XXX: Drop configuration parameter from instance slave list

95b08d34 · Łukasz Nowak · 321d48b1 · 95b08d34 · 95b08d34 · 95b08d34
Commit 95b08d34 authored Jan 16, 2024 by Łukasz Nowak
3 changed files
--- a/software/rapid-cdn/buildout.hash.cfg
+++ b/software/rapid-cdn/buildout.hash.cfg
@@ -22,7 +22,7 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68

 [profile-frontend]
 filename = instance-frontend.cfg.in
-md5sum = a051d9f32c1ea2bf5b67f4012f772124
+md5sum = 00b7120eb652e6e4d04046591b156e31

 [profile-master]
 filename = instance-master.cfg.in
@@ -30,7 +30,7 @@ md5sum = 291f73c3782040d02fd56a46f61c201b

 [profile-slave-list]
 filename = instance-slave-list.cfg.in
-md5sum = e0e462bd94d2b468c88ff69c2156d0f5
+md5sum = 348d6bd55ff9d94b634089a6c074695d

 [profile-master-publish-slave-information]
 filename = instance-master-publish-slave-information.cfg.in

--- a/software/rapid-cdn/instance-frontend.cfg.in
+++ b/software/rapid-cdn/instance-frontend.cfg.in
 {% import "caucase" as caucase with context %}
 {%- do instance_parameter_dict['configuration'].setdefault('user', {}) %}
-{%- do instance_parameter_dict['configuration']['user'].setdefault('expert', {}) %}
-{%- do instance_parameter_dict['configuration']['user'].setdefault('global', {}) %}
-{%- do instance_parameter_dict['configuration']['user']['global'].setdefault('expert', {}) %}
-{%- set HTTP3_PORT = instance_parameter_dict['configuration']['user']['global']['expert'].get('advertised-http3-port', FRONTEND_GLOBAL_DEFAULTS['expert']['advertised-http3-port']) %}
-{%- set FRONTEND_HTTP3 = instance_parameter_dict['configuration']['user']['global'].get('enable-http3', FRONTEND_GLOBAL_DEFAULTS['enable-http3']) %}
+{%- do instance_parameter_dict['configuration']['user'].update(FRONTEND_USER_DEFAULTS) %}
+{%- do instance_parameter_dict['configuration']['user']['global'].update(FRONTEND_GLOBAL_DEFAULTS) %}
+{%- set HTTP3_PORT = instance_parameter_dict['configuration']['user']['global']['expert']['advertised-http3-port'] %}
+{%- set FRONTEND_HTTP3 = instance_parameter_dict['configuration']['user']['global']['enable-http3'] %}
 {%- if FRONTEND_HTTP3 %}
 {%-   set FRONTEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_quic_executable'] %}
 {%- else %}
@@ -191,7 +190,7 @@ single-custom-personal = dynamic-custom-personal-profile-slave-list:output
 [frontend-configuration]
 ip-access-certificate = ${self-signed-ip-access:certificate}
 slave-introspection-configuration = ${directory:etc}/slave-introspection-httpd-nginx.conf
-slave-introspection-https-port = {{ instance_parameter_dict['configuration']['user']['global']['expert'].get('slave-introspection-https-port', FRONTEND_GLOBAL_DEFAULTS['expert']['slave-introspection-https-port']) }}
+slave-introspection-https-port = {{ instance_parameter_dict['configuration']['user']['global']['expert']['slave-introspection-https-port'] }}
 slave-introspection-secure_access = ${slave-introspection-frontend:connection-secure_access}

 [self-signed-ip-access]
@@ -382,6 +381,12 @@ template-frontend-haproxy-configuration = ${software-release-path:template-front
 template-frontend-haproxy-crt-list = ${software-release-path:template-frontend-haproxy-crt-list}
 ## backend haproxy
 template-backend-haproxy-configuration = ${software-release-path:template-backend-haproxy-configuration}
+{%- for key, value in instance_parameter_dict['configuration']['user'].items() %}
+user-{{ key }} = {{ dumps(value) }}
+{%- endfor %}
+{%- for key, value in instance_parameter_dict['configuration']['user']['global'].items() %}
+global-{{ key }} = {{ dumps(value) }}
+{%- endfor %}

