Commit e07ff3a0 authored by Rafael Monnerat's avatar Rafael Monnerat

Update Release Candidate

parents 4dcb408d 0f90ad7a
Changes Changes
======= =======
1.0.75-dev (unreleased) 1.0.84 (2018-12-28)
----------------------- -----------------------
* Drop ``slapos.recipe:xvfb``, use simple ``slapos.recipe:wrapper`` instead. * Drop ``slapos.recipe:xvfb``, use simple ``slapos.recipe:wrapper`` instead.
* Drop ``slapos.recipe:seleniumrunner`` and ``slapos.recipe:firefox``, they * Drop ``slapos.recipe:seleniumrunner`` and ``slapos.recipe:firefox``, they
were not used. were not used.
* Encode unicode to UTF-8 on ``slapos.recipe:request`` and
``slapos.recipe:slapconfiguration``
1.0.75 (2018-09-04) 1.0.75 (2018-09-04)
------------------- -------------------
......
...@@ -28,7 +28,7 @@ from setuptools import setup, find_packages ...@@ -28,7 +28,7 @@ from setuptools import setup, find_packages
import glob import glob
import os import os
version = '1.0.75' version = '1.0.84'
name = 'slapos.cookbook' name = 'slapos.cookbook'
long_description = open("README.rst").read() + "\n" + \ long_description = open("README.rst").read() + "\n" + \
open("CHANGES.rst").read() + "\n" open("CHANGES.rst").read() + "\n"
......
...@@ -190,12 +190,15 @@ class Recipe(object): ...@@ -190,12 +190,15 @@ class Recipe(object):
# Then try to get all the parameters. In case of problem, put empty string. # Then try to get all the parameters. In case of problem, put empty string.
for param in return_parameters: for param in return_parameters:
options['connection-%s' % param] = '' value = ''
try: try:
options['connection-%s' % param] = return_parameter_dict[param] value = return_parameter_dict[param]
except KeyError: except KeyError:
if self.failed is None: if self.failed is None:
self.failed = param self.failed = param
if isinstance(value, unicode):
value = value.encode('UTF-8')
options['connection-%s' % param] = value
def _filterForStorage(self, partition_parameter_kw): def _filterForStorage(self, partition_parameter_kw):
return partition_parameter_kw return partition_parameter_kw
......
...@@ -264,6 +264,8 @@ class Recipe(object): ...@@ -264,6 +264,8 @@ class Recipe(object):
# be very careful with overriding master's information # be very careful with overriding master's information
for key, value in flatten_dict(partition_params).items(): for key, value in flatten_dict(partition_params).items():
if key not in options: if key not in options:
if isinstance(value, unicode):
value = value.encode('UTF-8')
options[key] = value options[key] = value
# print out augmented options to see what we are passing # print out augmented options to see what we are passing
logger.debug(str(options)) logger.debug(str(options))
......
...@@ -83,6 +83,7 @@ class RecipeTestMixin(object): ...@@ -83,6 +83,7 @@ class RecipeTestMixin(object):
result = recipe.install() result = recipe.install()
self.assertEqual([], result) self.assertEqual([], result)
self.assertEqual(options['connection-anything'], 'done') self.assertEqual(options['connection-anything'], 'done')
self.assertIsInstance(options['connection-anything'], str)
self.request_instance.assert_called_with( self.request_instance.assert_called_with(
'', 'RootSoftwareInstance', '', filter_kw={}, '', 'RootSoftwareInstance', '', filter_kw={},
partition_parameter_kw=self.called_partition_parameter_kw, partition_parameter_kw=self.called_partition_parameter_kw,
......
