Commit e9d211e0 authored by Łukasz Nowak's avatar Łukasz Nowak

XXX: Make more global specialised frontend input schema

parent b2a06b66
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
# not need these here). # not need these here).
[template] [template]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = ea7349c63a1117e145f50c50586f79be md5sum = cc5235722643381092f54e610947caed
[profile-common] [profile-common]
filename = instance-common.cfg.in filename = instance-common.cfg.in
...@@ -22,15 +22,15 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68 ...@@ -22,15 +22,15 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-frontend] [profile-frontend]
filename = instance-frontend.cfg.in filename = instance-frontend.cfg.in
md5sum = 4f2f4e8cdf7a066729c9f368c03efe89 md5sum = 42899067d1aeed2a8a7ff63ba57a4ce5
[profile-master] [profile-master]
filename = instance-master.cfg.in filename = instance-master.cfg.in
md5sum = 86fcd72199d9e3311a3db83ba93f5dac md5sum = 291f73c3782040d02fd56a46f61c201b
[profile-slave-list] [profile-slave-list]
filename = instance-slave-list.cfg.in filename = instance-slave-list.cfg.in
md5sum = d19d7cd3b73bb7de12eea8d50a6f69c8 md5sum = 8c5291a3f88c6fa2534c2e146cead39b
[profile-master-publish-slave-information] [profile-master-publish-slave-information]
filename = instance-master-publish-slave-information.cfg.in filename = instance-master-publish-slave-information.cfg.in
...@@ -126,16 +126,20 @@ md5sum = f7262223975640d7200bdf9e99dd79e4 ...@@ -126,16 +126,20 @@ md5sum = f7262223975640d7200bdf9e99dd79e4
[instance-input-schema] [instance-input-schema]
filename = instance-input-schema.json filename = instance-input-schema.json
md5sum = 65ea4031d0fd2a43ce7820b0120ae8ce md5sum = f6f2d12f17ce384c157152d906376fef
[instance-frontend-input-schema] [instance-frontend-input-schema]
filename = instance-frontend-input-schema.json filename = instance-frontend-input-schema.json
md5sum = 7ea0adf6f9802e103f7ce9f553be293c md5sum = ff4cc869771cd10f625fa5bf384bb5e3
[instance-frontend-user-input-schema] [instance-frontend-user-input-schema]
filename = instance-frontend-user-input-schema.json filename = instance-frontend-user-input-schema.json
md5sum = 5a769d54caa1caf6873c610ceb1e094e md5sum = d897536234eab5c17550e2d6e7ae4e71
[instance-frontend-global-input-schema]
filename = instance-frontend-global-input-schema.json
md5sum = 7392c5fe6eecc490f9c5e777d446cc04
[instance-input-schema] [instance-input-schema]
filename = instance-input-schema.json filename = instance-input-schema.json
md5sum = 65ea4031d0fd2a43ce7820b0120ae8ce md5sum = f6f2d12f17ce384c157152d906376fef
{
"$schema": "http://json-schema.org/draft-04/schema",
"properties": {
"enable-http2": {
"title": "Enable HTTP2",
"default": true,
"description": "Enables HTTP2 on the node.",
"type": "boolean"
},
"enable-http3": {
"title": "Enable HTTP3",
"default": false,
"description": "Enables HTTP3 on the node.",
"type": "boolean"
},
"ciphers": {
"title": "Ordered whitespace separated list of ciphers",
"type": "string",
"textarea": true,
"default": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA"
},
"ram-cache-size": {
"default": "1G",
"title": "Size of RAM cache on each node (bytes)",
"description": "The value can be provided with suffix 'K', 'M', 'G'",
"type": "string"
},
"disk-cache-size": {
"default": "8G",
"title": "Size of disk cache on each node (bytes)",
"description": "The value can be provided with suffix 'K', 'M', 'G'",
"type": "string"
},
"authenticate-to-backend": {
"default": false,
"description": "If set to true the frontend certificate will be used as authentication certificate to the backend. Note: backend might have to know the frontend CA, available with 'backend-client-caucase-url'.",
"title": "Authenticate to backend",
"type": "boolean"
},
"request-timeout": {
"default": 600,
"description": "Timeout for HTTP requests.",
"title": "HTTP Request timeout in seconds",
"type": "integer"
},
"backend-connect-timeout": {
"default": 5,
"description": "Time in seconds for establishing connection to the backend.",
"title": "Timeout for backend connection (seconds)",
"type": "integer"
},
"backend-connect-retries": {
"default": 3,
"description": "Amount of retries to connect to the backend. The amount of backend-connect-timeout*backend-connect-retries seconds will be spent to connect to the backend.",
"title": "Amount of retries to connect to the backend.",
"type": "integer"
},
"re6st-verification-url": {
"description": "Url to verify if the internet and/or re6stnet is working.",
"title": "Test Verification URL",
"type": "string"
},
"expert": {
"title": "Expert Frontend Node Global parameters",
"description": "Unusual expert global parameters for the frontend node",
"type": "object",
"properties": {
"advertised-http3-port": {
"default": 443,
"title": "Advertised HTTP3 port",
"description": "As most common deloyment is using iptables for port redirection and in case of udp it is advertising to the process it's bind port instead of the really connected to, it's required to manually set this port for the whole cluster. Can be precisely set on each node by -frontend-i-config-http3-port",
"type": "integer"
},
"frontend-haproxy-http-port": {
"default": 8080,
"title": "Frontend HAProxy HTTP port",
"type": "integer"
},
"frontend-haproxy-https-port": {
"default": 4443,
"title": "Frontend HAProxy HTTPS port",
"type": "integer"
},
"backend-haproxy-http-port": {
"default": 21080,
"title": "Backend HAProxy HTTP port",
"type": "integer"
},
"backend-haproxy-https-port": {
"default": 21443,
"title": "Backend HAProxy HTTPS port",
"type": "integer"
},
"backend-haproxy-statistic-port": {
"default": 21444,
"title": "Backend HAProxy statistic HTTP port",
"type": "integer"
},
"slave-introspection-https-port": {
"default": 22443,
"title": "Backend HAProxy statistic HTTPS port",
"type": "integer"
},
"trafficserver-port": {
"default": 23432,
"title": "TrafficServer port",
"type": "integer"
},
"monitor-httpd-port": {
"default": 8196,
"title": "Monitor HTTPD port",
"type": "integer"
},
"legacy-enable-http3-string": {
"default": false,
"title": "Legacy: Sent enable-http3 as string to outdated nodes",
"type": "boolean"
},
"rotate-num": {
"default": 4000,
"title": "Amount of daily log rotations",
"type": "integer"
}
}
}
},
"title": "Input Parameters",
"type": "object"
}
...@@ -29,10 +29,6 @@ ...@@ -29,10 +29,6 @@
"type": "string", "type": "string",
"title": "Domain" "title": "Domain"
}, },
"re6st-verification-url": {
"type": "string",
"title": "re6st-verification-url"
},
"monitor-cors-domain": { "monitor-cors-domain": {
"type": "string", "type": "string",
"title": "Monitor CORS Domain" "title": "Monitor CORS Domain"
......
...@@ -6,30 +6,16 @@ ...@@ -6,30 +6,16 @@
"description": "This parameter allows to select to which Compute Node this node will be allocated to.", "description": "This parameter allows to select to which Compute Node this node will be allocated to.",
"type": "string" "type": "string"
}, },
"enable-http2": { "global": {
"title": "Enable HTTP2", "title": "Frontend Node configuration to override globals",
"default": true, "allOf": [ { "$ref": "./instance-frontend-global-input-schema.json" } ],
"description": "Enables HTTP2 on the node.", "type": "object"
"type": "boolean"
},
"enable-http3": {
"title": "Enable HTTP3",
"default": false,
"description": "Enables HTTP3 on the node.",
"type": "boolean"
},
"ram-cache-size": {
"default": "1G",
"title": "Size of RAM cache on each node (bytes)",
"description": "The value can be provided with suffix 'K', 'M', 'G'",
"type": "string"
},
"disk-cache-size": {
"default": "8G",
"title": "Size of disk cache on each node (bytes)",
"description": "The value can be provided with suffix 'K', 'M', 'G'",
"type": "string"
}, },
"expert": {
"title": "Expert Frontend Node parameters",
"description": "Unusual expert parameters for the frontend node",
"type": "object",
"properties": {
"software-url": { "software-url": {
"title": "Software Release URL", "title": "Software Release URL",
"description": "Software Release URL used to on this frontend node, defaults to cluster Software Release URL.", "description": "Software Release URL used to on this frontend node, defaults to cluster Software Release URL.",
...@@ -46,66 +32,10 @@ ...@@ -46,66 +32,10 @@
"destroyed" "destroyed"
] ]
}, },
"expert": {
"title": "Expert Frontend Node parameters",
"description": "Unusual expert parameters for the frontend node",
"type": "object",
"properties": {
"rotate-num": {
"default": 4000,
"title": "Amount of daily log rotations",
"type": "integer"
},
"advertised-http3-port": {
"default": 443,
"title": "Advertised HTTP3 port",
"description": "As most common deloyment is using iptables for port redirection and in case of udp it is advertising to the process it's bind port instead of the really connected to, it's required to manually set this port for the whole cluster. Can be precisely set on each node by -frontend-i-config-http3-port",
"type": "integer"
},
"frontend-haproxy-http-port": {
"default": 8080,
"title": "Frontend HAProxy HTTP port",
"type": "integer"
},
"frontend-haproxy-https-port": {
"default": 4443,
"title": "Frontend HAProxy HTTPS port",
"type": "integer"
},
"backend-haproxy-http-port": {
"default": 21080,
"title": "Backend HAProxy HTTP port",
"type": "integer"
},
"backend-haproxy-https-port": {
"default": 21443,
"title": "Backend HAProxy HTTPS port",
"type": "integer"
},
"backend-haproxy-statistic-port": {
"default": 21444,
"title": "Backend HAProxy statistic port",
"type": "integer"
},
"slave-introspection-https-port": {
"default": 22443,
"title": "Backend HAProxy statistic port",
"type": "integer"
},
"trafficserver-port": {
"default": 23432,
"title": "TrafficServer port",
"type": "integer"
},
"legacy-enable-http3-string": { "legacy-enable-http3-string": {
"default": false, "default": false,
"title": "Legacy: Sent enable-http3 as string to outdated nodes", "title": "Legacy: Sent enable-http3 as string to outdated nodes",
"type": "boolean" "type": "boolean"
},
"monitor-httpd-port": {
"default": 8196,
"title": "Monitor HTTPD port",
"type": "integer"
} }
} }
} }
......
{% import "caucase" as caucase with context %} {% import "caucase" as caucase with context %}
{%- do instance_parameter_dict['configuration'].setdefault('user', {}) %}
{%- do instance_parameter_dict['configuration']['user'].setdefault('expert', {}) %} {%- do instance_parameter_dict['configuration']['user'].setdefault('expert', {}) %}
{%- set HTTP3_PORT = instance_parameter_dict['configuration']['user']['expert'].get('advertised-http3-port', FRONTEND_USER_DEFAULTS['expert']['advertised-http3-port']) %} {%- do instance_parameter_dict['configuration']['user'].setdefault('global', {}) %}
{%- set FRONTEND_HTTP3 = instance_parameter_dict['configuration']['user'].get('enable-http3', FRONTEND_USER_DEFAULTS['enable-http3']) %} {%- do instance_parameter_dict['configuration']['user']['global'].setdefault('expert', {}) %}
{%- set HTTP3_PORT = instance_parameter_dict['configuration']['user']['global']['expert'].get('advertised-http3-port', FRONTEND_GLOBAL_DEFAULTS['expert']['advertised-http3-port']) %}
{%- set FRONTEND_HTTP3 = instance_parameter_dict['configuration']['user']['global'].get('enable-http3', FRONTEND_GLOBAL_DEFAULTS['enable-http3']) %}
{%- if FRONTEND_HTTP3 %} {%- if FRONTEND_HTTP3 %}
{%- set FRONTEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_quic_executable'] %} {%- set FRONTEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_quic_executable'] %}
{%- else %} {%- else %}
...@@ -188,7 +191,7 @@ single-custom-personal = dynamic-custom-personal-profile-slave-list:output ...@@ -188,7 +191,7 @@ single-custom-personal = dynamic-custom-personal-profile-slave-list:output
[frontend-configuration] [frontend-configuration]
ip-access-certificate = ${self-signed-ip-access:certificate} ip-access-certificate = ${self-signed-ip-access:certificate}
slave-introspection-configuration = ${directory:etc}/slave-introspection-httpd-nginx.conf slave-introspection-configuration = ${directory:etc}/slave-introspection-httpd-nginx.conf
slave-introspection-https-port = {{ instance_parameter_dict['configuration']['user']['expert'].get('slave-introspection-https-port', FRONTEND_USER_DEFAULTS['expert']['slave-introspection-https-port']) }} slave-introspection-https-port = {{ instance_parameter_dict['configuration']['user']['global']['expert'].get('slave-introspection-https-port', FRONTEND_GLOBAL_DEFAULTS['expert']['slave-introspection-https-port']) }}
slave-introspection-secure_access = ${slave-introspection-frontend:connection-secure_access} slave-introspection-secure_access = ${slave-introspection-frontend:connection-secure_access}
[self-signed-ip-access] [self-signed-ip-access]
...@@ -400,8 +403,8 @@ extra-context = ...@@ -400,8 +403,8 @@ extra-context =
## Configuration passed by section ## Configuration passed by section
section frontend_directory frontend-directory section frontend_directory frontend-directory
section configuration configuration section configuration configuration
section FRONTEND_DEFAULTS FRONTEND_DEFAULTS
section FRONTEND_USER_DEFAULTS FRONTEND_USER_DEFAULTS section FRONTEND_USER_DEFAULTS FRONTEND_USER_DEFAULTS
section FRONTEND_GLOBAL_DEFAULTS FRONTEND_GLOBAL_DEFAULTS
section frontend_haproxy_configuration frontend-haproxy-configuration section frontend_haproxy_configuration frontend-haproxy-configuration
section backend_haproxy_configuration backend-haproxy-configuration section backend_haproxy_configuration backend-haproxy-configuration
section instance_parameter_dict instance-parameter-section section instance_parameter_dict instance-parameter-section
...@@ -452,7 +455,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg ...@@ -452,7 +455,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
<= logrotate-entry-base <= logrotate-entry-base
name = frontend-haproxy name = frontend-haproxy
log = ${frontend-haproxy-rsyslogd-config:log-file} log = ${frontend-haproxy-rsyslogd-config:log-file}
rotate-num = {{ instance_parameter_dict['configuration']['user']['expert'].get('rotate-num', FRONTEND_USER_DEFAULTS['expert']['rotate-num']) }} rotate-num = {{ instance_parameter_dict['configuration']['user']['global']['expert'].get('rotate-num', FRONTEND_GLOBAL_DEFAULTS['expert']['rotate-num']) }}
# Note: Slaves do not define their own reload, as this would be repeated, # Note: Slaves do not define their own reload, as this would be repeated,
# because sharedscripts work per entry, and each slave needs its own # because sharedscripts work per entry, and each slave needs its own
# olddir # olddir
...@@ -472,8 +475,8 @@ frontend-graceful-command = ${frontend-haproxy-validate:output} && kill -USR2 $( ...@@ -472,8 +475,8 @@ frontend-graceful-command = ${frontend-haproxy-validate:output} && kill -USR2 $(
not-found-file = {{ software_parameter_dict['template_not_found_html'] }} not-found-file = {{ software_parameter_dict['template_not_found_html'] }}
master-certificate = ${frontend-directory:master-autocert-dir}/master.pem master-certificate = ${frontend-directory:master-autocert-dir}/master.pem
self-signed-fallback-certificate = ${self-signed-fallback-access:certificate} self-signed-fallback-certificate = ${self-signed-fallback-access:certificate}
http-port = {{ instance_parameter_dict['configuration']['user']['expert'].get('frontend-haproxy-http-port', FRONTEND_USER_DEFAULTS['expert']['frontend-haproxy-http-port']) }} http-port = {{ instance_parameter_dict['configuration']['user']['global']['expert'].get('frontend-haproxy-http-port', FRONTEND_GLOBAL_DEFAULTS['expert']['frontend-haproxy-http-port']) }}
https-port = {{ instance_parameter_dict['configuration']['user']['expert'].get('frontend-haproxy-https-port', FRONTEND_USER_DEFAULTS['expert']['frontend-haproxy-https-port']) }} https-port = {{ instance_parameter_dict['configuration']['user']['global']['expert'].get('frontend-haproxy-https-port', FRONTEND_GLOBAL_DEFAULTS['expert']['frontend-haproxy-https-port']) }}
# Communication with ATS # Communication with ATS
cache-port = ${trafficserver-variable:input-port} cache-port = ${trafficserver-variable:input-port}
# slave instrspection # slave instrspection
...@@ -540,10 +543,10 @@ hostname = ${slap-configuration:instance-title} ...@@ -540,10 +543,10 @@ hostname = ${slap-configuration:instance-title}
plugin-config = plugin-config =
ip-allow-config = src_ip=0.0.0.0-255.255.255.255 action=ip_allow ip-allow-config = src_ip=0.0.0.0-255.255.255.255 action=ip_allow
cache-path = ${trafficserver-directory:cache-path} cache-path = ${trafficserver-directory:cache-path}
disk-cache-size = {{ instance_parameter_dict['configuration']['user'].get('disk-cache-size', FRONTEND_USER_DEFAULTS['disk-cache-size']) }} disk-cache-size = {{ instance_parameter_dict['configuration']['user']['global'].get('disk-cache-size', FRONTEND_GLOBAL_DEFAULTS['disk-cache-size']) }}
ram-cache-size = {{ instance_parameter_dict['configuration']['user'].get('ram-cache-size', FRONTEND_USER_DEFAULTS['ram-cache-size']) }} ram-cache-size = {{ instance_parameter_dict['configuration']['user']['global'].get('ram-cache-size', FRONTEND_GLOBAL_DEFAULTS['ram-cache-size']) }}
templates-dir = {{ software_parameter_dict['trafficserver'] }}/etc/trafficserver/body_factory templates-dir = {{ software_parameter_dict['trafficserver'] }}/etc/trafficserver/body_factory
request-timeout = {{ instance_parameter_dict['configuration'].get('request-timeout', FRONTEND_DEFAULTS['request-timeout'])}} request-timeout = {{ instance_parameter_dict['configuration']['user']['global'].get('request-timeout', FRONTEND_GLOBAL_DEFAULTS['request-timeout']) }}
version-hash = ${version-hash:value} version-hash = ${version-hash:value}
node-id = ${frontend-node-id:value} node-id = ${frontend-node-id:value}
...@@ -802,8 +805,8 @@ file = ${directory:etc}/backend-haproxy.cfg ...@@ -802,8 +805,8 @@ file = ${directory:etc}/backend-haproxy.cfg
pid-file = ${directory:run}/backend-haproxy.pid pid-file = ${directory:run}/backend-haproxy.pid
log-socket = ${backend-haproxy-rsyslogd-config:log-socket} log-socket = ${backend-haproxy-rsyslogd-config:log-socket}
graceful-command = ${backend-haproxy-validate:output} && kill -USR2 $(cat ${:pid-file}) graceful-command = ${backend-haproxy-validate:output} && kill -USR2 $(cat ${:pid-file})
http-port = {{ instance_parameter_dict['configuration']['user']['expert'].get('backend-haproxy-http-port', FRONTEND_USER_DEFAULTS['expert']['backend-haproxy-http-port']) }} http-port = {{ instance_parameter_dict['configuration']['user']['global']['expert'].get('backend-haproxy-http-port', FRONTEND_GLOBAL_DEFAULTS['expert']['backend-haproxy-http-port']) }}
https-port = {{ instance_parameter_dict['configuration']['user']['expert'].get('backend-haproxy-https-port', FRONTEND_USER_DEFAULTS['expert']['backend-haproxy-https-port']) }} https-port = {{ instance_parameter_dict['configuration']['user']['global']['expert'].get('backend-haproxy-https-port', FRONTEND_GLOBAL_DEFAULTS['expert']['backend-haproxy-https-port']) }}
# Caucase related configuration # Caucase related configuration
caucase-url = {{ instance_parameter_dict['configuration']['backend-client-caucase-url'] }} caucase-url = {{ instance_parameter_dict['configuration']['backend-client-caucase-url'] }}
ca-certificate = ${backend-client-login-config:ca-certificate} ca-certificate = ${backend-client-login-config:ca-certificate}
...@@ -813,7 +816,7 @@ csr = ${backend-client-caucase-updater-csr:csr} ...@@ -813,7 +816,7 @@ csr = ${backend-client-caucase-updater-csr:csr}
crl = ${backend-client-login-config:crl} crl = ${backend-client-login-config:crl}
# the statistic page # the statistic page
statistic-certificate = ${self-signed-ip-access:certificate} statistic-certificate = ${self-signed-ip-access:certificate}
statistic-port = {{ instance_parameter_dict['configuration']['user']['expert'].get('backend-haproxy-statistic-port', FRONTEND_USER_DEFAULTS['expert']['backend-haproxy-statistic-port']) }} statistic-port = {{ instance_parameter_dict['configuration']['user']['global']['expert'].get('backend-haproxy-statistic-port', FRONTEND_GLOBAL_DEFAULTS['expert']['backend-haproxy-statistic-port']) }}
statistic-username = ${monitor-instance-parameter:username} statistic-username = ${monitor-instance-parameter:username}
statistic-password = ${monitor-htpasswd:passwd} statistic-password = ${monitor-htpasswd:passwd}
statistic-identification = {{ instance_parameter_dict['instance-title'] + ' @ ' + instance_parameter_dict['configuration']['cluster-identification'] }} statistic-identification = {{ instance_parameter_dict['instance-title'] + ' @ ' + instance_parameter_dict['configuration']['cluster-identification'] }}
...@@ -860,7 +863,7 @@ extra-context = ...@@ -860,7 +863,7 @@ extra-context =
<= logrotate-entry-base <= logrotate-entry-base
name = backend-haproxy name = backend-haproxy
log = ${backend-haproxy-rsyslogd-config:log-file} log = ${backend-haproxy-rsyslogd-config:log-file}
rotate-num = {{ instance_parameter_dict['configuration']['user']['expert'].get('rotate-num', FRONTEND_USER_DEFAULTS['expert']['rotate-num']) }} rotate-num = {{ instance_parameter_dict['configuration']['user']['global']['expert'].get('rotate-num', FRONTEND_GLOBAL_DEFAULTS['expert']['rotate-num']) }}
# Note: Slaves do not define their own reload, as this would be repeated, # Note: Slaves do not define their own reload, as this would be repeated,
# because sharedscripts work per entry, and each slave needs its own # because sharedscripts work per entry, and each slave needs its own
# olddir # olddir
...@@ -958,7 +961,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg ...@@ -958,7 +961,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
# Note: Workaround for monitor stack, which uses monitor-httpd-port parameter # Note: Workaround for monitor stack, which uses monitor-httpd-port parameter
# directly, and in our case it can come from the network, thus resulting # directly, and in our case it can come from the network, thus resulting
# with need to strip !py!'u' # with need to strip !py!'u'
monitor-httpd-port = {{ instance_parameter_dict['configuration']['user']['expert'].get('monitor-httpd-port', FRONTEND_USER_DEFAULTS['expert']['monitor-httpd-port']) }} monitor-httpd-port = {{ instance_parameter_dict['configuration']['user']['global']['expert'].get('monitor-httpd-port', FRONTEND_GLOBAL_DEFAULTS['expert']['monitor-httpd-port']) }}
password = {{ instance_parameter_dict['configuration']['monitor-password'] }} password = {{ instance_parameter_dict['configuration']['monitor-password'] }}
[monitor-conf-parameters] [monitor-conf-parameters]
...@@ -994,7 +997,7 @@ context = ...@@ -994,7 +997,7 @@ context =
<= monitor-promise-base <= monitor-promise-base
promise = check_url_available promise = check_url_available
name = re6st-connectivity.py name = re6st-connectivity.py
config-url = {{ instance_parameter_dict['configuration']['re6st-verification-url'] }} config-url = {{ instance_parameter_dict['configuration']['user']['global'].get('re6st-verification-url', FRONTEND_GLOBAL_DEFAULTS['re6st-verification-url']) }}
[slave-introspection-frontend] [slave-introspection-frontend]
<= slap-connection <= slap-connection
...@@ -1095,7 +1098,7 @@ config-port = ${frontend-configuration:slave-introspection-https-port} ...@@ -1095,7 +1098,7 @@ config-port = ${frontend-configuration:slave-introspection-https-port}
<= logrotate-entry-base <= logrotate-entry-base
name = slave-introspection name = slave-introspection
log = ${frontend-haproxy-configuration:slave-introspection-access-log} ${frontend-haproxy-configuration:slave-introspection-error-log} log = ${frontend-haproxy-configuration:slave-introspection-access-log} ${frontend-haproxy-configuration:slave-introspection-error-log}
rotate-num = {{ instance_parameter_dict['configuration']['user']['expert'].get('rotate-num', FRONTEND_USER_DEFAULTS['expert']['rotate-num']) }} rotate-num = {{ instance_parameter_dict['configuration']['user']['global']['expert'].get('rotate-num', FRONTEND_GLOBAL_DEFAULTS['expert']['rotate-num']) }}
post = kill -USR2 $(cat ${frontend-haproxy-configuration:slave-introspection-pid-file}) post = kill -USR2 $(cat ${frontend-haproxy-configuration:slave-introspection-pid-file})
delaycompress = delaycompress =
...@@ -1127,13 +1130,13 @@ config-state = empty ...@@ -1127,13 +1130,13 @@ config-state = empty
{{ key }} = {{ dumps(value) }} {{ key }} = {{ dumps(value) }}
{%- endfor %} {%- endfor %}
[FRONTEND_DEFAULTS] [FRONTEND_USER_DEFAULTS]
{% for key, value in FRONTEND_DEFAULTS.items() %} {% for key, value in FRONTEND_USER_DEFAULTS.items() %}
{{ key }} = {{ dumps(value) }} {{ key }} = {{ dumps(value) }}
{%- endfor %} {%- endfor %}
[FRONTEND_USER_DEFAULTS] [FRONTEND_GLOBAL_DEFAULTS]
{% for key, value in FRONTEND_USER_DEFAULTS.items() %} {% for key, value in FRONTEND_GLOBAL_DEFAULTS.items() %}
{{ key }} = {{ dumps(value) }} {{ key }} = {{ dumps(value) }}
{%- endfor %} {%- endfor %}
......
...@@ -3,17 +3,6 @@ ...@@ -3,17 +3,6 @@
"title": "Input Parameters", "title": "Input Parameters",
"type": "object", "type": "object",
"properties": { "properties": {
"frontend-node-dict": {
"title": "Frontend Node configuration",
"description": "The name used here will be reference of the node, used in the request, so changing it will result with new allocation. Note: This can be used while migrating clusters by using caddy-frontend-N.",
"patternProperties": {
".*": {
"allOf": [ { "$ref": "./instance-frontend-user-input-schema.json" } ]
}
},
"type": "object",
"default": {}
},
"domain": { "domain": {
"description": "Domain used to generate automatic hostnames for slaves. For example 'example.com' will result with slave hostname 'slaveref.example.com'.", "description": "Domain used to generate automatic hostnames for slaves. For example 'example.com' will result with slave hostname 'slaveref.example.com'.",
"format": "idn-hostname", "format": "idn-hostname",
...@@ -21,24 +10,6 @@ ...@@ -21,24 +10,6 @@
"type": "string", "type": "string",
"default": "example.org" "default": "example.org"
}, },
"request-timeout": {
"default": 600,
"description": "Timeout for HTTP requests.",
"title": "HTTP Request timeout in seconds",
"type": "integer"
},
"backend-connect-timeout": {
"default": 5,
"description": "Time in seconds for establishing connection to the backend.",
"title": "Timeout for backend connection (seconds)",
"type": "integer"
},
"backend-connect-retries": {
"default": 3,
"description": "Amount of retries to connect to the backend. The amount of backend-connect-timeout*backend-connect-retries seconds will be spent to connect to the backend.",
"title": "Amount of retries to connect to the backend.",
"type": "integer"
},
"automatic-internal-kedifa-caucase-csr": { "automatic-internal-kedifa-caucase-csr": {
"default": true, "default": true,
"description": "Automatically signs CSRs sent to KeDiFa's caucase, based on CSR comparison.", "description": "Automatically signs CSRs sent to KeDiFa's caucase, based on CSR comparison.",
...@@ -51,24 +22,29 @@ ...@@ -51,24 +22,29 @@
"title": "Automatic Internal Backend Client's Caucase CSR", "title": "Automatic Internal Backend Client's Caucase CSR",
"type": "boolean" "type": "boolean"
}, },
"ciphers": {
"title": "Ordered whitespace separated list of ciphers",
"type": "string",
"textarea": true,
"default": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA"
},
"authenticate-to-backend": {
"default": false,
"description": "If set to true the frontend certificate will be used as authentication certificate to the backend. Note: backend might have to know the frontend CA, available with 'backend-client-caucase-url'.",
"title": "Authenticate to backend",
"type": "boolean"
},
"certificate-chain": { "certificate-chain": {
"description": "SSL Certificate chain to be used. It shall start with a certificate, optionally intermediate certificates and end with a key. Deprecated: please use master-key-upload-url.", "description": "SSL Certificate chain to be used. It shall start with a certificate, optionally intermediate certificates and end with a key. Deprecated: please use master-key-upload-url.",
"textarea": true, "textarea": true,
"title": "[DEPRECATED] Certificate chain", "title": "[DEPRECATED] Certificate chain",
"type": "string" "type": "string"
}, },
"frontend-global": {
"title": "Frontend Node Global Parameters",
"description": "Default parameters for each frontend node, which can be then fine tuned on each configuration.",
"allOf": [ { "$ref": "./instance-frontend-global-input-schema.json" } ],
"type": "object"
},
"frontend-node-dict": {
"title": "Frontend Node configuration",
"description": "Frontend node setup object to setup the cluster exactly as wanted. The name used here will be reference of the node, used in the request, so changing it will result with new allocation. Note: This can be used while migrating clusters by using caddy-frontend-N.",
"patternProperties": {
".*": {
"allOf": [ { "$ref": "./instance-frontend-user-input-schema.json" } ]
}
},
"type": "object",
"default": {}
},
"expert": { "expert": {
"title": "Expert parameters", "title": "Expert parameters",
"type": "object", "type": "object",
...@@ -88,11 +64,6 @@ ...@@ -88,11 +64,6 @@
"title": "Monitor CORS Domains", "title": "Monitor CORS Domains",
"type": "string" "type": "string"
}, },
"re6st-verification-url": {
"description": "Url to verify if the internet and/or re6stnet is working.",
"title": "Test Verification URL",
"type": "string"
},
"rotate-num": { "rotate-num": {
"default": 4000, "default": 4000,
"title": "Amount of daily log rotations", "title": "Amount of daily log rotations",
......
...@@ -288,12 +288,6 @@ return = slave-instance-information-list monitor-base-url backend-client-csr-url ...@@ -288,12 +288,6 @@ return = slave-instance-information-list monitor-base-url backend-client-csr-url
'backend-client-caucase-url': CAUCASE_URL, 'backend-client-caucase-url': CAUCASE_URL,
'cluster-identification': instance_parameter_dict['root-instance-title'], 'cluster-identification': instance_parameter_dict['root-instance-title'],
'extra_slave_instance_list': sorted(AUTHORIZED_SLAVE_LIST, key=operator_module.itemgetter('slave_reference')), 'extra_slave_instance_list': sorted(AUTHORIZED_SLAVE_LIST, key=operator_module.itemgetter('slave_reference')),
're6st-verification-url': instance_parameter_dict['configuration']['expert'].get('re6st-verification-url', CLUSTER_DEFAULTS['expert']['re6st-verification-url']),
'backend-connect-timeout': instance_parameter_dict['configuration'].get('backend-connect-timeout', CLUSTER_DEFAULTS['backend-connect-timeout']),
'backend-connect-retries': instance_parameter_dict['configuration'].get('backend-connect-retries', CLUSTER_DEFAULTS['backend-connect-retries']),
'request-timeout': instance_parameter_dict['configuration'].get('request-timeout', CLUSTER_DEFAULTS['request-timeout']),
'ciphers': instance_parameter_dict['configuration'].get('ciphers', CLUSTER_DEFAULTS['ciphers']),
'authenticate-to-backend': instance_parameter_dict['configuration'].get('authenticate-to-backend', CLUSTER_DEFAULTS['authenticate-to-backend']),
'slave-kedifa-information': '${request-kedifa:connection-slave-kedifa-information}', 'slave-kedifa-information': '${request-kedifa:connection-slave-kedifa-information}',
'kedifa-caucase-url': '${request-kedifa:connection-caucase-url}', 'kedifa-caucase-url': '${request-kedifa:connection-caucase-url}',
'master-key-download-url': '${request-kedifa:connection-master-key-download-url}', 'master-key-download-url': '${request-kedifa:connection-master-key-download-url}',
......
...@@ -230,9 +230,9 @@ context = ...@@ -230,9 +230,9 @@ context =
( (
'' ~ slave_instance.get( '' ~ slave_instance.get(
'enable-http2', 'enable-http2',
configuration['user'].get( configuration['user']['global'].get(
'enable-http2', 'enable-http2',
FRONTEND_USER_DEFAULTS['enable-http2'] FRONTEND_GLOBAL_DEFAULTS['enable-http2']
) )
) )
).lower() in TRUE_VALUES) %} ).lower() in TRUE_VALUES) %}
......
...@@ -77,14 +77,14 @@ init = ...@@ -77,14 +77,14 @@ init =
<= schema-json-to-default <= schema-json-to-default
input = {{ software_parameter_dict['instance_slave_input_schema'] }} input = {{ software_parameter_dict['instance_slave_input_schema'] }}
[instance-frontend-default]
<= schema-json-to-default
input = {{ software_parameter_dict['instance_frontend_input_schema'] }}
[instance-frontend-user-default] [instance-frontend-user-default]
<= schema-json-to-default <= schema-json-to-default
input = {{ software_parameter_dict['instance_frontend_user_input_schema'] }} input = {{ software_parameter_dict['instance_frontend_user_input_schema'] }}
[instance-frontend-global-default]
<= schema-json-to-default
input = {{ software_parameter_dict['instance_frontend_global_input_schema'] }}
[instance-default] [instance-default]
<= schema-json-to-default <= schema-json-to-default
input = {{ software_parameter_dict['instance_input_schema'] }} input = {{ software_parameter_dict['instance_input_schema'] }}
...@@ -97,8 +97,8 @@ extra-context = ...@@ -97,8 +97,8 @@ extra-context =
import furl_module furl import furl_module furl
raw software_type single-custom-personal raw software_type single-custom-personal
key SLAVE_DEFAULTS instance-slave-default:defaults key SLAVE_DEFAULTS instance-slave-default:defaults
key FRONTEND_DEFAULTS instance-frontend-default:defaults
key FRONTEND_USER_DEFAULTS instance-frontend-user-default:defaults key FRONTEND_USER_DEFAULTS instance-frontend-user-default:defaults
key FRONTEND_GLOBAL_DEFAULTS instance-frontend-global-default:defaults
[dynamic-profile-master] [dynamic-profile-master]
< = jinja2-template-base < = jinja2-template-base
...@@ -112,6 +112,8 @@ extra-context = ...@@ -112,6 +112,8 @@ extra-context =
import validators_module validators import validators_module validators
import software_module software import software_module software
key CLUSTER_DEFAULTS instance-default:defaults key CLUSTER_DEFAULTS instance-default:defaults
key FRONTEND_USER_DEFAULTS instance-frontend-user-default:defaults
key FRONTEND_GLOBAL_DEFAULTS instance-frontend-global-default:defaults
key SLAVE_DEFAULTS instance-slave-default:defaults key SLAVE_DEFAULTS instance-slave-default:defaults
[dynamic-profile-kedifa] [dynamic-profile-kedifa]
......
...@@ -100,6 +100,7 @@ template_expose_csr_nginx_conf = ${template-expose-csr-nginx-conf:target} ...@@ -100,6 +100,7 @@ template_expose_csr_nginx_conf = ${template-expose-csr-nginx-conf:target}
instance_slave_input_schema = ${instance-slave-input-schema:target} instance_slave_input_schema = ${instance-slave-input-schema:target}
instance_frontend_input_schema = ${instance-frontend-input-schema:target} instance_frontend_input_schema = ${instance-frontend-input-schema:target}
instance_frontend_user_input_schema = ${instance-frontend-user-input-schema:target} instance_frontend_user_input_schema = ${instance-frontend-user-input-schema:target}
instance_frontend_global_input_schema = ${instance-frontend-global-input-schema:target}
instance_input_schema = ${instance-input-schema:target} instance_input_schema = ${instance-input-schema:target}
# directories # directories
...@@ -223,6 +224,9 @@ output = ${buildout:directory}/template-wrapper.cfg ...@@ -223,6 +224,9 @@ output = ${buildout:directory}/template-wrapper.cfg
[instance-frontend-user-input-schema] [instance-frontend-user-input-schema]
<=download-profile <=download-profile
[instance-frontend-global-input-schema]
<=download-profile
[instance-input-schema] [instance-input-schema]
<=download-profile <=download-profile
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment