance-list'] %}
 {%- if dynamic_profile_configuration['master-key-download-url'] %}
-{%-   do kedifa_updater_mapping.append((dynamic_profile_configuration['master-key-download-url'], frontend_haproxy_configuration['master-certificate'], apache_certificate)) %}
+{%-   do kedifa_updater_mapping.append((dynamic_profile_configuration['master-key-download-url'], frontend_haproxy_configuration['master-certificate'], dynamic_profile_configuration['certificate-chain'])) %}
 {%- else %}
-{%-   do kedifa_updater_mapping.append(('notreadyyet', frontend_haproxy_configuration['master-certificate'], apache_certificate)) %}
+{%-   do kedifa_updater_mapping.append(('notreadyyet', frontend_haproxy_configuration['master-certificate'], dynamic_profile_configuration['certificate-chain'])) %}
 {%- endif %}
 {%- if kedifa_configuration['slave_kedifa_information'] %}
 {%-   set slave_kedifa_information = json_module.loads(kedifa_configuration['slave_kedifa_information']) %}
@@ -198,7 +198,7 @@ context =
 {%-   set slave_log_access_url = urllib_module.parse.unquote(furled.tostr()) %}
 {%-   do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %}
 {%-   do slave_publish_dict.__setitem__('slave-reference', slave_reference) %}
-{%-   do slave_publish_dict.__setitem__('backend-client-caucase-url', backend_client_caucase_url) %}
+{%-   do slave_publish_dict.__setitem__('backend-client-caucase-url', dynamic_profile_configuration['backend-client-caucase-url']) %}
 {#-   Set slave domain if none was defined #}
 {%-   if slave_instance.get('custom_domain', None) == None %}
 {%-     set domain_prefix = slave_instance.get('slave_reference').replace("-", "").replace("_", "").lower() %}
@@ -281,7 +281,7 @@ log-directory = {{ '${slave-log-directory-dict:' + slave_reference + '}' }}
 name = ${:_buildout_section_name_}
 log = {{slave_parameter_dict['access_log'] }} {{slave_parameter_dict['frontend_log'] }} {{slave_parameter_dict['backend_log'] }}
 backup = {{ '${' + slave_log_directory_section + ':log-directory}' }}
-rotate-num = {{ configuration['user']['expert'].get('rotate-num', FRONTEND_USER_DEFAULTS['expert']['rotate-num']) }}
+rotate-num = {{ dynamic_profile_user_configuration['global']['expert']['rotate-num'] }}
 # disable delayed compression, as log filenames shall be stable
 delaycompress =
 
@@ -331,7 +331,7 @@ command = {{ software_parameter_dict['htpasswd'] }} -cb ${:file} {{ slave_refere
 {#-         Store certificates on fs #}
 [{{ cert_title }}]
 < = jinja2-template-base
-url = {{ empty_template }}
+url = {{ dynamic_profile_configuration['empty-template'] }}
 output = {{ cert_file }}
 extra-context =
     key content {{ cert_title + '-config:value' }}
@@ -353,7 +353,7 @@ value = {{ dumps(slave_instance.get(cert_name)) }}
 
 [{{cert_title}}]
 < = jinja2-template-base
-url = {{ empty_template }}
+url = {{ dynamic_profile_user_configuration['empty-template'] }}
 output = {{ cert_file }}
 cert-content = {{ dumps(slave_instance.get('ssl_crt', SLAVE_DEFAULTS['ssl_crt']) + '\n' + slave_instance.get('ssl_ca_crt', SLAVE_DEFAULTS['ssl_ca_crt']) + '\n' + slave_instance.get('ssl_key', SLAVE_DEFAULTS['ssl_key'])) }}
 extra-context =
@@ -368,8 +368,8 @@ extra-context =
 
 [{{ slave_configuration_section_name }}]
 certificate = {{ certificate }}
-https_port = {{ configuration['user']['expert'].get('frontend-haproxy-https-port', FRONTEND_USER_DEFAULTS['expert']['frontend-haproxy-https-port']) }}
-http_port = {{ configuration['user']['expert'].get('frontend-haproxy-http-port', FRONTEND_USER_DEFAULTS['expert']['frontend-haproxy-http-port']) }}
+https_port = {{ dynamic_profile_user_configuration['global']['expert']['frontend-haproxy-https-port'] }}
+http_port = {{ dynamic_profile_user_configuration['global']['expert']['frontend-haproxy-http-port'] }}
 local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
 {%-   for key, value in slave_instance.items() %}
 {%-     if value is not none %}
@@ -391,7 +391,7 @@ local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
 {#- ## Prepare virtualhost for slaves using cache  #}
 [slave-introspection-parameters]
 local-ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }}
-global-ipv6 = {{ dumps(global_ipv6) }}
+global-ipv6 = {{ dumps(dynamic_profile_configuration['global-ipv6']) }}
 https-port = {{ frontend_configuration['slave-introspection-https-port'] }}
 ip-access-certificate = {{ frontend_configuration['ip-access-certificate'] }}
 nginx-mime = {{ software_parameter_dict['nginx_mime'] }}
@@ -424,7 +424,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
 recipe = slapos.cookbook:publish.serialised
 {#-   sort_keys are important in order to avoid shuffling parameters on each run #}
 slave-instance-information-list = {{ json_module.dumps(slave_instance_information_list, sort_keys=True) }}
-monitor-base-url = {{ monitor_base_url }}
+monitor-base-url = {{ dynamic_profile_configuration['monitor-base-url'] }}
 kedifa-csr-url = ${expose-csr:url}/${expose-csr-link-csr-kedifa:filename}
 backend-client-csr-url = ${expose-csr:url}/${expose-csr-link-csr-backend-haproxy:filename}
 csr-certificate = ${expose-csr-certificate-get:certificate}
@@ -436,7 +436,7 @@ csr-certificate = ${expose-csr-certificate-get:certificate}
 {%-   set statistic_url = urllib_module.parse.unquote(furled.tostr()) %}
 backend-haproxy-statistic-url = {{ statistic_url }}
 {#-   sort_keys are important in order to avoid shuffling parameters on each run #}
-node-information-json = {{ json_module.dumps(node_information, sort_keys=True) }}
+node-information-json = {{ json_module.dumps(dynamic_profile_configuration['node-information'], sort_keys=True) }}
 
 [kedifa-updater]
 recipe = slapos.cookbook:wrapper
@@ -489,7 +489,7 @@ order = {{ dumps(slave_instance_hostname_frontend_order) }}
 
 [frontend-haproxy-crt-list]
 <= jinja2-template-base
-template = {{ template_frontend_haproxy_crt_list }}
+template = {{ dynamic_profile_configuration['template-frontend-haproxy-crt-list'] }}
 rendered = ${frontend-haproxy-config:crt-list}
 extra-context =
   key frontend_slave_dict frontend-haproxy-slave-list:dict
@@ -498,7 +498,7 @@ extra-context =
 
 [frontend-haproxy-configuration]
 < = jinja2-template-base
-template = {{ template_frontend_haproxy_configuration }}
+template = {{ dynamic_profile_configuration['template-frontend-haproxy-configuration'] }}
 rendered = ${frontend-haproxy-config:file}
 extra-context =
   key frontend_slave_dict frontend-haproxy-slave-list:dict
@@ -512,7 +512,7 @@ extra-context =
 {%- endfor %}
 local-ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
 global-ipv6 = ${slap-configuration:ipv6-random}
-request-timeout = {{ configuration.get('request-timeout', FRONTEND_DEFAULTS['request-timeout']) }}
+request-timeout = {{ dynamic_profile_user_configuration['global']['request-timeout'] }}
 autocert-directory = {{ frontend_directory['autocert'] }}
 
 ##</Frontend haproxy>
@@ -520,7 +520,7 @@ autocert-directory = {{ frontend_directory['autocert'] }}
 ##<Backend haproxy>
 [backend-haproxy-configuration]
 < = jinja2-template-base
-url = {{ template_backend_haproxy_configuration }}
+url = {{ dynamic_profile_configuration['template-backend-haproxy-configuration'] }}
 output = ${backend-haproxy-config:file}
 backend_slave_dict = {{ dumps(backend_slave_dict) }}
 {%- set slave_instance_hostname_backend_order = [] %}
@@ -549,9 +549,9 @@ extra-context =
 {%- endfor %}
 local-ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }}
 global-ipv6 = ${slap-configuration:ipv6-random}
-request-timeout = {{ configuration.get('request-timeout', FRONTEND_DEFAULTS['request-timeout']) }}
-backend-connect-timeout = {{ configuration['backend-connect-timeout'] }}
-backend-connect-retries =  {{ configuration['backend-connect-retries'] }}
+request-timeout = {{ dynamic_profile_user_configuration['global']['request-timeout'] }}
+backend-connect-timeout = {{ dynamic_profile_user_configuration['global']['backend-connect-timeout'] }}
+backend-connect-retries =  {{ dynamic_profile_user_configuration['global']['backend-connect-retries'] }}
 
 [template-expose-csr-link-csr]
 recipe = plone.recipe.command
@@ -604,7 +604,7 @@ update-command = ${:command}
 command =
   if ! [ -f ${:key} ] && ! [ -f ${:certificate} ] ; then
     openssl req -new -newkey rsa:2048 -sha256 -subj \
-      "/O={{ expose_csr_organization }}/OU={{ expose_csr_organizational_unit }}/CN=${slap-configuration:ipv6-random}" \
+      "/O={{ dynamic_profile_configuration['expose-csr-organization'] }}/OU={{ dynamic_profile_configuration['expose-csr-organizational-unit'] }}/CN=${slap-configuration:ipv6-random}" \
       -days 5 -nodes -x509 -keyout ${:key} -out ${:certificate}
   fi
 
@@ -622,7 +622,7 @@ nginx_mime = {{ software_parameter_dict['nginx_mime'] }}
 [expose-csr-template]
 recipe = slapos.recipe.template:jinja2
 output = {{ directory['expose-csr-etc'] }}/nginx.conf
-url = {{ template_expose_csr_nginx_conf }}
+url = {{ dynamic_profile_configuration['template-expose-csr-nginx-conf'] }}
 context =
   section configuration expose-csr-configuration
 
@@ -654,7 +654,7 @@ init =
 
 [key-download-url-ready]
 recipe = slapos.recipe.build
-output = {{ url_ready_file }}
+output = {{ dynamic_profile_configuration['url-ready-file'] }}
 master-key-download-url = {{ dynamic_profile_configuration['master-key-download-url'] }}
 slave-kedifa-information = {{ dumps(slave_kedifa_information) }}
 init =