...@@ -18,7 +18,7 @@ class SlapConfigurationTest(unittest.TestCase): ...@@ -18,7 +18,7 @@ class SlapConfigurationTest(unittest.TestCase):
self.resource_file = os.path.join(self.instance_root, slapformat.Partition.resource_file) self.resource_file = os.path.join(self.instance_root, slapformat.Partition.resource_file)
self.resource = { self.resource = {
"tun": { "tun": {
"ipv4": "192.168.0.1" "ipv4": u"192.168.0.1"
}, },
"address_list": [ "address_list": [
10, 20 10, 20
...@@ -48,6 +48,7 @@ class SlapConfigurationTest(unittest.TestCase): ...@@ -48,6 +48,7 @@ class SlapConfigurationTest(unittest.TestCase):
self.assertEqual(options['tun-ipv4'], "192.168.0.1", self.assertEqual(options['tun-ipv4'], "192.168.0.1",
"Folded attrs should be separated by -") "Folded attrs should be separated by -")
self.assertIsInstance(options['tun-ipv4'], str)
self.assertEqual(options['address-list'], [10, 20], self.assertEqual(options['address-list'], [10, 20],
"All underscores should be replaced with -") "All underscores should be replaced with -")
...@@ -58,7 +58,7 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b ...@@ -58,7 +58,7 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
[template-default-slave-virtualhost] [template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in filename = templates/default-virtualhost.conf.in
md5sum = b7879a40ed7f8a49b764c82e7283811f md5sum = e21bf673c35f049e7457ec78de9a1964
[template-cached-slave-virtualhost] [template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in filename = templates/cached-virtualhost.conf.in
......
{
"$schema": "http://json-schema.org/draft-04/schema",
"properties": {
"url": {
"description": "Url of the backend",
"pattern": "^(http|https|ftp)://",
"title": "Backend URL",
"type": "string"
},
"type": {
"default": "",
"description": "Type of slave. If redirect, the slave will redirect to the given url. If zope, the rewrite rules will be compatible with Virtual Host Monster. Implemented are default, zope and redirect, not implemneted are notebook and eventsource.",
"enum": [
"",
"zope"
],
"title": "Backend Type",
"type": "string"
},
"custom_domain": {
"description": "Custom Domain to use for the website",
"pattern": "^([a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,6}$",
"title": "Custom Domain",
"type": "string"
},
"server-alias": {
"default": "",
"description": "Server Alias List separated by space",
"title": "Server Alias",
"type": "string"
},
"default-path": {
"default": "",
"description": "Provide default path to redirect user to when user access / (the site root)",
"title": "type:zope Default Path",
"type": "string"
},
"disable-no-cache-request": {
"default": "false",
"description": "If set to true, Cache-Control and Pragma requests headers will not be sent to cache and backend servers. This prevents clients from bypassing cache when enable_cache is true",
"enum": [
"false",
"true"
],
"title": "enable_cache: Disable 'no-cache' requests",
"type": "string"
},
"disable-via-header": {
"default": "false",
"description": "If set to true, Via response headers will not be sent to client",
"enum": [
"false",
"true"
],
"title": "enable_cache: Disable 'Via' headers from cache",
"type": "string"
},
"disabled-cookie-list": {
"default": "",
"description": "List of Cookies separated by space that will not be sent to cache and backend servers. This is especially useful to discard analytics tracking cookies when using Vary: Cookie cache headers",
"title": "Disabled Cookies",
"type": "string"
},
"enable_cache": {
"default": "false",
"description": "If set to true, http caching server (Apache Traffic Server) will be used between frontend Caddy and backend",
"enum": [
"false",
"true"
],
"title": "Enable Cache",
"type": "string"
},
"https-only": {
"default": "false",
"description": "If set to true, http requests will be redirected to https",
"enum": [
"false",
"true"
],
"title": "HTTPS Only",
"type": "string"
},
"path": {
"default": "",
"description": "Path to proxy to in the backend",
"title": "type:zope Backend Path",
"type": "string"
},
"prefer-gzip-encoding-to-backend": {
"default": "false",
"description": "If set to true, frontend will rewrite Accept-Encoding request header to simply 'gzip' for all variants of Accept-Encoding containing 'gzip', in order to maximize cache hits for resources cached with Vary: Accept-Encoding when enable_cache is used",
"enum": [
"false",
"true"
],