 [dynamic-custom-personal-profile-slave-list]
 < = jinja2-template-base
@@ -399,7 +404,6 @@ extra-context =
 ## Configuration passed by section
    section dynamic_profile_configuration dynamic-custom-personal-profile-slave-list-config
    section frontend_directory frontend-directory
-    section configuration configuration
    section frontend_haproxy_configuration frontend-haproxy-configuration
    section backend_haproxy_configuration backend-haproxy-configuration
    section instance_parameter_dict instance-parameter-section
@@ -450,7 +454,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
 <= logrotate-entry-base
 name = frontend-haproxy
 log = ${frontend-haproxy-rsyslogd-config:log-file}
-rotate-num = {{ instance_parameter_dict['configuration']['user']['global']['expert'].get('rotate-num', FRONTEND_GLOBAL_DEFAULTS['expert']['rotate-num']) }}
+rotate-num = {{ instance_parameter_dict['configuration']['user']['global']['expert']['rotate-num'] }}
 # Note: Slaves do not define their own reload, as this would be repeated,
 #       because sharedscripts work per entry, and each slave needs its own
 #       olddir
@@ -470,8 +474,8 @@ frontend-graceful-command = ${frontend-haproxy-validate:output} && kill -USR2 $(
 not-found-file = {{ software_parameter_dict['template_not_found_html'] }}
 master-certificate = ${frontend-directory:master-autocert-dir}/master.pem
 self-signed-fallback-certificate = ${self-signed-fallback-access:certificate}
-http-port = {{ instance_parameter_dict['configuration']['user']['global']['expert'].get('frontend-haproxy-http-port', FRONTEND_GLOBAL_DEFAULTS['expert']['frontend-haproxy-http-port']) }}
-https-port = {{ instance_parameter_dict['configuration']['user']['global']['expert'].get('frontend-haproxy-https-port', FRONTEND_GLOBAL_DEFAULTS['expert']['frontend-haproxy-https-port']) }}
+http-port = {{ instance_parameter_dict['configuration']['user']['global']['expert']['frontend-haproxy-http-port'] }}
+https-port = {{ instance_parameter_dict['configuration']['user']['global']['expert']['frontend-haproxy-https-port'] }}
 # Communication with ATS
 cache-port = ${trafficserver-variable:input-port}
 # slave instrspection
@@ -538,10 +542,10 @@ hostname = ${slap-configuration:instance-title}
 plugin-config =
 ip-allow-config = src_ip=0.0.0.0-255.255.255.255 action=ip_allow
 cache-path = ${trafficserver-directory:cache-path}
-disk-cache-size = {{ instance_parameter_dict['configuration']['user']['global'].get('disk-cache-size', FRONTEND_GLOBAL_DEFAULTS['disk-cache-size']) }}
-ram-cache-size = {{ instance_parameter_dict['configuration']['user']['global'].get('ram-cache-size', FRONTEND_GLOBAL_DEFAULTS['ram-cache-size']) }}
+disk-cache-size = {{ instance_parameter_dict['configuration']['user']['global']['disk-cache-size'] }}
+ram-cache-size = {{ instance_parameter_dict['configuration']['user']['global']['ram-cache-size'] }}
 templates-dir = {{ software_parameter_dict['trafficserver'] }}/etc/trafficserver/body_factory
-request-timeout = {{ instance_parameter_dict['configuration']['user']['global'].get('request-timeout', FRONTEND_GLOBAL_DEFAULTS['request-timeout']) }}
+request-timeout = {{ instance_parameter_dict['configuration']['user']['global']['request-timeout'] }}
 version-hash = ${version-hash:value}
 node-id = ${frontend-node-id:value}

@@ -800,8 +804,8 @@ file = ${directory:etc}/backend-haproxy.cfg
 pid-file = ${directory:run}/backend-haproxy.pid
 log-socket = ${backend-haproxy-rsyslogd-config:log-socket}
 graceful-command = ${backend-haproxy-validate:output} && kill -USR2 $(cat ${:pid-file})
-http-port = {{ instance_parameter_dict['configuration']['user']['global']['expert'].get('backend-haproxy-http-port', FRONTEND_GLOBAL_DEFAULTS['expert']['backend-haproxy-http-port']) }}
-https-port = {{ instance_parameter_dict['configuration']['user']['global']['expert'].get('backend-haproxy-https-port', FRONTEND_GLOBAL_DEFAULTS['expert']['backend-haproxy-https-port']) }}
+http-port = {{ instance_parameter_dict['configuration']['user']['global']['expert']['backend-haproxy-http-port'] }}
+https-port = {{ instance_parameter_dict['configuration']['user']['global']['expert']['backend-haproxy-https-port'] }}
 # Caucase related configuration
 caucase-url = {{ instance_parameter_dict['configuration']['backend-client-caucase-url'] }}
 ca-certificate = ${backend-client-login-config:ca-certificate}
@@ -811,7 +815,7 @@ csr = ${backend-client-caucase-updater-csr:csr}
 crl = ${backend-client-login-config:crl}
 # the statistic page
 statistic-certificate = ${self-signed-ip-access:certificate}
-statistic-port = {{  instance_parameter_dict['configuration']['user']['global']['expert'].get('backend-haproxy-statistic-port', FRONTEND_GLOBAL_DEFAULTS['expert']['backend-haproxy-statistic-port']) }}
+statistic-port = {{  instance_parameter_dict['configuration']['user']['global']['expert']['backend-haproxy-statistic-port'] }}
 statistic-username = ${monitor-instance-parameter:username}
 statistic-password = ${monitor-htpasswd:passwd}
 statistic-identification = {{ instance_parameter_dict['instance-title'] + ' @ ' + instance_parameter_dict['configuration']['cluster-identification'] }}
@@ -858,7 +862,7 @@ extra-context =
 <= logrotate-entry-base
 name = backend-haproxy
 log = ${backend-haproxy-rsyslogd-config:log-file}
-rotate-num = {{ instance_parameter_dict['configuration']['user']['global']['expert'].get('rotate-num', FRONTEND_GLOBAL_DEFAULTS['expert']['rotate-num']) }}
+rotate-num = {{ instance_parameter_dict['configuration']['user']['global']['expert']['rotate-num'] }}
 # Note: Slaves do not define their own reload, as this would be repeated,
 #       because sharedscripts work per entry, and each slave needs its own
 #       olddir
@@ -956,7 +960,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
 # Note: Workaround for monitor stack, which uses monitor-httpd-port parameter
 #       directly, and in our case it can come from the network, thus resulting
 #       with need to strip !py!'u'
-monitor-httpd-port = {{ instance_parameter_dict['configuration']['user']['global']['expert'].get('monitor-httpd-port', FRONTEND_GLOBAL_DEFAULTS['expert']['monitor-httpd-port']) }}
+monitor-httpd-port = {{ instance_parameter_dict['configuration']['user']['global']['expert']['monitor-httpd-port'] }}
 password = {{ instance_parameter_dict['configuration']['monitor-password'] }}

 [monitor-conf-parameters]
@@ -992,7 +996,7 @@ context =
 <= monitor-promise-base
 promise = check_url_available
 name = re6st-connectivity.py
-config-url = {{ instance_parameter_dict['configuration']['user']['global'].get('re6st-verification-url', FRONTEND_GLOBAL_DEFAULTS['re6st-verification-url']) }}
+config-url = {{ instance_parameter_dict['configuration']['user']['global']['re6st-verification-url'] }}

 [slave-introspection-frontend]
 <= slap-connection
@@ -1093,7 +1097,7 @@ config-port = ${frontend-configuration:slave-introspection-https-port}
 <= logrotate-entry-base
 name = slave-introspection
 log = ${frontend-haproxy-configuration:slave-introspection-access-log} ${frontend-haproxy-configuration:slave-introspection-error-log}
-rotate-num = {{ instance_parameter_dict['configuration']['user']['global']['expert'].get('rotate-num', FRONTEND_GLOBAL_DEFAULTS['expert']['rotate-num']) }}
+rotate-num = {{ instance_parameter_dict['configuration']['user']['global']['expert']['rotate-num'] }}
 post = kill -USR2 $(cat ${frontend-haproxy-configuration:slave-introspection-pid-file})
 delaycompress =

@@ -1120,21 +1124,6 @@ name = ${:_buildout_section_name_}.py
 config-filename = ${logrotate-setup-validate:state-file}
 config-state = empty

-[configuration]
-{% for key, value in instance_parameter_dict['configuration'].items() %}
-{{ key }} = {{ dumps(value) }}
-{%- endfor %}
-
-[FRONTEND_USER_DEFAULTS]
-{% for key, value in FRONTEND_USER_DEFAULTS.items() %}
-{{ key }} = {{ dumps(value) }}
-{%- endfor %}
-
-[FRONTEND_GLOBAL_DEFAULTS]
-{% for key, value in FRONTEND_GLOBAL_DEFAULTS.items() %}
-{{ key }} = {{ dumps(value) }}
-{%- endfor %}
-
 [instance-parameter-section]
 {#- There are dangerous keys like recipe, etc #}
 {#- XXX: Some other approach would be useful #}

--- a/software/rapid-cdn/instance-slave-list.cfg.in
+++ b/software/rapid-cdn/instance-slave-list.cfg.in
@@ -86,7 +86,7 @@ context =
 {%-   do slave_instance.__setitem__('path', slave_instance.get('path', SLAVE_DEFAULTS['path']).strip('/')) %}
 {#-   Manage ciphers #}
 {%-   set slave_cipher_list = [] %}
-{%-   for cipher in slave_instance.get('ciphers', configuration['ciphers']).strip().split() %}
+{%-   for cipher in slave_instance.get('ciphers', dynamic_profile_configuration['global-ciphers']).strip().split() %}
 {%-     do slave_cipher_list.append(CIPHER_TRANSLATION_DICT.get(cipher, cipher)) %}
 {%-   endfor %}
 {%-   do slave_instance.__setitem__('ciphers', ':'.join(slave_cipher_list)) %}