Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Łukasz Nowak
slapos
Commits
bb9e97ef
Commit
bb9e97ef
authored
Jan 18, 2024
by
Łukasz Nowak
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
XXX simplify!!
parent
e1b76139
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
80 additions
and
66 deletions
+80
-66
software/rapid-cdn/buildout.hash.cfg
software/rapid-cdn/buildout.hash.cfg
+4
-4
software/rapid-cdn/instance-frontend.cfg.in
software/rapid-cdn/instance-frontend.cfg.in
+36
-36
software/rapid-cdn/instance-master.cfg.in
software/rapid-cdn/instance-master.cfg.in
+27
-26
software/rapid-cdn/instance.cfg.in
software/rapid-cdn/instance.cfg.in
+1
-0
software/rapid-cdn/software.py
software/rapid-cdn/software.py
+12
-0
No files found.
software/rapid-cdn/buildout.hash.cfg
View file @
bb9e97ef
...
@@ -14,7 +14,7 @@
...
@@ -14,7 +14,7 @@
# not need these here).
# not need these here).
[template]
[template]
filename = instance.cfg.in
filename = instance.cfg.in
md5sum =
ea2edd5496ccc65a729a00a8f792ab28
md5sum =
7ebf557dd088d26b21c95c6749c94642
[profile-common]
[profile-common]
filename = instance-common.cfg.in
filename = instance-common.cfg.in
...
@@ -22,11 +22,11 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
...
@@ -22,11 +22,11 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-frontend]
[profile-frontend]
filename = instance-frontend.cfg.in
filename = instance-frontend.cfg.in
md5sum =
2dc6f1e1ad7ab7be4c8cd262e095ece5
md5sum =
a0b28604769b1fe3fd745ef9683984e7
[profile-master]
[profile-master]
filename = instance-master.cfg.in
filename = instance-master.cfg.in
md5sum =
2532366077a0b084234aeb6303e9a307
md5sum =
c8103be1781b3289e52c863921e9436a
[profile-slave-list]
[profile-slave-list]
filename = instance-slave-list.cfg.in
filename = instance-slave-list.cfg.in
...
@@ -98,7 +98,7 @@ md5sum = 04bc664aa0159acaafec49a6bc36e84b
...
@@ -98,7 +98,7 @@ md5sum = 04bc664aa0159acaafec49a6bc36e84b
[software-py]
[software-py]
filename = software.py
filename = software.py
md5sum =
e82ccdb0b26552a1c88ff523d8fae24a
md5sum =
487233af12c5b41d636a44a21a9daa64
[profile-kedifa]
[profile-kedifa]
filename = instance-kedifa.cfg.in
filename = instance-kedifa.cfg.in
...
...
software/rapid-cdn/instance-frontend.cfg.in
View file @
bb9e97ef
{% import "caucase" as caucase with context %}
{% import "caucase" as caucase with context %}
{%-
do instance_parameter_dict['configuration'].setdefault('user', {})
%}
{%-
set configuration = instance_parameter_dict['configuration']
%}
{%- do
instance_parameter_dict['configuration']['user'].update(
FRONTEND_USER_DEFAULTS) %}
{%- do
software_module.merge_dict(configuration['user'],
FRONTEND_USER_DEFAULTS) %}
{%- set HTTP3_PORT =
instance_parameter_dict['configuration']
['user']['global']['expert']['advertised-http3-port'] %}
{%- set HTTP3_PORT =
configuration
['user']['global']['expert']['advertised-http3-port'] %}
{%- set FRONTEND_HTTP3 =
instance_parameter_dict['configuration']
['user']['global']['enable-http3'] %}
{%- set FRONTEND_HTTP3 =
configuration
['user']['global']['enable-http3'] %}
{%- if FRONTEND_HTTP3 %}
{%- if FRONTEND_HTTP3 %}
{%- set FRONTEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_quic_executable'] %}
{%- set FRONTEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_quic_executable'] %}
{%- else %}
{%- else %}
...
@@ -189,7 +189,7 @@ single-custom-personal = dynamic-custom-personal-profile-slave-list:output
...
@@ -189,7 +189,7 @@ single-custom-personal = dynamic-custom-personal-profile-slave-list:output
[frontend-configuration]
[frontend-configuration]
ip-access-certificate = ${self-signed-ip-access:certificate}
ip-access-certificate = ${self-signed-ip-access:certificate}
slave-introspection-configuration = ${directory:etc}/slave-introspection-httpd-nginx.conf
slave-introspection-configuration = ${directory:etc}/slave-introspection-httpd-nginx.conf
slave-introspection-https-port = {{
instance_parameter_dict['configuration']
['user']['global']['expert']['slave-introspection-https-port'] }}
slave-introspection-https-port = {{
configuration
['user']['global']['expert']['slave-introspection-https-port'] }}
slave-introspection-secure_access = ${slave-introspection-frontend:connection-secure_access}
slave-introspection-secure_access = ${slave-introspection-frontend:connection-secure_access}
[self-signed-ip-access]
[self-signed-ip-access]
...
@@ -271,10 +271,10 @@ crl = ${:d}/kedifa-login-crl.pem
...