"title": "Prefer gzip Encoding for Backend",
"type": "string"
},
"ssl_ca_crt": {
"default": "",
"description": "Content of the CA certificate file",
"textarea": true,
"title": "SSL Certificate Authority's Certificate",
"type": "string"
},
"ssl_crt": {
"default": "",
"description": "Content of the SSL Certificate file",
"textarea": true,
"title": "SSL Certificate",
"type": "string"
},
"ssl_key": {
"default": "",
"description": "Content of the SSL Key file",
"textarea": true,
"title": "SSL Key",
"type": "string"
}
},
"title": "Input Parameters",
"type": "object"
}
...@@ -35,6 +35,15 @@ ...@@ -35,6 +35,15 @@
"shared": true, "shared": true,
"software-type": "default", "software-type": "default",
"title": "Default (slave)" "title": "Default (slave)"
},
"default-simplified-slave": {
"description": "Default",
"index": 5,
"request": "instance-slave-caddy-simplified-input-schema.json",
"response": "instance-output-schema.json",
"shared": true,
"software-type": "default",
"title": "Default Basic (slave)"
} }
} }
} }
...@@ -42,12 +42,12 @@ ...@@ -42,12 +42,12 @@
log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
errors {{ slave_parameter.get('error_log') }} errors {{ slave_parameter.get('error_log') }}
{%- if prefer_gzip %} {%- if prefer_gzip and not (slave_type == 'zope' and backend_url) %}
rewrite { rewrite {
if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
to /prefer-gzip{uri} to /prefer-gzip{uri}
} }
{%- endif %} {#- if prefer_gzip #} {%- endif %} {#- if prefer_gzip and not (slave_type == 'zope' and backend_url) #}
{%- if slave_type == 'zope' and backend_url %} {%- if slave_type == 'zope' and backend_url %}
# Zope configuration # Zope configuration
...@@ -90,10 +90,18 @@ ...@@ -90,10 +90,18 @@
/ {scheme}://{host}/{{ default_path }} / {scheme}://{host}/{{ default_path }}
} {# redir #} } {# redir #}
{%- endif %} {#- if default_path #} {%- endif %} {#- if default_path #}
{%- if prefer_gzip %}
rewrite {
regexp (.*)
if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
to /prefer-gzip/VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') | int }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1}
}
{%- else %}
rewrite { rewrite {
regexp (.*) regexp (.*)
to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') | int }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1} to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') | int }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1}
} {# rewrite #} } {# rewrite #}
{%- endif %} {#- if prefer_gzip #}
{%- elif slave_type == 'redirect' and backend_url %} {#- if slave_type == 'zope' and backend_url #} {%- elif slave_type == 'redirect' and backend_url %} {#- if slave_type == 'zope' and backend_url #}
# Redirect configuration # Redirect configuration
redir 302 { redir 302 {
...@@ -155,12 +163,12 @@ ...@@ -155,12 +163,12 @@
log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
errors {{ slave_parameter.get('error_log') }} errors {{ slave_parameter.get('error_log') }}
{%- if prefer_gzip %} {%- if prefer_gzip and not (slave_type == 'zope' and backend_url) %}
rewrite { rewrite {
if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
to /prefer-gzip{uri} to /prefer-gzip{uri}
} }
{%- endif %} {#- if prefer_gzip #} {%- endif %} {#- if prefer_gzip and not (slave_type == 'zope' and backend_url) #}
{%- if https_only %} {%- if https_only %}
# Enforced redirection to SSL-enabled host # Enforced redirection to SSL-enabled host
...@@ -211,10 +219,18 @@ ...@@ -211,10 +219,18 @@
/ {scheme}://{host}/{{ default_path }} / {scheme}://{host}/{{ default_path }}
} {# redir #} } {# redir #}
{%- endif %} {#- if default_path #} {%- endif %} {#- if default_path #}
{%- if prefer_gzip %}
rewrite {
regexp (.*)
if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
to /prefer-gzip/VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') | int }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1}
}
{%- else %}
rewrite { rewrite {
regexp (.*) regexp (.*)
to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') | int }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1} to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') | int }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1}
} {# rewrite #} } {# rewrite #}
{% endif %} {#- if prefer_gzip #}
{%- else %} {#- if https_only #} {%- else %} {#- if https_only #}
# Default configuration # Default configuration
{%- if default_path %} {%- if default_path %}
......
...@@ -33,7 +33,7 @@ from requests_toolbelt.adapters import source ...@@ -33,7 +33,7 @@ from requests_toolbelt.adapters import source
import json import json
import multiprocessing import multiprocessing
import subprocess import subprocess
from unittest import skip from unittest import skip, expectedFailure
import ssl import ssl
import signal import signal
from BaseHTTPServer import HTTPServer from BaseHTTPServer import HTTPServer
...@@ -337,7 +337,9 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase): ...@@ -337,7 +337,9 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
@classmethod @classmethod
def getSoftwareURLList(cls): def getSoftwareURLList(cls):
return (os.path.abspath(os.path.join(os.path.dirname(__file__), '..', 'software.cfg')), ) return (
os.path.abspath(
os.path.join(os.path.dirname(__file__), '..', 'software.cfg')), )
@classmethod @classmethod
def setUpClass(cls): def setUpClass(cls):
...@@ -833,6 +835,11 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -833,6 +835,11 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
'url': cls.backend_url, 'url': cls.backend_url,
'type': 'zope', 'type': 'zope',
}, },
'type-zope-prefer-gzip-encoding-to-backend': {
'url': cls.backend_url,
'prefer-gzip-encoding-to-backend': 'true',
'type': 'zope',
},
'type-zope-ssl-proxy-verify_ssl_proxy_ca_crt': { 'type-zope-ssl-proxy-verify_ssl_proxy_ca_crt': {
'url': cls.backend_https_url, 'url': cls.backend_https_url,
'type': 'zope', 'type': 'zope',
...@@ -990,9 +997,9 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -990,9 +997,9 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
expected_parameter_dict = { expected_parameter_dict = {
'monitor-base-url': None, 'monitor-base-url': None,
'domain': 'example.com', 'domain': 'example.com',
'accepted-slave-amount': '43', 'accepted-slave-amount': '44',
'rejected-slave-amount': '4', 'rejected-slave-amount': '4',
'slave-amount': '47', 'slave-amount': '48',
'rejected-slave-dict': { 'rejected-slave-dict': {
"_apache_custom_http_s-rejected": ["slave not authorized"], "_apache_custom_http_s-rejected": ["slave not authorized"],
"_caddy_custom_http_s": ["slave not authorized"], "_caddy_custom_http_s": ["slave not authorized"],
...@@ -1639,6 +1646,93 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -1639,6 +1646,93 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
'/VirtualHostRoot/test-path' '/VirtualHostRoot/test-path'
) )
def test_type_zope_prefer_gzip_encoding_to_backend(self):
parameter_dict = self.parseSlaveParameterDict(
'type-zope-prefer-gzip-encoding-to-backend')
self.assertLogAccessUrlWithPop(parameter_dict)
self.assertEqual(
{
'domain': 'typezopeprefergzipencodingtobackend.example.com',
'replication_number': '1',
'url': 'http://typezopeprefergzipencodingtobackend.example.com',
'site_url': 'http://typezopeprefergzipencodingtobackend.example.com',
'secure_access':
'https://typezopeprefergzipencodingtobackend.example.com',
'public-ipv4': SLAPOS_TEST_IPV4,
},
parameter_dict
)
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
try:
j = result.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertFalse('remote_user' in j['Incoming Headers'].keys())
self.assertEqualResultJson(
result,
'Path',
'/VirtualHostBase/https//'
'typezopeprefergzipencodingtobackend.example.com:443/'
'/VirtualHostRoot/test-path'
)
result = self.fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqualResultJson(
result,
'Path',
'/VirtualHostBase/http//'
'typezopeprefergzipencodingtobackend.example.com:80/'
'/VirtualHostRoot/test-path'
)
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
headers={'Accept-Encoding': 'gzip, deflate'})
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
try:
j = result.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertFalse('remote_user' in j['Incoming Headers'].keys())
self.assertEqualResultJson(
result,
'Path',
'/VirtualHostBase/https//'
'typezopeprefergzipencodingtobackend.example.com:443/'
'/VirtualHostRoot/test-path'
)
self.assertEqual(
'gzip', result.json()['Incoming Headers']['accept-encoding'])
result = self.fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
headers={'Accept-Encoding': 'gzip, deflate'})
self.assertEqualResultJson(
result,
'Path',
'/VirtualHostBase/http//'
'typezopeprefergzipencodingtobackend.example.com:80/'
'/VirtualHostRoot/test-path'
)
self.assertEqual(
'gzip', result.json()['Incoming Headers']['accept-encoding'])
def test_type_zope_virtualhostroot_http_port(self): def test_type_zope_virtualhostroot_http_port(self):
parameter_dict = self.parseSlaveParameterDict( parameter_dict = self.parseSlaveParameterDict(
'type-zope-virtualhostroot-http-port') 'type-zope-virtualhostroot-http-port')
...@@ -2673,6 +2767,20 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -2673,6 +2767,20 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
self.assertEqual( self.assertEqual(
'deflate', result.json()['Incoming Headers']['accept-encoding']) 'deflate', result.json()['Incoming Headers']['accept-encoding'])
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqualResultJson(result, 'Path', '/test-path')
def test_disabled_cookie_list(self): def test_disabled_cookie_list(self):
parameter_dict = self.parseSlaveParameterDict('disabled-cookie-list') parameter_dict = self.parseSlaveParameterDict('disabled-cookie-list')
self.assertLogAccessUrlWithPop(parameter_dict) self.assertLogAccessUrlWithPop(parameter_dict)
...@@ -3434,6 +3542,9 @@ class TestQuicEnabled(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3434,6 +3542,9 @@ class TestQuicEnabled(SlaveHttpFrontendTestCase, TestDataMixin):
q for q in glob.glob(os.path.join(self.instance_path, '*',)) q for q in glob.glob(os.path.join(self.instance_path, '*',))
if os.path.exists(os.path.join(q, 'etc', 'trafficserver'))][0] if os.path.exists(os.path.join(q, 'etc', 'trafficserver'))][0]
# It is known problem that QUIC does not work after sending reload signal,
# SIGUSR1, see https://github.com/mholt/caddy/issues/2394
@expectedFailure
def test_url(self): def test_url(self):
parameter_dict = self.parseSlaveParameterDict('url') parameter_dict = self.parseSlaveParameterDict('url')
self.assertLogAccessUrlWithPop(parameter_dict) self.assertLogAccessUrlWithPop(parameter_dict)
......
...@@ -69,6 +69,8 @@ TestSlave-1/var/log/httpd/_type-zope-default-path_access_log ...@@ -69,6 +69,8 @@ TestSlave-1/var/log/httpd/_type-zope-default-path_access_log
TestSlave-1/var/log/httpd/_type-zope-default-path_error_log TestSlave-1/var/log/httpd/_type-zope-default-path_error_log
TestSlave-1/var/log/httpd/_type-zope-path_access_log TestSlave-1/var/log/httpd/_type-zope-path_access_log
TestSlave-1/var/log/httpd/_type-zope-path_error_log TestSlave-1/var/log/httpd/_type-zope-path_error_log
TestSlave-1/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_access_log
TestSlave-1/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_error_log
TestSlave-1/var/log/httpd/_type-zope-ssl-proxy-verify-unverified_access_log TestSlave-1/var/log/httpd/_type-zope-ssl-proxy-verify-unverified_access_log
TestSlave-1/var/log/httpd/_type-zope-ssl-proxy-verify-unverified_error_log TestSlave-1/var/log/httpd/_type-zope-ssl-proxy-verify-unverified_error_log
TestSlave-1/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log TestSlave-1/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
......
...@@ -73,6 +73,8 @@ TestSlave-1/etc/monitor-promise/check-_type-zope-error-log-last-day ...@@ -73,6 +73,8 @@ TestSlave-1/etc/monitor-promise/check-_type-zope-error-log-last-day
TestSlave-1/etc/monitor-promise/check-_type-zope-error-log-last-hour TestSlave-1/etc/monitor-promise/check-_type-zope-error-log-last-hour
TestSlave-1/etc/monitor-promise/check-_type-zope-path-error-log-last-day TestSlave-1/etc/monitor-promise/check-_type-zope-path-error-log-last-day
TestSlave-1/etc/monitor-promise/check-_type-zope-path-error-log-last-hour TestSlave-1/etc/monitor-promise/check-_type-zope-path-error-log-last-hour
TestSlave-1/etc/monitor-promise/check-_type-zope-prefer-gzip-encoding-to-backend-error-log-last-day
TestSlave-1/etc/monitor-promise/check-_type-zope-prefer-gzip-encoding-to-backend-error-log-last-hour
TestSlave-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify-unverified-error-log-last-day TestSlave-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify-unverified-error-log-last-day
TestSlave-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify-unverified-error-log-last-hour TestSlave-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify-unverified-error-log-last-hour
TestSlave-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-day TestSlave-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-day
......
...@@ -18,4 +18,4 @@ md5sum = 307663d73ef3ef94b02567ecd322252e ...@@ -18,4 +18,4 @@ md5sum = 307663d73ef3ef94b02567ecd322252e
[template-default] [template-default]
filename = instance-default.cfg filename = instance-default.cfg
md5sum = ff368286a75243d0536ee6a974107b6f md5sum = c85bd43145c7d21321546f988aebbfc7
...@@ -233,4 +233,4 @@ port = $${shellinabox-frontend:port} ...@@ -233,4 +233,4 @@ port = $${shellinabox-frontend:port}
node-quantity = 1 node-quantity = 1
test-suite-master-url = test-suite-master-url =
instance-dict = instance-dict =
software-path-list = ["https://lab.nexedi.com/nexedi/slapos/raw/master/software/seleniumrunner/software.cfg"] software-path-list = ["https://lab.nexedi.com/nexedi/slapos/raw/1.0.83/software/seleniumrunner/software.cfg"]
...@@ -86,7 +86,10 @@ ...@@ -86,7 +86,10 @@
}, },
"storage-type": { "storage-type": {
"description": "Storage type. Defaults to MySQL if available, else SQLite.", "description": "Storage type. Defaults to MySQL if available, else SQLite.",
"enum": ["MySQL", "SQLite"], "enum": [
"MySQL",
"SQLite"
],
"type": "string" "type": "string"
}, },
"mysql": { "mysql": {
......
...@@ -181,3 +181,28 @@ Listen {{ ip }}:{{ port }} ...@@ -181,3 +181,28 @@ Listen {{ ip }}:{{ port }}
RewriteRule ^/(.*) {{ backend }}/$1 [L,P] RewriteRule ^/(.*) {{ backend }}/$1 [L,P]
</VirtualHost> </VirtualHost>
{% endfor -%} {% endfor -%}
{% for (ip, port), (enable_authentication, path_mapping) in parameter_dict.get('zope-virtualhost-monster-backend-dict', {}).items() -%}
Listen {{ ip }}:{{ port }}
<VirtualHost {{ ip }}:{{ port }}>
SSLEngine on
{% if enable_authentication and parameter_dict['ca-cert'] and parameter_dict['crl'] -%}
SSLVerifyClient require
SSLCACertificateFile {{ parameter_dict['ca-cert'] }}
SSLCARevocationCheck chain
SSLCARevocationFile {{ parameter_dict['crl'] }}
LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
# We would like to separate the the authentificated logs.
# XXX filename ? is it log-rotated ?
ErrorLog "{{ parameter_dict['log-dir'] }}/apache-service-virtual-host-error.log"
CustomLog "{{ parameter_dict['log-dir'] }}/apache-service-virtual-host-access.log" combined
{% endif -%}
{% for path, backend in path_mapping.items() %}
RewriteRule ^/{{path}}(.*) {{ backend }}/VirtualHostBase/https/{{ ip }}:{{ port }}/VirtualHostRoot/_vh_{{ path }}$1 [L,P]
{% endfor -%}
</VirtualHost>
{% endfor -%}
...@@ -22,4 +22,4 @@ md5sum = 0f0ff00eca0b2ba1f1626b6415acb719 ...@@ -22,4 +22,4 @@ md5sum = 0f0ff00eca0b2ba1f1626b6415acb719
[template-apache-backend-conf] [template-apache-backend-conf]
filename = apache-backend.conf.in filename = apache-backend.conf.in
md5sum = e0a7b027cb52e5fa21ab64cfa7298f35 md5sum = 7d1d13f4a888c2735ff8d7a4a961d9b2
...@@ -22,11 +22,11 @@ md5sum = 0c0d98a68230cd0ad36046bb25b35f4a ...@@ -22,11 +22,11 @@ md5sum = 0c0d98a68230cd0ad36046bb25b35f4a
[mariadb-start-clone-from-backup] [mariadb-start-clone-from-backup]
filename = instance-mariadb-start-clone-from-backup.sh.in filename = instance-mariadb-start-clone-from-backup.sh.in
md5sum = e405227118a70fbf949a6414469989db md5sum = d95e8500bdc72d1f40b97cc414656e7e
[template-mariadb] [template-mariadb]
filename = instance-mariadb.cfg.in filename = instance-mariadb.cfg.in
md5sum = fc814dc35ee1a970d5f092cc0bb3a7a7 md5sum = b27b034e7c9ab13e446e4ac59cda9f38
[template-kumofs] [template-kumofs]
filename = instance-kumofs.cfg.in filename = instance-kumofs.cfg.in
...@@ -78,11 +78,11 @@ md5sum = eefce8adf37430b63559299699732b31 ...@@ -78,11 +78,11 @@ md5sum = eefce8adf37430b63559299699732b31
[template-zeo] [template-zeo]
filename = instance-zeo.cfg.in filename = instance-zeo.cfg.in
md5sum = f9151066df96527d4c7f75c3079b2c10 md5sum = d400c3d449ce437a0ded77ee3d5c5df2
[template-zope] [template-zope]
filename = instance-zope.cfg.in filename = instance-zope.cfg.in
md5sum = ac26b478d353ce76cdad137e04e34217 md5sum = 36f72fcff7b2ebed8343f4ec3f3568f8
[template-balancer] [template-balancer]
filename = instance-balancer.cfg.in filename = instance-balancer.cfg.in
......
...@@ -89,7 +89,7 @@ zcat "$BACKUP" | "$CLIENT" -u root ...@@ -89,7 +89,7 @@ zcat "$BACKUP" | "$CLIENT" -u root
echo "Configuring server as slave..." echo "Configuring server as slave..."
if [ "$MASTER_USE_GTID" -eq 1 ]; then if [ "$MASTER_USE_GTID" -eq 1 ]; then
"$CLIENT" -u root -e "$SQL_SET_GTID" "$CLIENT" -u root -e "$SQL_SET_GTID"
MASTER_USE_GTID_SQL="current_pos" MASTER_USE_GTID_SQL="slave_pos"
else else
MASTER_USE_GTID_SQL="NO" MASTER_USE_GTID_SQL="NO"
fi fi
......
...@@ -278,10 +278,8 @@ rendered = ${directory:srv}/exporter.exclude ...@@ -278,10 +278,8 @@ rendered = ${directory:srv}/exporter.exclude
[{{ section("resiliency-identity-signature-script")}}] [{{ section("resiliency-identity-signature-script")}}]
# Generate identity script used by webrunner to check data integrity # Generate identity script used by webrunner to check data integrity
# It excludes repozo files as they already include a hash function
# used to check backups when rebuilding the datafs
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = {{ bin_directory }}/backup-identity-script-excluding-path --exclude-path "srv/backup/logrotate" command-line = {{ bin_directory }}/backup-identity-script-excluding-path --exclude-path "srv/backup/logrotate/**"
wrapper-path = ${directory:srv}/.backup_identity_script wrapper-path = ${directory:srv}/.backup_identity_script
mode = 770 mode = 770
......
...@@ -117,7 +117,7 @@ rendered = ${directory:srv}/exporter.exclude ...@@ -117,7 +117,7 @@ rendered = ${directory:srv}/exporter.exclude
# It excludes repozo files as they already include a hash function # It excludes repozo files as they already include a hash function
# used to check backups when rebuilding the datafs # used to check backups when rebuilding the datafs
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = {{ bin_directory }}/backup-identity-script-excluding-path --exclude-path "srv/backup/logrotate" --exclude-path "srv/backup/zodb" command-line = {{ bin_directory }}/backup-identity-script-excluding-path --exclude-path "srv/backup/logrotate/**" --exclude-path "srv/backup/zodb/*/*fsz"
wrapper-path = ${directory:srv}/.backup_identity_script wrapper-path = ${directory:srv}/.backup_identity_script
mode = 770 mode = 770
......
...@@ -120,10 +120,8 @@ rendered = ${directory:srv}/exporter.exclude ...@@ -120,10 +120,8 @@ rendered = ${directory:srv}/exporter.exclude
[{{ section("resiliency-identity-signature-script")}}] [{{ section("resiliency-identity-signature-script")}}]
# Generate identity script used by webrunner to check data integrity # Generate identity script used by webrunner to check data integrity
# It excludes repozo files as they already include a hash function
# used to check backups when rebuilding the datafs
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = {{ bin_directory }}/backup-identity-script-excluding-path --exclude-path "srv/backup/logrotate" command-line = {{ bin_directory }}/backup-identity-script-excluding-path --exclude-path "srv/backup/logrotate/**"
wrapper-path = ${directory:srv}/.backup_identity_script wrapper-path = ${directory:srv}/.backup_identity_script
mode = 770 mode = 770
......
...@@ -134,7 +134,7 @@ pyparsing = 2.2.0 ...@@ -134,7 +134,7 @@ pyparsing = 2.2.0
pytz = 2016.10 pytz = 2016.10
requests = 2.13.0 requests = 2.13.0
six = 1.11.0 six = 1.11.0
slapos.cookbook = 1.0.75 slapos.cookbook = 1.0.84
slapos.core = 1.4.15 slapos.core = 1.4.15
slapos.extension.strip = 0.4 slapos.extension.strip = 0.4
slapos.extension.shared = 1.0 slapos.extension.shared = 1.0
...@@ -210,7 +210,7 @@ pyrsistent = 0.14.5 ...@@ -210,7 +210,7 @@ pyrsistent = 0.14.5
ipaddress = 1.0.18 ipaddress = 1.0.18
# Required by: # Required by:
# slapos.cookbook==1.0.62 # slapos.cookbook==1.0.84
jsonschema = 3.0.0a3 jsonschema = 3.0.0a3
# Required by: # Required by:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment