WIP: add sozu software release

software/sozu/buildout.hash.cfg

+# THIS IS NOT A BUILDOUT FILE, despite purposedly using a compatible syntax.
+# The only allowed lines here are (regexes):
+# - "^#" comments, copied verbatim
+# - "^[" section beginings, copied verbatim
+# - lines containing an "=" sign which must fit in the following categorie.
+#   - "^\s*filename\s*=\s*path\s*$" where "path" is relative to this file
+#     Copied verbatim.
+#   - "^\s*hashtype\s*=.*" where "hashtype" is one of the values supported
+#     by the re-generation script.
+#     Re-generated.
+# - other lines are copied verbatim
+# Substitution (${...:...}), extension ([buildout] extends = ...) and
+# section inheritance (< = ...) are NOT supported (but you should really
+# not need these here).
+[instance.cfg]
+filename = instance.cfg.in
+md5sum = 5b6d18ff660516bf583cf4fe2c2b8059
+
+[template-sozu]
+filename = instance-sozu.cfg.jinja2.in
+md5sum = 54c9b0eee8b29d2a8084291ca4e9b643
+
+[config.toml]
+filename = config.toml.in
+md5sum = f5551578f81b01eadc68fe3da2191013
+
+[publish-sozu-slave-parameters.cfg]
+filename = publish-sozu-slave-parameters.cfg.in
+md5sum = 92f4dc0e8c08d9a66a2833ed035a07f6

software/sozu/instance-sozu-slave-input-schema.json

+{
+  "type": "object",
+  "$schema": "http://json-schema.org/draft-04/schema",
+  "title": "Input Parameters",
+  "properties": {
+    "protocol": {
+      "title": "Protocol for cluster",
+      "description": "The protocol option indicates if we will use HTTP or TCP proxying",
+      "type": "string",
+      "default": "http",
+      "enum": [
+        "http",
+        "tcp"
+      ]
+    },
+    "load-balancing": {
+      "title": "Load balancing algorithm",
+      "description": "The possible values are ROUND_ROBIN, RANDOM, LEAST_LOADED and POWER_OF_TWO. Defaults to ROUND_ROBIN",
+      "type": "string",
+      "default": "ROUND_ROBIN",
+      "enum": [
+        "ROUND_ROBIN",
+        "RANDOM",
+        "LEAST_LOADED",
+        "POWER_OF_TWO"
+      ]
+    },
+    "load-metric": {
+      "title": "Load metric",
+      "description": "Metric evaluating the load on the backend. available options: connections, requests, connection_time.",
+      "type": "string",
+      "default": "connections",
+      "enum": [
+        "connections",
+        "requests",
+        "connection_time"
+      ]
+    },
+    "frontend-dict": {
+      "title": "Sozu frontends configuration",
+      "description": "A cluster is a set of frontends, routing rules, and backends.",
+      "patternProperties": {
+        ".*": {
+          "properties": {
+            "address": {
+              "title": "TCP listener",
+              "description": "TCP address listener (ip and port). Something like: 0.0.0.0:8080",
+              "type": "string"
+            },
+            "hostname": {
+              "title": "Hostname",
+              "description": "host name of the cluster.",
+              "type": "string"
+            },
+            "path": {
+              "title": "Path",
+              "description": "A routing rule for incoming requests. The path of the request must match it. Can be a prefix (default), a regex, or a strictly equal path.",
+              "type": "string",
+              "default": ""
+            },
+            "path-type": {
+              "title": "Path type",
+              "description": "This is useful if \"path\" is set. Values are PREFIX | REGEX | EQUALS # defaults to PREFIX.",
+              "type": "string",
+              "default": "PREFIX",
+              "enum": [
+                "PREFIX",
+                "REGEX",
+                "EQUALS"
+              ]
+            },
+            "sticky-session": {
+              "title": "Sticky session",
+              "description": "Activates sticky sessions for this cluster.",
+              "type": "boolean",
+              "default": false
+            },
+            "https-redirect": {
+              "title": "https redirect",
+              "description": "Activates automatic redirection to HTTPS for this cluster.",
+              "type": "boolean",
+              "default": false
+            },
+            "tag-list": {
+              "title": "Custom tags",
+              "description": "Key=value list of custom tag to retrieve a frontend with the CLI or in the logs.",
+              "type": "array",
+              "items": {
+                "type": "string"
+              },
+              "default": []
+            },
+            "tls-versions": {
+              "title": "Supported TLS versions",
+              "description": "Possible values are SSL_V2, SSL_V3, TLSv1, TLS_V11, TLS_V12, TLS_V13. Ex: [\"TLS_V12\", \"TLS_V13\"].",
+              "type": "array",
+              "items": {
+                "type": "string"
+              },
+              "default": []
+            },
+            "deploy-certificate": {
+              "title": "Deploy self-signed certificate",
+              "description": "Use a self-signed certificate with this frontend. If set to true, frontend listen on https, certificate and key are ignored.",
+              "type": "boolean",
+              "default": true
+            },
+            "certificate": {
+              "title": "Certificate for HTTPS frontend",
+              "description": "Enable HTTPS frontend and use this certificate.",
+              "textarea": true,
+              "type": "string"
+            },
+            "key": {
+              "title": "SSL key for HTTPS frontend",
+              "description": "Enable HTTPS frontend and use this SSL key.",
+              "textarea": true,
+              "type": "string"
+            },
+            "certificate-chain": {
+              "title": "Certificate chain for HTTPS frontend",
+              "description": "Certificate chain for HTTPS frontend.",
+              "textarea": true,
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "backend-dict": {
+      "title": "Sozu backends configuration",
+      "description": "Indicates the backend servers used by the cluster.",
+      "patternProperties": {
+        ".*": {
+          "properties": {
+            "address": {
+              "title": "TCP listener",
+              "description": "TCP address listener (ip and port). Something like: 0.0.0.0:8080",
+              "type": "string"
+            },
+            "backend-id": {
+              "title": "Backend ID",
+              "description": "Backend unique identifier, ex: my-app-backend.",
+              "type": "string"
+            },
+            "weight": {
+              "title": "Weight",
+              "description": "Optional: weight used by the load balancing algorithm.",
+              "type": "integer"
+            },
+            "sticky-id": {
+              "title": "Sticky-id",
+              "description": "Optional: sticky session identifier.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    }
+  }
+}

software/sozu/instance-sozu.cfg.jinja2.in

+{% set publish_dict = {} -%}
+{% set part_list = [] -%}
+{% set ipv6 = (ipv6_set | list)[0] -%}
+{% set ipv4 = (ipv4_set | list)[0] -%}
+{% set cluster_definition_dict = {} -%}
+
+[directory]
+recipe = slapos.cookbook:mkdirectory
+home = ${buildout:directory}
+etc = ${:home}/etc
+var = ${:home}/var
+run = ${:var}/run
+scripts = ${:etc}/run
+service = ${:etc}/service
+promise = ${:etc}/promise
+log = ${:var}/log
+nginx-prefix = ${:var}/nginx
+tmp = ${:home}/tmp
+ssl = ${:etc}/ssl
+dssl = ${:etc}/ssl-downloaded
+
+[createfile]
+recipe = slapos.recipe.template:jinja2
+inline =
+  {{ '{{ content }}' }}
+
+{% macro createfile(section_name, file_path, content, mode='') -%}
+[{{  section_name }}]
+< = createfile
+output = {{ file_path }}
+context = key content :content
+mode = {{ mode }}
+content = {{ dumps(content) }}
+{%- endmacro %}
+
+[ca-certificate-base]
+<= certificate-authority
+recipe = slapos.cookbook:certificate_authority.request
+key-file = ${ca-directory:certs}/${:name}.crt
+cert-file = ${ca-directory:certs}/${:name}.key
+executable = echo "request certificate"
+wrapper = ${directory:tmp}/ca-${:name}
+
+{% for instance_dict in slave_instance_list -%}
+{% set name = instance_dict['slave_reference'] -%}
+{% set cert_section_name = '${' ~ name ~ '-ssl:cert-file}' -%}
+{% set key_section_name = '${' ~ name ~ '-ssl:key-file}' -%}
+{% set slave_dict = {
+  'name': name.replace('-', '_').lower(),
+  'protocol': instance_dict.get('protocol', 'http'),
+  'load-balancing': instance_dict.get('load-balancing', 'ROUND_ROBIN'),
+  'load-metric': instance_dict.get('load-metric', 'connections'),
+  'frontend-dict': instance_dict['frontend-dict'],
+  'backend-dict': instance_dict['backend-dict']
+  } -%}
+
+[{{ name }}-ssl]
+<= ca-certificate-base
+name = {{ name }}
+
+{%  for cluster_name, cluster_dict in slave_dict['frontend-dict'].items() %}
+{%    if cluster_dict.get('deploy-certificate') -%}
+{%      do slave_dict['frontend-dict'][cluster_name].__setitem__('certificate', '${' ~ name ~ '-ssl:cert-file}') -%}
+{%      do slave_dict['frontend-dict'][cluster_name].__setitem__('key', '${' ~ name ~ '-ssl:key-file}') -%}
+{%      do slave_dict['frontend-dict'][cluster_name].__setitem__('certificate-chain', '${' ~ name ~ '-ssl:chain-file}') -%}
+
+{%    elif cluster_dict.get('certificate') and cluster_dict.get('key') and cluster_dict.get('certificate-chain') -%}
+{{ createfile(name ~ cluster_name ~ "-crt", "${directory:dssl}/" ~ name ~ cluster_name ~ ".crt", cluster_dict['certificate']) }}
+{{ createfile(name ~ cluster_name ~ "-key", "${directory:dssl}/" ~ name ~ cluster_name ~ ".key", cluster_dict['key']) }}
+{{ createfile(name ~ cluster_name ~ "-chain", "${directory:dssl}/" ~ name ~ cluster_name ~ "-chain.crt", cluster_dict['certificate-chain']) }}
+
+{%      do slave_dict['frontend-dict'][cluster_name].__setitem__('certificate', '${' ~ name ~ cluster_name~ '-crt:output}') -%}
+{%      do slave_dict['frontend-dict'][cluster_name].__setitem__('key', '${' ~ name ~ cluster_name~ '-key:output}') -%}
+{%      do slave_dict['frontend-dict'][cluster_name].__setitem__('certificate-chain', '${' ~ name ~ cluster_name~ '-chain:output}') -%}
+{%    endif -%}
+{%  endfor -%}
+{%  do cluster_definition_dict.__setitem__(slave_dict['name'], slave_dict) -%}
+{% endfor -%}
+
+[sozu-parameters]
+#warn, info, debug, trace
+log-level = info
+log-file = ${directory:log}/sozu.log
+access-log-file = ${directory:log}/sozu-access.log
+socket-file = ${directory:run}/sozu.sock
+max-buffer-size = 163840
+worker-count = 2
+max-connections = 500
+# wait for a command to complete timeout
+ctl-timeout = 1000
+pid-file = ${directory:run}/sozu.pid
+# maximum time (seconds) of inactivity for a frontend socket
+front-timeout = 60
+# maximum time of inactivity for a backend socket, in seconds
+back-timeout = 30
+# maximum time to connect to a backend server, in seconds
+connect-timeout = 3
+# maximum time to receive a request since the connection started
+request-timeout = 10
+ip = {{ ipv6 }}
+port = 8090
+https-port = 4453
+cert-file = ${ca-directory:certs}/sozu-cert.crt
+key-file = ${ca-directory:certs}/sozu.key
+cert-chain-file = ${ca-directory:root}/cacert.pem
+
+[sozu-config.toml]
+recipe = slapos.recipe.template:jinja2
+url = {{ config_toml_in }}
+extensions = jinja2.ext.do
+output = ${directory:etc}/config.toml
+context =
+  section parameter_dict              sozu-parameters
+  section cluster_definition_dict     sozu-slave-information
+
+[sozu-wrapper]
+recipe = slapos.cookbook:wrapper
+command-line =
+  {{ sozu_bin }} start -c ${sozu-config.toml:output}
+wrapper-path = ${directory:bin}/sozu
+
+[ca-sozu-wrapper]
+<= certificate-authority
+recipe = slapos.cookbook:certificate_authority.request
+key-file = ${sozu-parameters:key-file}
+cert-file = ${sozu-parameters:cert-file}
+executable = ${sozu-wrapper:wrapper-path}
+wrapper = ${directory:bin}/ca-sozu
+
+[sozu-service]
+recipe = slapos.cookbook:wrapper
+command-line = ${ca-sozu-wrapper:wrapper}
+wrapper-path = ${directory:services}/sozu
+hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
+hash-files = ${sozu-config.toml:output}
+url = http://[${sozu-parameters:ip}]:${sozu-parameters:port}
+https-url = https://[${sozu-parameters:ip}]:${sozu-parameters:https-port}
+wait-for-files =
+  ${ca-directory:certs}/sozu-cert.crt
+
+[sozu-https-promise]
+<= monitor-promise-base
+promise = check_socket_listening
+name = sozu-https-backend-port-listening.py
+config-port = ${sozu-parameters:https-port}
+config-host = ${sozu-parameters:ip}
+
+[sozu-http-promise]
+<= monitor-promise-base
+promise = check_socket_listening
+name = sozu-http-backend-port-listening.py
+config-port = ${sozu-parameters:port}
+config-host = ${sozu-parameters:ip}
+
+[sozu-frontend]
+<= slap-connection
+recipe = slapos.cookbook:requestoptional
+name = Sozu Frontend
+# XXX We have hardcoded SR URL here.
+software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
+shared = true
+config-url = ${sozu-service:url}
+config-https-url = ${sozu-service:https-url}
+config-https-only = true
+return = domain secure_access
+
+[sozu-frontend-promise]
+<= monitor-promise-base
+promise = check_url_available
+name = check_sozu_secure_frontend.py
+config-url = ${sozu-frontend:connection-secure_access}
+
+[sozu-http-frontend-promise]
+<= monitor-promise-base
+promise = check_url_available
+name = check_sozu_frontend.py
+config-url = http://${sozu-frontend:connection-domain}
+
+[publish-connection-information]
+<= monitor-publish
+recipe = slapos.cookbook:publish
+backend-url = ${sozu-service:url}
+url = ${sozu-frontend:connection-secure_access}
+
+[sozu-publish-slave-information]
+recipe = slapos.cookbook:switch-softwaretype
+default = dynamic-sozu-publish-slave-information:output
+RootSoftwareInstance = ${:default}
+
+[dynamic-sozu-publish-slave-information]
+recipe = slapos.recipe.template:jinja2
+output = ${buildout:directory}/sozu-publish-slave-information.cfg
+extensions = jinja2.ext.do
+url = {{ template_publish_slave }}
+context =
+    import json_module          json
+    raw eggs_directory          {{ eggs_directory }}
+    raw develop_eggs_directory  {{ develop_eggs_directory }}
+    raw ipv6                    {{ ipv6 }}
+    raw ipv4                    {{ ipv4 }}
+    section slave_dict          sozu-slave-information
+
+[sozu-slave-information]
+{% for name, cluster_dict in cluster_definition_dict.items() -%}
+{{ name }} = {{ dumps(cluster_dict) }}
+{% endfor -%}
+
+[buildout]
+extends = {{ template_monitor }}
+
+parts =
+  sozu-https-promise
+  sozu-http-promise
+  sozu-frontend-promise
+  sozu-http-frontend-promise
+  sozu-service
+  publish-connection-information
+  sozu-publish-slave-information
+
+# Complete parts with sections
+  {{ part_list | join('\n  ') }}
+
+eggs-directory = {{ eggs_directory }}
+develop-eggs-directory = {{ develop_eggs_directory }}
+offline = true

software/sozu/instance.cfg.in

+[buildout]
+parts = switch-softwaretype
+
+eggs-directory = {{ buildout_egg_directory }}
+develop-eggs-directory = {{ buildout_develop_directory }}
+offline = true
+
+
+[switch-softwaretype]
+recipe = slapos.cookbook:switch-softwaretype
+default = template-instance-sozu.cfg:output
+RootSoftwareInstance = ${:default}
+
+
+[slap-configuration]
+recipe = slapos.cookbook:slapconfiguration.serialised
+computer = ${slap-connection:computer-id}
+partition = ${slap-connection:partition-id}
+url = ${slap-connection:server-url}
+key = ${slap-connection:key-file}
+cert = ${slap-connection:cert-file}
+
+
+[jinja2-template-base]
+recipe  = slapos.recipe.template:jinja2
+extensions = jinja2.ext.do
+output= ${buildout:directory}/${:_buildout_section_name_}
+context =
+    key slapparameter_dict      slap-configuration:configuration
+    key computer_id             slap-configuration:computer
+    key ipv4_set                slap-configuration:ipv4
+    key ipv6_set                slap-configuration:ipv6
+    raw buildout_directory      {{ buildout_directory }}
+    raw buildout_bin_directory  {{ buildout_bin_directory }}
+    raw eggs_directory          {{ buildout_egg_directory }}
+    raw develop_eggs_directory  {{ buildout_develop_directory }}
+    raw template_monitor        {{ template_monitor_cfg }}
+    raw openssl_bin             {{ openssl_location }}/bin/openssl
+    ${:extra-context}
+extra-context =
+
+[template-instance-sozu.cfg]
+<= jinja2-template-base
+url = {{ template_sozu_cfg }}
+extra-context =
+    key slave_instance_list         slap-configuration:slave-instance-list
+    raw sozu_bin                    {{ sozu_location }}/bin/sozu
+
+# config files
+    raw config_toml_in             {{ config_toml }}
+    raw template_publish_slave     {{ template_publish_slave }}
+

software/sozu/publish-sozu-slave-parameters.cfg.in

+{% set part_list = [] -%}
+
+[slap_connection]
+# Kept for backward compatibility
+computer_id = ${slap-connection:computer-id}
+partition_id = ${slap-connection:partition-id}
+server_url = ${slap-connection:server-url}
+software_release_url = ${slap-connection:software-release-url}
+key_file = ${slap-connection:key-file}
+cert_file = ${slap-connection:cert-file}
+
+
+{% for _, cluster in slave_dict.items() -%}
+{% set slave_reference = cluster['slave_reference'] -%}
+{% do part_list.append('publish-slave-' ~ slave_reference) -%}
+
+[publish-slave-{{ slave_reference }}]
+recipe = slapos.cookbook:publish
+-slave-reference = {{ slave_reference }}
+{% endfor %}
+
+[buildout]
+eggs-directory = {{ eggs_directory }}
+develop-eggs-directory = {{ develop_eggs_directory }}
+offline = true
+
+parts =
+{% for part in part_list -%}
+{{ '  %s' % part }}
+{% endfor -%}

software/sozu/software.cfg

+[buildout]
+
+extends =
+  ../../component/rust/buildout.cfg
+  ../../stack/monitor/buildout.cfg
+  buildout.hash.cfg
+
+parts =
+  slapos-cookbook
+  instance.cfg
+
+[sozu]
+recipe = plone.recipe.command
+stop-on-error = true
+update-command = ${:command}
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+command =
+  INSTALL_DIR=${:location}
+  mkdir -p $INSTALL_DIR && cd $INSTALL_DIR
+  PATH=${rustc:location}/bin:$PATH
+  cargo install --root=${:location} sozu
+
+[sozu-d]
+recipe = slapos.recipe.cmmi
+url = https://github.com/sozu-proxy/sozu/archive/refs/tags/0.15.6.tar.gz
+md5sum = 4cd4386b64c652af5ad416b10b6ca246
+configure-command = :
+make-binary = cargo install --root=%(location)s --path . --locked
+make-targets =
+environment =
+  PATH=${rustc:location}/bin:%(PATH)s
+
+[dl-template]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/${:filename}
+
+[instance.cfg]
+recipe = slapos.recipe.template:jinja2
+output = ${buildout:directory}/instance.cfg
+url = ${:_profile_base_location_}/${:filename}
+context =
+    key buildout_bin_directory buildout:bin-directory
+    key buildout_egg_directory buildout:eggs-directory
+    key buildout_develop_directory buildout:develop-eggs-directory
+    key buildout_directory buildout:directory
+    key template_monitor_cfg monitor2-template:output
+    key logrotate_cfg template-logrotate-base:output
+    key config_toml   config.toml:target
+    key openssl_location openssl:location
+    key sozu_location  sozu:location
+    key template_sozu_cfg template-sozu:target
+    key template_publish_slave publish-sozu-slave-parameters.cfg:target
+
+[template-sozu]
+<= dl-template
+
+[config.toml]
+<= dl-template
+
+[publish-sozu-slave-parameters.cfg]
+<= dl-template

software/sozu/software.cfg.json

+{
+  "name": "Sozu reverse proxy server",
+  "description": "Sōzu is a lightweight, fast, always-up reverse proxy server.",
+  "serialisation": "xml",
+  "software-type": {
+    "default": {
+      "title": "Default",
+      "description": "Replication Manager",
+      "request": "instance-sozu-input-schema.json",
+      "response": "instance-sozu-output-schema.json",
+      "index": 0
+    },
+    "default-slave": {
+      "title": "Cluster definition",
+      "description": "Sozu cluster definition",
+      "serialisation": "json-in-xml",
+      "software-type": "default",
+      "request": "instance-sozu-slave-input-schema.json",
+      "response": "instance-sozu-output-schema.json",
+      "shared": true,
+      "index": 1
+    }
+  }
+}