@@ -271,10 +271,10 @@ crl = ${:d}/kedifa-login-crl.pem
[kedifa-login-csr]
[kedifa-login-csr]
recipe = plone.recipe.command
recipe = plone.recipe.command
organization = {{
instance_parameter_dict['configuration']
['cluster-identification'] }}
organization = {{
configuration
['cluster-identification'] }}
organizational_unit = {{ instance_parameter_dict['instance-title'] }}
organizational_unit = {{ instance_parameter_dict['instance-title'] }}
command =
command =
{% if
instance_parameter_dict['configuration']
['kedifa-caucase-url'] %}
{% if
configuration
['kedifa-caucase-url'] %}
if [ ! -f ${:template-csr} ] && [ ! -f ${:key} ] ; then
if [ ! -f ${:template-csr} ] && [ ! -f ${:key} ] ; then
{{ software_parameter_dict['openssl'] }} req -new -sha256 \
{{ software_parameter_dict['openssl'] }} req -new -sha256 \
-newkey rsa:2048 -nodes -keyout ${:key} \
-newkey rsa:2048 -nodes -keyout ${:key} \
...
@@ -293,7 +293,7 @@ stop-on-error = True
...
@@ -293,7 +293,7 @@ stop-on-error = True
prefix='caucase-updater',
prefix='caucase-updater',
buildout_bin_directory=software_parameter_dict['bin_directory'],
buildout_bin_directory=software_parameter_dict['bin_directory'],
updater_path='${directory:service}/kedifa-login-certificate-caucase-updater',
updater_path='${directory:service}/kedifa-login-certificate-caucase-updater',
url=
instance_parameter_dict['configuration']
['kedifa-caucase-url'],
url=
configuration
['kedifa-caucase-url'],
data_dir='${directory:srv}/caucase-updater',
data_dir='${directory:srv}/caucase-updater',
crt_path='${kedifa-login-config:certificate}',
crt_path='${kedifa-login-config:certificate}',
ca_path='${kedifa-login-config:ca-certificate}',
ca_path='${kedifa-login-config:ca-certificate}',
...
@@ -303,7 +303,7 @@ stop-on-error = True
...
@@ -303,7 +303,7 @@ stop-on-error = True
)}}
)}}
[kedifa-configuration]
[kedifa-configuration]
caucase-url = {{
instance_parameter_dict['configuration']
['kedifa-caucase-url'] }}
caucase-url = {{
configuration
['kedifa-caucase-url'] }}
ca-certificate = ${kedifa-login-config:ca-certificate}
ca-certificate = ${kedifa-login-config:ca-certificate}
certificate = ${kedifa-login-config:certificate}
certificate = ${kedifa-login-config:certificate}
cas-ca-certificate = ${kedifa-login-config:cas-ca-certificate}
cas-ca-certificate = ${kedifa-login-config:cas-ca-certificate}
...
@@ -311,7 +311,7 @@ csr = ${caucase-updater-csr:csr}
...
@@ -311,7 +311,7 @@ csr = ${caucase-updater-csr:csr}
crl = ${kedifa-login-config:crl}
crl = ${kedifa-login-config:crl}
kedifa-updater-mapping-file = ${directory:etc}/kedifa_updater_mapping.txt
kedifa-updater-mapping-file = ${directory:etc}/kedifa_updater_mapping.txt
kedifa-updater-state-file = ${directory:srv}/kedifa_updater_state.json
kedifa-updater-state-file = ${directory:srv}/kedifa_updater_state.json
slave_kedifa_information = {{ dumps(
instance_parameter_dict['configuration']
['slave-kedifa-information']) }}
slave_kedifa_information = {{ dumps(
configuration
['slave-kedifa-information']) }}
[backend-client-login-config]
[backend-client-login-config]
d = ${directory:backend-client-dir}
d = ${directory:backend-client-dir}
...
@@ -324,10 +324,10 @@ crl = ${:d}/crl.pem
...
@@ -324,10 +324,10 @@ crl = ${:d}/crl.pem
[backend-client-login-csr]
[backend-client-login-csr]
recipe = plone.recipe.command
recipe = plone.recipe.command
organization = {{
instance_parameter_dict['configuration']
['cluster-identification'] }}
organization = {{
configuration
['cluster-identification'] }}
organizational_unit = {{ instance_parameter_dict['instance-title'] }}
organizational_unit = {{ instance_parameter_dict['instance-title'] }}
command =
command =
{% if
instance_parameter_dict['configuration']
['backend-client-caucase-url'] %}
{% if
configuration
['backend-client-caucase-url'] %}
if [ ! -f ${:template-csr} ] && [ ! -f ${:key} ] ; then
if [ ! -f ${:template-csr} ] && [ ! -f ${:key} ] ; then
{{ software_parameter_dict['openssl'] }} req -new -sha256 \
{{ software_parameter_dict['openssl'] }} req -new -sha256 \
-newkey rsa:2048 -nodes -keyout ${:key} \
-newkey rsa:2048 -nodes -keyout ${:key} \
...
@@ -346,7 +346,7 @@ stop-on-error = True
...
@@ -346,7 +346,7 @@ stop-on-error = True
prefix='backend-client-caucase-updater',
prefix='backend-client-caucase-updater',
buildout_bin_directory=software_parameter_dict['bin_directory'],
buildout_bin_directory=software_parameter_dict['bin_directory'],
updater_path='${directory:service}/backend-client-login-certificate-caucase-updater',
updater_path='${directory:service}/backend-client-login-certificate-caucase-updater',
url=
instance_parameter_dict['configuration']
['backend-client-caucase-url'],
url=
configuration
['backend-client-caucase-url'],
data_dir='${directory:srv}/backend-client-caucase-updater',
data_dir='${directory:srv}/backend-client-caucase-updater',
crt_path='${backend-client-login-config:certificate}',
crt_path='${backend-client-login-config:certificate}',
ca_path='${backend-client-login-config:ca-certificate}',
ca_path='${backend-client-login-config:ca-certificate}',
...
@@ -356,9 +356,9 @@ stop-on-error = True
...
@@ -356,9 +356,9 @@ stop-on-error = True
)}}
)}}
[dynamic-custom-personal-profile-slave-list-config]
[dynamic-custom-personal-profile-slave-list-config]
backend-client-caucase-url = {{
instance_parameter_dict['configuration']
['backend-client-caucase-url'] }}
backend-client-caucase-url = {{
configuration
['backend-client-caucase-url'] }}
master-key-download-url = {{ dumps(
instance_parameter_dict['configuration']
['master-key-download-url']) }}
master-key-download-url = {{ dumps(
configuration
['master-key-download-url']) }}
expose-csr-organization = {{
instance_parameter_dict['configuration']
['cluster-identification'] }}
expose-csr-organization = {{
configuration
['cluster-identification'] }}
expose-csr-organizational-unit = {{ instance_parameter_dict['instance-title'] }}
expose-csr-organizational-unit = {{ instance_parameter_dict['instance-title'] }}
url-ready-file = ${directory:var}/url-ready.txt
url-ready-file = ${directory:var}/url-ready.txt
global-ipv6 = ${slap-configuration:ipv6-random}
global-ipv6 = ${slap-configuration:ipv6-random}
...
@@ -374,11 +374,11 @@ template-frontend-haproxy-configuration = ${software-release-path:template-front
...
@@ -374,11 +374,11 @@ template-frontend-haproxy-configuration = ${software-release-path:template-front
template-frontend-haproxy-crt-list = ${software-release-path:template-frontend-haproxy-crt-list}
template-frontend-haproxy-crt-list = ${software-release-path:template-frontend-haproxy-crt-list}
## backend haproxy
## backend haproxy
template-backend-haproxy-configuration = ${software-release-path:template-backend-haproxy-configuration}
template-backend-haproxy-configuration = ${software-release-path:template-backend-haproxy-configuration}
extra-slave-instance-list = {{ dumps(
instance_parameter_dict['configuration']
['extra_slave_instance_list']) }}
extra-slave-instance-list = {{ dumps(
configuration
['extra_slave_instance_list']) }}
domain = {{ dumps(
instance_parameter_dict['configuration']
['domain']) }}
domain = {{ dumps(
configuration
['domain']) }}
[dynamic-custom-personal-profile-slave-list-user-config]
[dynamic-custom-personal-profile-slave-list-user-config]
{%- for key, value in
instance_parameter_dict['configuration']
['user'].items() %}
{%- for key, value in
configuration
['user'].items() %}
{{ key }} = {{ dumps(value) }}
{{ key }} = {{ dumps(value) }}
{%- endfor %}
{%- endfor %}
...
@@ -449,7 +449,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
...
@@ -449,7 +449,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
<= logrotate-entry-base
<= logrotate-entry-base
name = frontend-haproxy
name = frontend-haproxy
log = ${frontend-haproxy-rsyslogd-config:log-file}
log = ${frontend-haproxy-rsyslogd-config:log-file}
rotate-num = {{
instance_parameter_dict['configuration']
['user']['global']['expert']['rotate-num'] }}
rotate-num = {{
configuration
['user']['global']['expert']['rotate-num'] }}
# Note: Slaves do not define their own reload, as this would be repeated,
# Note: Slaves do not define their own reload, as this would be repeated,
# because sharedscripts work per entry, and each slave needs its own
# because sharedscripts work per entry, and each slave needs its own
# olddir
# olddir
...
@@ -469,8 +469,8 @@ frontend-graceful-command = ${frontend-haproxy-validate:output} && kill -USR2 $(
...
@@ -469,8 +469,8 @@ frontend-graceful-command = ${frontend-haproxy-validate:output} && kill -USR2 $(
not-found-file = {{ software_parameter_dict['template_not_found_html'] }}
not-found-file = {{ software_parameter_dict['template_not_found_html'] }}
master-certificate = ${frontend-directory:master-autocert-dir}/master.pem
master-certificate = ${frontend-directory:master-autocert-dir}/master.pem
self-signed-fallback-certificate = ${self-signed-fallback-access:certificate}
self-signed-fallback-certificate = ${self-signed-fallback-access:certificate}
http-port = {{
instance_parameter_dict['configuration']
['user']['global']['expert']['frontend-haproxy-http-port'] }}
http-port = {{
configuration
['user']['global']['expert']['frontend-haproxy-http-port'] }}
https-port = {{
instance_parameter_dict['configuration']
['user']['global']['expert']['frontend-haproxy-https-port'] }}
https-port = {{
configuration
['user']['global']['expert']['frontend-haproxy-https-port'] }}
# Communication with ATS
# Communication with ATS
cache-port = ${trafficserver-variable:input-port}
cache-port = ${trafficserver-variable:input-port}
# slave instrspection
# slave instrspection
...
@@ -501,7 +501,7 @@ inline =
...
@@ -501,7 +501,7 @@ inline =
{% raw %}
{% raw %}
{{ certificate or fallback_certificate }}
{{ certificate or fallback_certificate }}
{% endraw %}
{% endraw %}
certificate-chain = {{
instance_parameter_dict['configuration']
.get('certificate-chain', '') }}
certificate-chain = {{
configuration
.get('certificate-chain', '') }}
context =
context =
key certificate :certificate-chain
key certificate :certificate-chain
key fallback_certificate get-self-signed-fallback-access:certificate
key fallback_certificate get-self-signed-fallback-access:certificate
...
@@ -537,10 +537,10 @@ hostname = ${slap-configuration:instance-title}
...
@@ -537,10 +537,10 @@ hostname = ${slap-configuration:instance-title}
plugin-config =
plugin-config =
ip-allow-config = src_ip=0.0.0.0-255.255.255.255 action=ip_allow
ip-allow-config = src_ip=0.0.0.0-255.255.255.255 action=ip_allow
cache-path = ${trafficserver-directory:cache-path}
cache-path = ${trafficserver-directory:cache-path}
disk-cache-size = {{
instance_parameter_dict['configuration']
['user']['global']['disk-cache-size'] }}
disk-cache-size = {{
configuration
['user']['global']['disk-cache-size'] }}
ram-cache-size = {{
instance_parameter_dict['configuration']
['user']['global']['ram-cache-size'] }}
ram-cache-size = {{
configuration
['user']['global']['ram-cache-size'] }}
templates-dir = {{ software_parameter_dict['trafficserver'] }}/etc/trafficserver/body_factory
templates-dir = {{ software_parameter_dict['trafficserver'] }}/etc/trafficserver/body_factory
request-timeout = {{
instance_parameter_dict['configuration']
['user']['global']['request-timeout'] }}
request-timeout = {{
configuration
['user']['global']['request-timeout'] }}
version-hash = ${version-hash:value}
version-hash = ${version-hash:value}
node-id = ${frontend-node-id:value}
node-id = ${frontend-node-id:value}
...
@@ -799,10 +799,10 @@ file = ${directory:etc}/backend-haproxy.cfg
...
@@ -799,10 +799,10 @@ file = ${directory:etc}/backend-haproxy.cfg
pid-file = ${directory:run}/backend-haproxy.pid
pid-file = ${directory:run}/backend-haproxy.pid
log-socket = ${backend-haproxy-rsyslogd-config:log-socket}
log-socket = ${backend-haproxy-rsyslogd-config:log-socket}
graceful-command = ${backend-haproxy-validate:output} && kill -USR2 $(cat ${:pid-file})
graceful-command = ${backend-haproxy-validate:output} && kill -USR2 $(cat ${:pid-file})
http-port = {{
instance_parameter_dict['configuration']
['user']['global']['expert']['backend-haproxy-http-port'] }}
http-port = {{
configuration
['user']['global']['expert']['backend-haproxy-http-port'] }}
https-port = {{
instance_parameter_dict['configuration']
['user']['global']['expert']['backend-haproxy-https-port'] }}
https-port = {{
configuration
['user']['global']['expert']['backend-haproxy-https-port'] }}
# Caucase related configuration
# Caucase related configuration
caucase-url = {{
instance_parameter_dict['configuration']
['backend-client-caucase-url'] }}
caucase-url = {{
configuration
['backend-client-caucase-url'] }}
ca-certificate = ${backend-client-login-config:ca-certificate}
ca-certificate = ${backend-client-login-config:ca-certificate}
certificate = ${backend-client-login-config:certificate}
certificate = ${backend-client-login-config:certificate}
cas-ca-certificate = ${backend-client-login-config:cas-ca-certificate}
cas-ca-certificate = ${backend-client-login-config:cas-ca-certificate}
...
@@ -810,10 +810,10 @@ csr = ${backend-client-caucase-updater-csr:csr}
...
@@ -810,10 +810,10 @@ csr = ${backend-client-caucase-updater-csr:csr}
crl = ${backend-client-login-config:crl}
crl = ${backend-client-login-config:crl}
# the statistic page
# the statistic page
statistic-certificate = ${self-signed-ip-access:certificate}
statistic-certificate = ${self-signed-ip-access:certificate}
statistic-port = {{
instance_parameter_dict['configuration']
['user']['global']['expert']['backend-haproxy-statistic-port'] }}
statistic-port = {{
configuration
['user']['global']['expert']['backend-haproxy-statistic-port'] }}
statistic-username = ${monitor-instance-parameter:username}
statistic-username = ${monitor-instance-parameter:username}
statistic-password = ${monitor-htpasswd:passwd}
statistic-password = ${monitor-htpasswd:passwd}
statistic-identification = {{ instance_parameter_dict['instance-title'] + ' @ ' +
instance_parameter_dict['configuration']
['cluster-identification'] }}
statistic-identification = {{ instance_parameter_dict['instance-title'] + ' @ ' +
configuration
['cluster-identification'] }}
statistic-frontend-secure_access = ${backend-haproxy-statistic-frontend:connection-secure_access}
statistic-frontend-secure_access = ${backend-haproxy-statistic-frontend:connection-secure_access}
version-hash = ${version-hash:value}
version-hash = ${version-hash:value}
node-id = ${frontend-node-id:value}
node-id = ${frontend-node-id:value}
...
@@ -857,7 +857,7 @@ extra-context =
...
@@ -857,7 +857,7 @@ extra-context =
<= logrotate-entry-base
<= logrotate-entry-base
name = backend-haproxy
name = backend-haproxy
log = ${backend-haproxy-rsyslogd-config:log-file}
log = ${backend-haproxy-rsyslogd-config:log-file}
rotate-num = {{
instance_parameter_dict['configuration']
['user']['global']['expert']['rotate-num'] }}
rotate-num = {{
configuration
['user']['global']['expert']['rotate-num'] }}
# Note: Slaves do not define their own reload, as this would be repeated,
# Note: Slaves do not define their own reload, as this would be repeated,
# because sharedscripts work per entry, and each slave needs its own
# because sharedscripts work per entry, and each slave needs its own
# olddir
# olddir
...
@@ -955,8 +955,8 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
...
@@ -955,8 +955,8 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
# Note: Workaround for monitor stack, which uses monitor-httpd-port parameter
# Note: Workaround for monitor stack, which uses monitor-httpd-port parameter
# directly, and in our case it can come from the network, thus resulting
# directly, and in our case it can come from the network, thus resulting
# with need to strip !py!'u'
# with need to strip !py!'u'
monitor-httpd-port = {{
instance_parameter_dict['configuration']
['user']['global']['expert']['monitor-httpd-port'] }}
monitor-httpd-port = {{
configuration
['user']['global']['expert']['monitor-httpd-port'] }}
password = {{
instance_parameter_dict['configuration']
['monitor-password'] }}
password = {{
configuration
['monitor-password'] }}
[monitor-conf-parameters]
[monitor-conf-parameters]
private-path-list +=
private-path-list +=
...
@@ -991,7 +991,7 @@ context =
...
@@ -991,7 +991,7 @@ context =
<= monitor-promise-base
<= monitor-promise-base
promise = check_url_available
promise = check_url_available
name = re6st-connectivity.py
name = re6st-connectivity.py
config-url = {{
instance_parameter_dict['configuration']
['user']['global']['re6st-verification-url'] }}
config-url = {{
configuration
['user']['global']['re6st-verification-url'] }}
[slave-introspection-frontend]
[slave-introspection-frontend]
<= slap-connection
<= slap-connection
...
@@ -1092,7 +1092,7 @@ config-port = ${frontend-configuration:slave-introspection-https-port}
...
@@ -1092,7 +1092,7 @@ config-port = ${frontend-configuration:slave-introspection-https-port}
<= logrotate-entry-base
<= logrotate-entry-base
name = slave-introspection
name = slave-introspection
log = ${frontend-haproxy-configuration:slave-introspection-access-log} ${frontend-haproxy-configuration:slave-introspection-error-log}
log = ${frontend-haproxy-configuration:slave-introspection-access-log} ${frontend-haproxy-configuration:slave-introspection-error-log}
rotate-num = {{
instance_parameter_dict['configuration']
['user']['global']['expert']['rotate-num'] }}
rotate-num = {{
configuration
['user']['global']['expert']['rotate-num'] }}
post = kill -USR2 $(cat ${frontend-haproxy-configuration:slave-introspection-pid-file})
post = kill -USR2 $(cat ${frontend-haproxy-configuration:slave-introspection-pid-file})
delaycompress =
delaycompress =
...
...
software/rapid-cdn/instance-master.cfg.in
View file @
bb9e97ef
{%- import "caucase" as CAUCASE with context %}
{%- import "caucase" as CAUCASE with context %}
{#- BEGIN: Definition of global variables of the profile #}
{#- BEGIN: Definition of global variables of the profile #}
{%- do instance_parameter_dict['configuration'].setdefault('expert', {}) %}
{%- set configuration = instance_parameter_dict['configuration'].copy() %}
{%- do instance_parameter_dict['configuration'].setdefault('kedifa-node', {}) %}
{%- do software_module.merge_dict(configuration, CLUSTER_DEFAULTS) %}
{%- do instance_parameter_dict['configuration']['kedifa-node'].setdefault('expert', {}) %}
{%- set SLAVE_TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
{%- set SLAVE_TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
{#- List of keys which shall pass buildout before sending in request to parse ${...:...} #}
{#- List of keys which shall pass buildout before sending in request to parse ${...:...} #}
{%- set NEED_BUILDOUT_PASS_REQUEST_KEY_LIST = [
{%- set NEED_BUILDOUT_PASS_REQUEST_KEY_LIST = [
...
@@ -41,10 +40,12 @@
...
@@ -41,10 +40,12 @@
]
]
%}
%}
{%- set FRONTEND_NODE_SLAVE_PASSED_KEY_LIST = FRONTEND_NODE_SLAVE_PASSED_KEY_LIST_SCHEMA + FRONTEND_NODE_SLAVE_PASSED_KEY_LIST_INTERNAL %}
{%- set FRONTEND_NODE_SLAVE_PASSED_KEY_LIST = FRONTEND_NODE_SLAVE_PASSED_KEY_LIST_SCHEMA + FRONTEND_NODE_SLAVE_PASSED_KEY_LIST_INTERNAL %}
{%- set AIKC_ENABLED = instance_parameter_dict['configuration'].get('automatic-internal-kedifa-caucase-csr', CLUSTER_DEFAULTS['automatic-internal-kedifa-caucase-csr']) %}
{%- set AIKC_ENABLED = configuration['automatic-internal-kedifa-caucase-csr'] %}
{%- set AIBCC_ENABLED = instance_parameter_dict['configuration'].get('automatic-internal-backend-client-caucase-csr', CLUSTER_DEFAULTS['automatic-internal-backend-client-caucase-csr']) %}
{%- set AIBCC_ENABLED = configuration['automatic-internal-backend-client-caucase-csr'] %}
# AIKC_ENABLED {{ AIKC_ENABLED }}
# AIBCC_ENABLED {{ AIBCC_ENABLED }}
{#- Ports 8401, 8402 and 8410+1..N are reserved for monitor ports on various partitions #}
{#- Ports 8401, 8402 and 8410+1..N are reserved for monitor ports on various partitions #}
{%- set CAUCASE_NETLOC = '[' ~ instance_parameter_dict['ipv6-random'] ~ ']' ~ ':' ~
instance_parameter_dict['configuration']['expert'].get('caucase-port', CLUSTER_DEFAULTS['expert']['caucase-port'])
%}
{%- set CAUCASE_NETLOC = '[' ~ instance_parameter_dict['ipv6-random'] ~ ']' ~ ':' ~
configuration['expert']['caucase-port']
%}
{%- set CAUCASE_URL = 'http://' ~ CAUCASE_NETLOC %}
{%- set CAUCASE_URL = 'http://' ~ CAUCASE_NETLOC %}
[jinja2-template-base]
[jinja2-template-base]
recipe = slapos.recipe.template:jinja2
recipe = slapos.recipe.template:jinja2
...
@@ -60,11 +61,11 @@ context =
...
@@ -60,11 +61,11 @@ context =
{%- set FRONTEND_LIST = [] %}
{%- set FRONTEND_LIST = [] %}
{%- set FRONTEND_SECTION_LIST = [] %}
{%- set FRONTEND_SECTION_LIST = [] %}
{#- # XXX Dirty hack, not possible to define default value before #}
{#- # XXX Dirty hack, not possible to define default value before #}
{%- if not '-sla-1-computer_guid' in
instance_parameter_dict['configuration']
%}
{%- if not '-sla-1-computer_guid' in
configuration
%}
{%- do
instance_parameter_dict['configuration']
.__setitem__('-sla-1-computer_guid', '${slap-connection:computer-id}') %}
{%- do
configuration
.__setitem__('-sla-1-computer_guid', '${slap-connection:computer-id}') %}
{%- endif %}
{%- endif %}
{%- if not '-sla-kedifa-computer_guid' in
instance_parameter_dict['configuration']
%}
{%- if not '-sla-kedifa-computer_guid' in
configuration
%}
{%- do
instance_parameter_dict['configuration']
.__setitem__('-sla-kedifa-computer_guid', '${slap-connection:computer-id}') %}
{%- do
configuration
.__setitem__('-sla-kedifa-computer_guid', '${slap-connection:computer-id}') %}
{%- endif %}
{%- endif %}
{#- Here we request individually each frontend.
{#- Here we request individually each frontend.
...
@@ -269,7 +270,7 @@ context =
...
@@ -269,7 +270,7 @@ context =
{#- END: Slave processing #}
{#- END: Slave processing #}
[monitor-instance-parameter]
[monitor-instance-parameter]
monitor-httpd-port = {{
instance_parameter_dict['configuration']['expert'].get('monitor-httpd-port', CLUSTER_DEFAULTS['expert']['monitor-httpd-port'])
}}
monitor-httpd-port = {{
configuration['expert']['monitor-httpd-port']
}}
[replicate]
[replicate]
<= slap-connection
<= slap-connection
...
@@ -280,7 +281,7 @@ return = slave-instance-information-list monitor-base-url backend-client-csr-url
...
@@ -280,7 +281,7 @@ return = slave-instance-information-list monitor-base-url backend-client-csr-url
{#- BEGIN: Frontend node request #}
{#- BEGIN: Frontend node request #}
{%- set DEFAULT_FRONTEND = {
{%- set DEFAULT_FRONTEND = {
'domain':
instance_parameter_dict['configuration'].get('domain', CLUSTER_DEFAULTS['domain'])
,
'domain':
configuration['domain']
,
'monitor-username': '${monitor-instance-parameter:username}',
'monitor-username': '${monitor-instance-parameter:username}',
'monitor-password': '${monitor-htpasswd:passwd}',
'monitor-password': '${monitor-htpasswd:passwd}',
'backend-client-caucase-url': CAUCASE_URL,
'backend-client-caucase-url': CAUCASE_URL,
...
@@ -290,7 +291,7 @@ return = slave-instance-information-list monitor-base-url backend-client-csr-url
...
@@ -290,7 +291,7 @@ return = slave-instance-information-list monitor-base-url backend-client-csr-url
'kedifa-caucase-url': '${request-kedifa:connection-caucase-url}',
'kedifa-caucase-url': '${request-kedifa:connection-caucase-url}',
'master-key-download-url': '${request-kedifa:connection-master-key-download-url}',
'master-key-download-url': '${request-kedifa:connection-master-key-download-url}',
} %}
} %}
{%- for frontend_node_name, frontend_node_dict in
instance_parameter_dict['configuration']
.get('frontend-node-dict', {}).items() %}
{%- for frontend_node_name, frontend_node_dict in
configuration
.get('frontend-node-dict', {}).items() %}
{%- set section_name = 'request-' ~ frontend_node_name %}
{%- set section_name = 'request-' ~ frontend_node_name %}
[{{ section_name }}]
[{{ section_name }}]
{%- do PART_LIST.append(section_name) %}
{%- do PART_LIST.append(section_name) %}
...
@@ -323,7 +324,7 @@ return =
...
@@ -323,7 +324,7 @@ return =
[publish-information]
[publish-information]
<= monitor-publish
<= monitor-publish
recipe = slapos.cookbook:publish
recipe = slapos.cookbook:publish
domain = {{
instance_parameter_dict['configuration']
.get('domain') }}
domain = {{
configuration
.get('domain') }}
slave-amount = {{ instance_parameter_dict['slave-instance-list'] | length }}
slave-amount = {{ instance_parameter_dict['slave-instance-list'] | length }}
accepted-slave-amount = {{ AUTHORIZED_SLAVE_LIST | length }}
accepted-slave-amount = {{ AUTHORIZED_SLAVE_LIST | length }}
rejected-slave-amount = {{ REJECTED_SLAVE_DICT | length }}
rejected-slave-amount = {{ REJECTED_SLAVE_DICT | length }}
...
@@ -337,7 +338,7 @@ master-key-generate-auth-url = ${request-kedifa:connection-master-key-generate-a
...
@@ -337,7 +338,7 @@ master-key-generate-auth-url = ${request-kedifa:connection-master-key-generate-a
kedifa-caucase-url = ${request-kedifa:connection-caucase-url}
kedifa-caucase-url = ${request-kedifa:connection-caucase-url}
{%- set warning_list = [] %}
{%- set warning_list = [] %}
{%- for key in ['certificate-chain'] %}
{%- for key in ['certificate-chain'] %}
{%- if key in
instance_parameter_dict['configuration']
%}
{%- if key in
configuration
%}
{%- do warning_list.append('%s is obsolete, please use master-key-upload-url' % (key, )) %}
{%- do warning_list.append('%s is obsolete, please use master-key-upload-url' % (key, )) %}
{%- endif %}
{%- endif %}
{%- endfor %}
{%- endfor %}
...
@@ -399,23 +400,23 @@ custom-group = instance-publish-slave-information:output
...
@@ -399,23 +400,23 @@ custom-group = instance-publish-slave-information:output
[request-kedifa]
[request-kedifa]
<= slap-connection
<= slap-connection
recipe = slapos.cookbook:requestoptional.serialised
recipe = slapos.cookbook:requestoptional.serialised
config-monitor-cors-domains = {{
instance_parameter_dict['configuration'].get('monitor-cors-domains', CLUSTER_DEFAULTS['kedifa-node']['expert']['monitor-cors-domains'])
}}
config-monitor-cors-domains = {{
configuration['kedifa-node']['expert']['monitor-cors-domains']
}}
config-monitor-username = ${monitor-instance-parameter:username}
config-monitor-username = ${monitor-instance-parameter:username}
config-monitor-password = ${monitor-htpasswd:passwd}
config-monitor-password = ${monitor-htpasswd:passwd}
config-monitor-httpd-port = {{ dumps(
instance_parameter_dict['configuration']['kedifa-node']['expert'].get('monitor-httpd-port', CLUSTER_DEFAULTS['kedifa-node']['expert']['monitor-httpd-port'])
) }}
config-monitor-httpd-port = {{ dumps(
configuration['kedifa-node']['expert']['monitor-httpd-port']
) }}
config-caucase_port = {{ dumps(
instance_parameter_dict['configuration']['kedifa-node']['expert'].get('caucase-port', CLUSTER_DEFAULTS['kedifa-node']['expert']['caucase-port'])
) }}
config-caucase_port = {{ dumps(
configuration['kedifa-node']['expert']['caucase-port']
) }}
config-kedifa_port = {{ dumps(
instance_parameter_dict['configuration']['kedifa-node']['expert'].get('kedifa-port', CLUSTER_DEFAULTS['kedifa-node']['expert']['kedifa-port'])
) }}
config-kedifa_port = {{ dumps(
configuration['kedifa-node']['expert']['kedifa-port']
) }}
config-rotate-num = {{ dumps(
instance_parameter_dict['configuration']['kedifa-node']['expert'].get('rotate-num', CLUSTER_DEFAULTS['kedifa-node']['expert']['rotate-num'])
) }}
config-rotate-num = {{ dumps(
configuration['kedifa-node']['expert']['rotate-num']
) }}
{%- for key in ['kedifa_port', 'caucase_port'] -%}
{%- for key in ['kedifa_port', 'caucase_port'] -%}
{%- if key in
instance_parameter_dict['configuration']
%}
{%- if key in
configuration
%}
config-{{ key }} = {{ dumps(
instance_parameter_dict['configuration']
[key]) }}
config-{{ key }} = {{ dumps(
configuration
[key]) }}
{%- endif %}
{%- endif %}
{%- endfor %}
{%- endfor %}
config-slave-list = {{ dumps(AUTHORIZED_SLAVE_LIST) }}
config-slave-list = {{ dumps(AUTHORIZED_SLAVE_LIST) }}
config-cluster-identification = {{ instance_parameter_dict['root-instance-title'] }}
config-cluster-identification = {{ instance_parameter_dict['root-instance-title'] }}
{%- if '-kedifa-software-release-url' in
instance_parameter_dict['configuration']
%}
{%- if '-kedifa-software-release-url' in
configuration
%}
software-url = {{
instance_parameter_dict['configuration']
.pop('-kedifa-software-release-url') }}
software-url = {{
configuration
.pop('-kedifa-software-release-url') }}
{%- else %}
{%- else %}
software-url = ${slap-connection:software-release-url}
software-url = ${slap-connection:software-release-url}
{%- endif %}
{%- endif %}
...
@@ -424,9 +425,9 @@ name = kedifa
...
@@ -424,9 +425,9 @@ name = kedifa
return = slave-kedifa-information master-key-generate-auth-url master-key-upload-url master-key-download-url caucase-url kedifa-csr-url csr-certificate monitor-base-url
return = slave-kedifa-information master-key-generate-auth-url master-key-upload-url master-key-download-url caucase-url kedifa-csr-url csr-certificate monitor-base-url
{%- set sla_kedifa_key = "-sla-kedifa-" %}
{%- set sla_kedifa_key = "-sla-kedifa-" %}
{%- set sla_kedifa_key_length = sla_kedifa_key | length %}
{%- set sla_kedifa_key_length = sla_kedifa_key | length %}
{%- for key in list(
instance_parameter_dict['configuration']
.keys()) %}
{%- for key in list(
configuration
.keys()) %}
{%- if key.startswith(sla_kedifa_key) %}
{%- if key.startswith(sla_kedifa_key) %}
sla-{{ key[sla_kedifa_key_length:] }} = {{
instance_parameter_dict['configuration']
.pop(key) }}
sla-{{ key[sla_kedifa_key_length:] }} = {{
configuration
.pop(key) }}
{%- endif %}
{%- endif %}
{%- endfor %}
{%- endfor %}
...
...
software/rapid-cdn/instance.cfg.in
View file @
bb9e97ef
...
@@ -95,6 +95,7 @@ url = {{ software_parameter_dict['profile_frontend'] }}
...
@@ -95,6 +95,7 @@ url = {{ software_parameter_dict['profile_frontend'] }}
filename = instance-frontend.cfg
filename = instance-frontend.cfg
extra-context =
extra-context =
import furl_module furl
import furl_module furl
import software_module software
raw software_type single-custom-personal
raw software_type single-custom-personal
key SLAVE_DEFAULTS instance-slave-default:defaults
key SLAVE_DEFAULTS instance-slave-default:defaults
key FRONTEND_USER_DEFAULTS instance-frontend-user-default:defaults
key FRONTEND_USER_DEFAULTS instance-frontend-user-default:defaults
...
...
software/rapid-cdn/software.py
View file @
bb9e97ef
...
@@ -6,6 +6,7 @@ import sys
...
@@ -6,6 +6,7 @@ import sys
import
urllib.error
import
urllib.error
import
urllib.parse
import
urllib.parse
import
urllib.request
import
urllib.request
import
collections.abc
from
cryptography
import
x509
from
cryptography
import
x509
from
cryptography.hazmat.primitives
import
serialization
from
cryptography.hazmat.primitives
import
serialization
...
@@ -121,3 +122,14 @@ def caucase_csr_sign_check():
...
@@ -121,3 +122,14 @@ def caucase_csr_sign_check():
sys
.
exit
(
1
)
sys
.
exit
(
1
)
else
:
else
:
print
(
'OK No CSR to sign on %s'
%
(
ca_url
,))
print
(
'OK No CSR to sign on %s'
%
(
ca_url
,))
def
merge_dict
(
d
,
u
):
# inspired https://stackoverflow.com/a/3233356
for
k
,
v
in
u
.
items
():
if
isinstance
(
v
,
collections
.
abc
.
Mapping
):
d
[
k
]
=
merge_dict
(
d
.
get
(
k
,
{}),
v
)
else
:
if
k
not
in
d
:
d
[
k
]
=
v
return
d
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment