Commit 5cb52445 authored by zhifan huang's avatar zhifan huang

merge master

parents e4e53f72 320639dd
root = true
[*.{cfg,in,md,json}]
[*.{cfg,in,md,json,py}]
end_of_line = lf
charset = utf-8
insert_final_newline = true
trim_trailing_whitespace = true
[**.json]
[*.{json,py}]
indent_style = space
indent_size = 2
......
......@@ -7,7 +7,7 @@ extends =
../nghttp2/buildout.cfg
../gdbm/buildout.cfg
../libexpat/buildout.cfg
../libuuid/buildout.cfg
../util-linux/buildout.cfg
../libxml2/buildout.cfg
../openssl/buildout.cfg
../patch/buildout.cfg
......@@ -39,9 +39,9 @@ configure-options =
[apache]
recipe = slapos.recipe.cmmi
shared = true
version = 2.4.52
version = 2.4.53
url = https://archive.apache.org/dist/httpd/httpd-${:version}.tar.bz2
md5sum = a94ae42b84309d5ef6e613ae825b92fa
md5sum = f594f137137b5bdff3998dc17e3e9526
configure-options = --disable-static
--enable-authn-alias
--enable-bucketeer
......@@ -76,7 +76,7 @@ configure-options = --disable-static
--with-z=${zlib:location}
--with-expat=${libexpat:location}
--with-libxml2=${libxml2:location}/include/libxml2
--with-pcre=${pcre:location}
--with-pcre=${pcre:location}/bin/pcre-config
--with-sqlite3=${sqlite3:location}
--with-gdbm=${gdbm:location}
--with-nghttp2=${nghttp2:location}
......
......@@ -10,7 +10,7 @@ extends =
[boost-lib]
recipe = slapos.recipe.cmmi
shared = true
url = http://downloads.sourceforge.net/sourceforge/boost/boost_1_67_0.tar.bz2
url = https://boostorg.jfrog.io/artifactory/main/release/1.67.0/source/boost_1_67_0.tar.bz2
md5sum = ced776cb19428ab8488774e1415535ab
location = @@LOCATION@@
configure-command = ./bootstrap.sh --prefix=${:location} --without-icu $${PYTHON:+--with-python=$PYTHON}
......@@ -27,5 +27,5 @@ environment =
LZMA_LIBRARY_PATH=${xz-utils:location}/lib
patch-options = -p1
patches =
https://sources.debian.org/data/main/b/boost1.67/1.67.0-17/debian/patches/fix-ftbfs-python-3.3.patch#c85fb479d51354deafd1cc7af78f25d2
https://sources.debian.org/data/main/b/boost1.67/1.67.0-13+deb10u1/debian/patches/fix-ftbfs-python-3.3.patch#c85fb479d51354deafd1cc7af78f25d2
patch-binary = ${patch:location}/bin/patch
......@@ -12,7 +12,7 @@ extends =
[cyrus-sasl]
recipe = slapos.recipe.cmmi
shared = true
url = ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.26.tar.gz
url = https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-2.1.26/cyrus-sasl-2.1.26.tar.gz
md5sum = a7f4e5e559a0e37b3ffc438c9456e425
location = @@LOCATION@@
patch-options = -p1
......
[buildout]
extends =
../xz-utils/buildout.cfg
parts =
diffutils
[diffutils]
recipe = slapos.recipe.cmmi
shared = true
url = https://ftp.gnu.org/gnu/diffutils/diffutils-3.8.tar.xz
md5sum = 6a6b0fdc72acfe3f2829aab477876fbc
environment =
PATH=${xz-utils:location}/bin:%(PATH)s
......@@ -18,7 +18,7 @@ recipe = slapos.recipe.cmmi
md5sum = 0284ea239083f04c8b874e08e1aca243
# XXX: We still use an old version of dropbear instead of the last one
# in order have all patches working.
url = http://matt.ucc.asn.au/dropbear/releases/dropbear-0.53.1.tar.bz2
url = https://matt.ucc.asn.au/dropbear/releases/dropbear-0.53.1.tar.bz2
configure-options =
--with-zlib=${zlib:location}
......
......@@ -148,7 +148,7 @@ library =
${libpng:location}/lib
${libSM:location}/lib
${libtool:location}/lib
${libuuid:location}/lib
${util-linux:location}/lib
${libX11:location}/lib
${libXau:location}/lib
${libxcb:location}/lib
......
......@@ -31,25 +31,23 @@ md5sum = 5c781723a0d9ed6188960defba8e91cf
# http://ipafont.ipa.go.jp/
[ipaex-fonts]
<= fonts-base
url = http://dl.sourceforge.jp/ipafonts/57330/IPAexfont00201.zip
url = https://osdn.net/frs/redir.php?f=ipafonts%2F57330%2FIPAexfont00201.zip
md5sum = 7bf84182a04a9632268dbcb03f100d05
[ipa-fonts]
<= fonts-base
url = http://dl.sourceforge.jp/ipafonts/51868/IPAfont00303.zip
url = https://osdn.net/frs/redir.php?f=ipafonts%2F51868%2FIPAfont00303.zip
md5sum = 39a828acf27790adbe4944dfb4d94bb1
[ocrb-fonts]
<= fonts-base
url = http://sourceforge.jp/frs/redir.php?m=jaist&f=%2Ftsukurimashou%2F56948%2Focr-0.2.zip
url = https://osdn.net/frs/redir.php?f=tsukurimashou%2F56948%2Focr-0.2.zip
md5sum = 9f2acd83291a31dbe053912f4115db75
[android-fonts]
<= fonts-base
url = ftp://ftp.free.fr/mirrors/ftp.debian.org/pool/main/f/fonts-android/fonts-android_4.3.orig.tar.xz
url = http://archive.debian.org/debian-archive/debian/pool/main/f/fonts-android/fonts-android_4.3.orig.tar.xz
md5sum = 2d41d5342eb5f61591ddeec5b80da74d
environment =
PATH=${xz-utils:location}/bin:%(PATH)s
# The DejaVu fonts are a font family based upon Bitstream Vera v1.10. Its purpose is to
# provide a wider range of characters while maintaining the original look-and-feel
......
......@@ -18,8 +18,8 @@ parts =
[git]
recipe = slapos.recipe.cmmi
shared = true
url = https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.33.1.tar.xz
md5sum = 3462f34d9c17288eee854b7645f6a0a1
url = https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.35.1.tar.xz
md5sum = 3aae077280b6be861e3c1c637491853a
configure-options =
--with-curl=${curl:location}
--with-openssl=${openssl:location}
......
......@@ -21,8 +21,8 @@ environment-extra =
[libgpg-error]
<= gpg-common
version = 1.42
md5sum = 133fed221ba8f63f5842858a1ff67cb3
version = 1.44
md5sum = 3956969812cd4fbd133b79c5b5a2e7f7
configure-options-extra =
--disable-doc
--disable-tests
......
......@@ -5,7 +5,7 @@ parts = icu4c
recipe = slapos.recipe.cmmi
shared = true
location = @@LOCATION@@
url = http://download.icu-project.org/files/icu4c/58.2/icu4c-58_2-src.tgz
url = https://github.com/unicode-org/icu/releases/download/release-58-2/icu4c-58_2-src.tgz
md5sum = fac212b32b7ec7ab007a12dff1f3aea1
configure-command = source/configure
configure-options =
......@@ -20,8 +20,3 @@ patches =
[icu4c-58.2]
<= icu4c
[icu4c-55.1]
<= icu4c
url = http://download.icu-project.org/files/icu4c/55.1/icu4c-55_1-src.tgz
md5sum = e2d523df79d6cb7855c2fbe284f4db29
......@@ -41,7 +41,7 @@ environment =
[inkscape]
recipe = slapos.recipe.cmmi
shared = true
url = https://inkscape.org/gallery/item/13330/inkscape-0.92.4_A6N0YOn.tar.bz2
url = https://media.inkscape.org/dl/resources/file/inkscape-0.92.4.tar.bz2
md5sum = ac30f6d5747fd9c620c00dad500f414f
pkg_config_depends = ${freetype:location}/lib/pkgconfig:${gtkmm:location}/lib/pkgconfig:${gtkmm:pkg_config_depends}:${gsl:location}/lib/pkgconfig:${popt:location}/lib/pkgconfig:${garbage-collector:location}/lib/pkgconfig:${libxslt:location}/lib/pkgconfig
configure-command = ${cmake:location}/bin/cmake
......
[buildout]
extends =
../attr/buildout.cfg
parts = libcap-ng
[libcap-ng]
recipe = slapos.recipe.cmmi
shared = true
url = https://people.redhat.com/sgrubb/libcap-ng/libcap-ng-0.8.2.tar.gz
#url = https://people.redhat.com/sgrubb/libcap-ng/libcap-ng-${:version}.tar.gz
# ERROR: The certificate of 'people.redhat.com' doesn't have a known issuer.
url = http://sources.buildroot.net/libcap-ng/libcap-ng-${:version}.tar.gz
version = 0.8.2
md5sum = faf1ef766cf068ad1aba4008ced665f7
location = @@LOCATION@@
configure-options =
--with-python=no
--with-python3=no
......
......@@ -6,7 +6,7 @@ extends =
../pkgconfig/buildout.cfg
../glib/buildout.cfg
../gettext/buildout.cfg
../libuuid/buildout.cfg
../util-linux/buildout.cfg
../xz-utils/buildout.cfg
......
......@@ -5,7 +5,7 @@ parts =
[libsodium]
recipe = slapos.recipe.cmmi
shared = true
url = https://download.libsodium.org/libsodium/releases/libsodium-1.0.8.tar.gz
url = https://download.libsodium.org/libsodium/releases/old/unsupported/libsodium-1.0.8.tar.gz
md5sum = 0a66b86fd3aab3fe4c858edcd2772760
configure-options =
--disable-static
[buildout]
parts =
libuuid
extends =
../perl/buildout.cfg
[libuuid]
recipe = slapos.recipe.cmmi
shared = true
url = http://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-2.37.2.tar.xz
md5sum = d659bf7cd417d93dc609872f6334b019
configure-options =
--disable-static
--disable-all-programs
--enable-libuuid
--without-libiconv-prefix
--without-libintl-prefix
--without-ncurses
--without-slang
--without-pam
--without-selinux
--without-audit
environment =
PATH=${perl:location}/bin:%(PATH)s
[buildout]
extends =
extends =
../bison/buildout.cfg
../rrdtools/buildout.cfg
../flex/buildout.cfg
......@@ -11,12 +11,12 @@ parts =
[lmsensors]
recipe = slapos.recipe.cmmi
url = https://src.fedoraproject.org/repo/pkgs/lm_sensors/lm_sensors-3.3.5.tar.bz2/da506dedceb41822e64865f6ba34828a/lm_sensors-3.3.5.tar.bz2
md5sum = da506dedceb41822e64865f6ba34828a
url = http://dl.lm-sensors.org/lm-sensors/releases/lm_sensors-3.3.5.tar.bz2
configure-command = true
make-options =
PREFIX=${buildout:parts-directory}/${:_buildout_section_name_}
ETCDIR=${buildout:parts-directory}/${:_buildout_section_name_}/etc
environment =
environment =
PATH=${bison:location}/bin:${flex:location}/bin:%(PATH)s
[buildout]
extends =
../pygolang/buildout.cfg
[virtual-env-base]
recipe = slapos.recipe.build
_name = ${:_buildout_section_name_}
init =
from zc.buildout.easy_install import working_set
import os
name = options['_name']
eggs = options['eggs']
try:
scripts = "scripts = " + options['scripts']
except KeyError:
scripts = ""
self.buildout.parse("""
[.%(name)s.install-eggs]
recipe = zc.recipe.egg
eggs = %(eggs)s
%(scripts)s
[.%(name)s.install-interpreter]
<= python-interpreter
eggs += %(eggs)s
""" % locals())
install =
with open(location, "w") as f:
f.write(options['template'] % {
"path" : self.buildout['buildout']['bin-directory'],
"name" : self.name,
})
# Template virtual env for bash shell in posix
[virtual-env-base:posix]
template =
deactivate () {
set PATH PS1
while [ "$1" ]; do
eval "if [ \"\$_OLD_VENV_$1\" ]; then $1=\$_OLD_VENV_$1; else unset $1; fi; unset \$_OLD_VENV_$1"
shift
done
unset -f deactivate
}
VENV_PATH=%(path)s
_OLD_VENV_PATH=$PATH
_OLD_VENV_PS1=$PS1
PATH=$VENV_PATH:$PATH
PS1='(%(name)s) '$PS1
......@@ -14,7 +14,7 @@ parts =
[make3.81-debian]
recipe = slapos.recipe.cmmi
url = http://ftp.de.debian.org/debian/pool/main/m/make-dfsg/make-dfsg_3.81.orig.tar.gz
url = http://archive.debian.org/debian-archive/debian/pool/main/m/make-dfsg/make-dfsg_3.81.orig.tar.gz
md5sum = 7c93b1ab4680eb21c2c13f4f47741e2d
shared = true
patches =
......
......@@ -81,7 +81,7 @@ environment =
PATH=${patch:location}/bin:%(PATH)s
patch-options = -p1
patches =
https://sources.debian.org/data/main/m/mariadb-10.3/1:10.3.22-0+deb10u1/debian/patches/0024-Revert-to-using-system-pcre-library.patch#1c6a0f2634f5a56122299674b77b1131
https://sources.debian.org/data/main/m/mariadb-10.3/1:10.3.34-0+deb10u1/debian/patches/0024-Revert-to-using-system-pcre-library.patch#1c6a0f2634f5a56122299674b77b1131
post-install =
ldd=`ldd %(location)s/lib/plugin/ha_rocksdb.so`
for x in ${lz4:location} ${snappy:location} ${zstd:location}
......
......@@ -10,9 +10,8 @@ extends =
[nano]
recipe = slapos.recipe.cmmi
shared = true
url = http://www.nano-editor.org/dist/v2.8/nano-2.8.4.tar.xz
md5sum = 02ff28870194178595b287fc16fa611b
location = @@LOCATION@@
url = https://www.nano-editor.org/dist/v6/nano-6.2.tar.xz
md5sum = 12784a5c245518d7580125ebbd6b7601
# The dummy PKG_CONFIG is in the case that both pkg-config and ncursesw
# are installed on the system.
environment=
......@@ -21,5 +20,6 @@ environment=
CPPFLAGS=-I${file:location}/include -I${zlib:location}/include
LDFLAGS=-L${file:location}/lib/ -Wl,-rpath=${file:location}/lib/ -L${zlib:location}/lib/ -Wl,-rpath=${zlib:location}/lib/
post-install =
cd ${:location} && mkdir etc &&
echo include "${:location}/share/nano/*.nanorc" > etc/nanorc
cd %(location)s
mkdir etc
echo 'include %(location)s/share/nano/*.nanorc' > etc/nanorc
......@@ -17,8 +17,8 @@ parts =
[openssl]
recipe = slapos.recipe.cmmi
shared = true
url = https://www.openssl.org/source/openssl-1.1.1l.tar.gz
md5sum = ac0d4387f3ba0ad741b0580dd45f6ff3
url = https://www.openssl.org/source/openssl-1.1.1n.tar.gz
md5sum = 2aad5635f9bb338bc2c6b7d19cbc9676
location = @@LOCATION@@
# 'prefix' option to override --openssldir/--prefix (which is useful
# when combined with DESTDIR). Used by slapos.package.git/obs
......
......@@ -7,7 +7,7 @@ parts =
[pcre]
recipe = slapos.recipe.cmmi
shared = true
url = https://ftp.pcre.org/pub/pcre/pcre-8.45.tar.bz2
url = https://download.sourceforge.net/pcre/pcre/8.45/pcre-8.45.tar.bz2
md5sum = 4452288e6a0eefb2ab11d36010a1eebb
configure-options =
--disable-static
......
......@@ -11,7 +11,7 @@ shared = false
<= perl-CPAN-package
# XXX it's not on CPAN, so we use url
version = 3.0.3
url = https://www.percona.com/downloads/percona-toolkit/${:version}/source/tarball/percona-toolkit-${:version}.tar.gz
url = https://downloads.percona.com/downloads/percona-toolkit/${:version}/source/tarball/percona-toolkit-${:version}.tar.gz
md5sum = 8af181994fdf9aa984475637861098e9
inc = ${perl-DBI:site_perl}:${perl-DBD-mariadb:site_perl}
......@@ -14,7 +14,7 @@ extends =
[poppler]
recipe = slapos.recipe.cmmi
shared = true
url = http://poppler.freedesktop.org/poppler-0.43.0.tar.xz
url = https://poppler.freedesktop.org/poppler-0.43.0.tar.xz
md5sum = 1d2b001663119855cdfbc0713dbfb9c6
configure-options =
--disable-cairo-output
......
......@@ -8,7 +8,7 @@ extends =
../libcap-ng/buildout.cfg
../libpng/buildout.cfg
../liburing/buildout.cfg
../libuuid/buildout.cfg
../util-linux/buildout.cfg
../meson/buildout.cfg
../ncurses/buildout.cfg
../ninja/buildout.cfg
......
......@@ -10,7 +10,7 @@ parts =
recipe = slapos.recipe.cmmi
shared = true
location = @@LOCATION@@
url = http://download.qt.io/official_releases/qt/5.6/5.6.2/submodules/qtbase-opensource-src-5.6.2.tar.gz
url = https://download.qt.io/new_archive/qt/5.6/5.6.2/submodules/qtbase-opensource-src-5.6.2.tar.gz
md5sum = 7aa5841b50c411e23e31e8a6cc1c6981
configure-command = ./configure
configure-options =
......@@ -42,7 +42,7 @@ post-install =
# qmake binary can be reached directly from ${qt:location}/bin/qmake if [qt] is fully built
recipe = slapos.recipe.cmmi
location = ${buildout:parts-directory}/${:_buildout_section_name_}
url = http://download.qt.io/archive/qt/4.8/4.8.7/qt-everywhere-opensource-src-4.8.7.tar.gz
url = https://download.qt.io/new_archive/qt/4.8/4.8.7/qt-everywhere-opensource-src-4.8.7.tar.gz
md5sum = d990ee66bf7ab0c785589776f35ba6ad
# see https://github.com/NixOS/nixpkgs/blob/3e387c3e005c87566b5403d24c86f71f4945a79b/pkgs/development/libraries/qt-4.x/4.8/default.nix#L101
pre-configure =
......
......@@ -11,7 +11,7 @@ extends =
../pcre/buildout.cfg
../libffi/buildout.cfg
../zlib/buildout.cfg
../libuuid/buildout.cfg
../util-linux/buildout.cfg
# compilation
../git/buildout.cfg
......
......@@ -12,7 +12,7 @@ parts =
[r-language]
recipe = slapos.recipe.cmmi
url = http://cran.univ-paris1.fr/src/base/R-3/R-3.2.1.tar.gz
url = https://cran.r-project.org/src/base/R-3/R-3.2.1.tar.gz
md5sum = c2aac8b40f84e08e7f8c9068de9239a3
configure-options =
--enable-R-shlib
......
......@@ -5,7 +5,7 @@ extends =
../curl/buildout.cfg
../libestr/buildout.cfg
../libfastjson/buildout.cfg
../libuuid/buildout.cfg
../util-linux/buildout.cfg
../zlib/buildout.cfg
[rsyslogd]
......
......@@ -3,8 +3,9 @@ parts =
serf
extends =
../apache/buildout.cfg
../libuuid/buildout.cfg
../util-linux/buildout.cfg
../openssl/buildout.cfg
../python-2.7/buildout.cfg
../zlib/buildout.cfg
[serf]
......@@ -13,7 +14,7 @@ shared = true
url = https://archive.apache.org/dist/serf/serf-1.3.9.tar.bz2
md5sum = 370a6340ff20366ab088012cd13f2b57
scons-command =
python ${scons:location}/scons.py \
${python2.7:location}/bin/python ${scons:location}/scons.py \
APR="${apr:location}" \
APU="${apr-util:location}" \
OPENSSL="${openssl:location}" \
......
......@@ -8,7 +8,7 @@ parts =
[socat]
recipe = slapos.recipe.cmmi
shared = true
url = http://www.dest-unreach.org/socat/download/socat-${:version}.tar.gz
url = http://www.dest-unreach.org/socat/download/Archive/socat-${:version}.tar.gz
version = 1.7.3.2
md5sum = aec3154f7854580cfab0c2d81e910519
environment =
......
......@@ -5,7 +5,7 @@
extends =
../apache/buildout.cfg
../libexpat/buildout.cfg
../libuuid/buildout.cfg
../util-linux/buildout.cfg
../openssl/buildout.cfg
../patch/buildout.cfg
../perl/buildout.cfg
......
# Tig: text-mode interface for Git
# http://jonas.nitro.dk/tig/
# https://jonas.github.io/tig/
[buildout]
extends =
../libiconv/buildout.cfg
../ncurses/buildout.cfg
[tig]
recipe = slapos.recipe.cmmi
shared = true
url = http://jonas.nitro.dk/tig/releases/tig-2.1.tar.gz
md5sum = d6c237aba2c03d85897da79789fd6104
url = https://github.com/jonas/tig/releases/download/tig-2.5.5/tig-2.5.5.tar.gz
md5sum = 0902ba706e8efaf6c2087d8b66393375
environment =
CFLAGS=-I${ncurses:location}/include
LDFLAGS=-L${ncurses:location}/lib -Wl,-rpath=${ncurses:location}/lib
CFLAGS=-I${ncurses:location}/include -I${libiconv:location}/include
LDFLAGS=-L${ncurses:location}/lib -Wl,-rpath=${ncurses:location}/lib -L${libiconv:location}/lib -Wl,-rpath=${libiconv:location}/lib
......@@ -45,6 +45,7 @@ patch-options = -p1
# (see https://github.com/apache/trafficserver/issues/8539 for the detail)
patches =
${:_profile_base_location_}/trafficserver-9.1.1-TSHttpTxnCacheLookupStatusGet-fix.patch#d8ed3db3a48e97eb72aaaf7d7598a2d2
${:_profile_base_location_}/trafficserver-9.1.1-via-string-rapid-cdn.patch#8c39243d7525222385d5964485734f99
environment =
PATH=${libtool:location}/bin:${make:location}/bin:${patch:location}/bin:${perl:location}/bin:${pkgconfig:location}/bin:%(PATH)s
LDFLAGS =-L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -L${tcl:location}/lib -Wl,-rpath=${tcl:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${luajit:location}/lib -lm
......
diff -ur trafficserver-9.1.1.orig/proxy/http/HttpTransactHeaders.cc trafficserver-9.1.1/proxy/http/HttpTransactHeaders.cc
--- trafficserver-9.1.1.orig/proxy/http/HttpTransactHeaders.cc 2022-02-09 12:21:56.591350540 +0100
+++ trafficserver-9.1.1/proxy/http/HttpTransactHeaders.cc 2022-03-07 13:02:31.503849619 +0100
@@ -758,15 +758,6 @@
write_hdr_protocol_stack(via_string, via_limit - via_string, ProtocolStackDetail::Standard, proto_buf.data(), n_proto);
*via_string++ = ' ';
- via_string += nstrcpy(via_string, s->http_config_param->proxy_hostname);
-
- *via_string++ = '[';
- memcpy(via_string, Machine::instance()->uuid.getString(), TS_UUID_STRING_LEN);
- via_string += TS_UUID_STRING_LEN;
- *via_string++ = ']';
- *via_string++ = ' ';
- *via_string++ = '(';
-
memcpy(via_string, s->http_config_param->proxy_request_via_string, s->http_config_param->proxy_request_via_string_len);
via_string += s->http_config_param->proxy_request_via_string_len;
@@ -793,7 +784,6 @@
}
}
- *via_string++ = ')';
*via_string = 0;
ink_assert((size_t)(via_string - new_via_string) < (sizeof(new_via_string) - 1));
@@ -848,10 +838,6 @@
write_hdr_protocol_stack(via_string, via_limit - via_string, ProtocolStackDetail::Standard, proto_buf.data(), n_proto);
*via_string++ = ' ';
- via_string += nstrcpy(via_string, s->http_config_param->proxy_hostname);
- *via_string++ = ' ';
- *via_string++ = '(';
-
memcpy(via_string, s->http_config_param->proxy_response_via_string, s->http_config_param->proxy_response_via_string_len);
via_string += s->http_config_param->proxy_response_via_string_len;
@@ -877,7 +863,6 @@
}
}
- *via_string++ = ')';
*via_string = 0;
ink_assert((size_t)(via_string - new_via_string) < (sizeof(new_via_string) - 1));
......@@ -5,7 +5,7 @@ extends =
../libtool/buildout.cfg
../git/buildout.cfg
../openssl/buildout.cfg
../libuuid/buildout.cfg
../util-linux/buildout.cfg
parts = accords
......
......@@ -4,7 +4,7 @@ parts = apache-perl perl-Apache2-Request
extends =
../apache/buildout.cfg
../perl/buildout.cfg
../libuuid/buildout.cfg
../util-linux/buildout.cfg
[apache-perl]
# Note: Shall react on each build of apache and reinstall itself
......
......@@ -7,8 +7,8 @@ extends =
[util-linux]
recipe = slapos.recipe.cmmi
shared = true
url = https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-2.37.1.tar.xz
md5sum = 6d244f0f59247e9109f47d6e5dd0556b
url = https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-2.37.2.tar.xz
md5sum = d659bf7cd417d93dc609872f6334b019
configure-options =
--disable-static
--enable-libuuid
......@@ -50,3 +50,21 @@ environment =
PATH=${perl:location}/bin:${xz-utils:location}/bin:%(PATH)s
LDFLAGS=-L${libcap-ng:location}/lib -Wl,-rpath=${libcap-ng:location}/lib
CFLAGS=-I${libcap-ng:location}/include
[libuuid]
# libuuid is inside util-linux source code with only libuuid feature enabled.
<= util-linux
configure-options =
--disable-static
--disable-all-programs
--enable-libuuid
--without-libiconv-prefix
--without-libintl-prefix
--without-ncurses
--without-slang
--without-pam
--without-selinux
--without-audit
environment =
PATH=${perl:location}/bin:%(PATH)s
[buildout]
extends =
extends =
../freetype/buildout.cfg
../fontconfig/buildout.cfg
../libpng/buildout.cfg
......@@ -13,7 +13,7 @@ parts =
[wkhtmltopdf]
recipe = slapos.recipe.build
url = http://download.gna.org/wkhtmltopdf/0.12/0.12.4/wkhtmltox-0.12.4_${:_url}.tar.xz
url = https://github.com/wkhtmltopdf/wkhtmltopdf/releases/download/0.12.4/wkhtmltox-0.12.4_${:_url}.tar.xz
environment =
PATH=${xz-utils:location}/bin:%(PATH)s
install =
......
......@@ -3,7 +3,7 @@ parts =
xapian
extends =
../zlib/buildout.cfg
../libuuid/buildout.cfg
../util-linux/buildout.cfg
[xapian]
recipe = slapos.recipe.cmmi
......
......@@ -10,7 +10,7 @@ extends =
../icu/buildout.cfg
../intltool/buildout.cfg
../libtool/buildout.cfg
../libuuid/buildout.cfg
../util-linux/buildout.cfg
../libxml2/buildout.cfg
../libxslt/buildout.cfg
../meson/buildout.cfg
......@@ -134,7 +134,7 @@ environment =
[libXext]
recipe = slapos.recipe.cmmi
shared = true
url = http://ftp.x.org/pub/individual/lib/libXext-1.3.3.tar.bz2
url = https://ftp.x.org/pub/individual/lib/libXext-1.3.3.tar.bz2
md5sum = 52df7c4c1f0badd9f82ab124fb32eb97
pkg_config_depends = ${libX11:location}/lib/pkgconfig:${libX11:pkg_config_depends}
environment =
......@@ -206,7 +206,7 @@ configure-options =
[fixesproto]
recipe = slapos.recipe.cmmi
shared = true
url = http://www.x.org/releases/X11R7.7/src/everything/fixesproto-5.0.tar.bz2
url = https://www.x.org/releases/X11R7.7/src/everything/fixesproto-5.0.tar.bz2
md5sum = e7431ab84d37b2678af71e29355e101d
environment =
PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig
......@@ -215,7 +215,7 @@ environment =
[bigreqsproto]
recipe = slapos.recipe.cmmi
shared = true
url = http://www.x.org/releases/X11R7.7/src/everything/bigreqsproto-1.1.2.tar.bz2
url = https://www.x.org/releases/X11R7.7/src/everything/bigreqsproto-1.1.2.tar.bz2
md5sum = 1a05fb01fa1d5198894c931cf925c025
environment =
PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig
......@@ -224,7 +224,7 @@ environment =
[xcmiscproto]
recipe = slapos.recipe.cmmi
shared = true
url = http://www.x.org/releases/X11R7.7/src/everything/xcmiscproto-1.2.2.tar.bz2
url = https://www.x.org/releases/X11R7.7/src/everything/xcmiscproto-1.2.2.tar.bz2
md5sum = 5f4847c78e41b801982c8a5e06365b24
environment =
PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig
......@@ -233,7 +233,7 @@ environment =
[damageproto]
recipe = slapos.recipe.cmmi
shared = true
url = http://www.x.org/releases/X11R7.7/src/everything/damageproto-1.2.1.tar.bz2
url = https://www.x.org/releases/X11R7.7/src/everything/damageproto-1.2.1.tar.bz2
md5sum = 998e5904764b82642cc63d97b4ba9e95
environment =
PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig
......@@ -261,7 +261,7 @@ environment =
[renderproto]
recipe = slapos.recipe.cmmi
shared = true
url = http://www.x.org/releases/X11R7.7/src/everything/renderproto-0.11.1.tar.bz2
url = https://www.x.org/releases/X11R7.7/src/everything/renderproto-0.11.1.tar.bz2
md5sum = a914ccc1de66ddeb4b611c6b0686e274
environment =
PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig
......@@ -292,7 +292,7 @@ environment =
[recordproto]
recipe = slapos.recipe.cmmi
shared = true
url = http://www.x.org/releases/X11R7.7/src/everything/recordproto-1.14.2.tar.bz2
url = https://www.x.org/releases/X11R7.7/src/everything/recordproto-1.14.2.tar.bz2
md5sum = 1b4e5dede5ea51906f1530ca1e21d216
environment =
PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig
......@@ -301,7 +301,7 @@ environment =
[resourceproto]
recipe = slapos.recipe.cmmi
shared = true
url = http://www.x.org/releases/X11R7.7/src/everything/resourceproto-1.2.0.tar.bz2
url = https://www.x.org/releases/X11R7.7/src/everything/resourceproto-1.2.0.tar.bz2
md5sum = cfdb57dae221b71b2703f8e2980eaaf4
environment =
PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig
......@@ -310,7 +310,7 @@ environment =
[xineramaproto]
recipe = slapos.recipe.cmmi
shared = true
url = http://www.x.org/releases/X11R7.7/src/everything/xineramaproto-1.2.1.tar.bz2
url = https://www.x.org/releases/X11R7.7/src/everything/xineramaproto-1.2.1.tar.bz2
md5sum = 9959fe0bfb22a0e7260433b8d199590a
environment =
PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig
......@@ -396,7 +396,7 @@ environment =
[renderext]
recipe = slapos.recipe.cmmi
shared = true
url = http://xlibs.freedesktop.org/release/renderext-0.9.tar.bz2
url = https://xlibs.freedesktop.org/release/renderext-0.9.tar.bz2
md5sum = d43c2afc69937655d13c02588c9ff974
[libXrender]
......@@ -537,7 +537,7 @@ environment =
[compositeproto]
recipe = slapos.recipe.cmmi
shared = true
url = http://www.x.org/releases/X11R7.7/src/everything/compositeproto-0.4.2.tar.bz2
url = https://www.x.org/releases/X11R7.7/src/everything/compositeproto-0.4.2.tar.bz2
md5sum = 98482f65ba1e74a08bf5b056a4031ef0
[libXcomposite]
......
[buildout]
extends =
../libtool/buildout.cfg
../libuuid/buildout.cfg
../util-linux/buildout.cfg
[zeromq]
<= zeromq3
......
......@@ -28,7 +28,7 @@ from setuptools import setup, find_packages
import glob
import os
version = '1.0.226'
version = '1.0.238'
name = 'slapos.cookbook'
long_description = open("README.rst").read()
......
......@@ -24,7 +24,7 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from urlparse import urlparse
from six.moves.urllib.parse import urlparse
from slapos.recipe.librecipe import GenericBaseRecipe
......
......@@ -8,7 +8,7 @@ import pytz
def updateMysql(mysql_upgrade_binary, mysql_binary, mysql_script_file):
sleep = 0
with open(mysql_script_file, 'rb') as script_file:
with open(mysql_script_file, 'r') as script_file:
mysql_script = script_file.read()
mysql_list = mysql_binary, '-B'
mysql_tzinfo_to_sql_list = (
......
......@@ -34,6 +34,7 @@ import string, random
import json
import traceback
from slapos import slap
from slapos.util import binFromIpv6
class Recipe(GenericBaseRecipe):
......@@ -54,20 +55,8 @@ class Recipe(GenericBaseRecipe):
return GenericBaseRecipe.__init__(self, buildout, name, options)
def getSerialFromIpv6(self, ipv6):
prefix = ipv6.split('/')[0].lower()
hi, lo = struct.unpack('!QQ', socket.inet_pton(socket.AF_INET6, prefix))
ipv6_int = (hi << 64) | lo
serial = '0x1%x' % ipv6_int
# delete non significant part
for part in prefix.split(':')[::-1]:
if part:
for i in ['0']*(4 - len(part)):
part = i + part
serial = serial.split(part)[0] + part
break
return serial
prefix, prefix_length = ipv6.split('/')
return "0x%x" % int('1%s' % binFromIpv6(prefix)[:int(prefix_length)], 2)
def generateCertificate(self):
key_file = self.options['key-file'].strip()
......
......@@ -109,13 +109,18 @@ class Re6stnetTest(unittest.TestCase):
recipe = self.new_recipe()
serial = recipe.getSerialFromIpv6(ipv6)
self.assertEqual(serial, '0x1be280db8fe6a0d8504fe054a00ae0aea')
self.assertEqual(serial, '0x1be280db8fe6a0d85')
ipv6 = '2001:db8:24::/48'
serial = recipe.getSerialFromIpv6(ipv6)
self.assertEqual(serial, '0x120010db80024')
ipv6 = '2001:db8:24::/47'
serial = recipe.getSerialFromIpv6(ipv6)
self.assertEqual(serial, '0x900086dc0012')
def test_install(self):
self.options.update({
'ipv6-prefix': '2001:db8:24::/48',
......
import unittest
import zc.buildout.testing
class UrlparseTest(unittest.TestCase):
def setUp(self):
self.buildout = buildout = zc.buildout.testing.Buildout()
buildout['urlinfo'] = {}
buildout['urlinfo']['url'] = "http://www.google.com/search?hl=en&q=urlparse&btnG=Google+Search"
from slapos.recipe import _urlparse
self.recipe = _urlparse.Recipe(buildout,"urlinfo",buildout['urlinfo'])
def test_options(self):
buildout = self.buildout
self.assertTrue(buildout['urlinfo'])
self.assertEqual(buildout['urlinfo']['path'], 'search')
self.assertEqual(buildout['urlinfo']['scheme'], 'http')
self.assertEqual(buildout['urlinfo']['host'], 'www.google.com')
self.assertEqual(buildout['urlinfo']['query'], 'hl=en&q=urlparse&btnG=Google+Search')
def test_install(self):
self.assertEqual(self.recipe.install(), [])
[instance-profile]
filename = instance.cfg.in
md5sum = ed202dc7d69f517e325f01dc3ac4fe32
md5sum = 6e3e1dc304378640707cdb6a792106f1
......@@ -5,27 +5,20 @@
#############################
[buildout]
parts =
directory
publish-connection-parameter
download-plc
beremiz-runtime
# beremiz-runtime-promise
#beremiz-runtime-promise
eggs-directory = {{ buildout['eggs-directory'] }}
develop-eggs-directory = {{ buildout['develop-eggs-directory'] }}
offline = true
extends = {{ template_monitor }}
[download-plc]
recipe = plone.recipe.command
update-command = ${:command}
recipe = slapos.recipe.build:download-unpacked
offline = false
url = ${instance-parameter:configuration.runtime_plc_url}
md5sum = ${instance-parameter:configuration.runtime_plc_md5sum}
# XXX: do check md5sum !
command =
wget ${:url} -O plc.tgz
tar zxvf plc.tgz
[instance-parameter]
recipe = slapos.cookbook:slapconfiguration
......@@ -36,13 +29,9 @@ key = ${slap-connection:key-file}
cert = ${slap-connection:cert-file}
configuration.runtime_plc_url =
configuration.runtime_plc_md5sum =
# XXX: we can get rid of plc_name in future
configuration.runtime_plc_name =
configuration.autostart = 1
configuration.interface = 0.0.0.0
# XXX: randomly generated one on slap's interface?
configuration.port = 61248
configuration.plc_runtime_path = ${directory:home}/${:configuration.runtime_plc_name}
# Create all needed directories, depending on your needs
[directory]
......@@ -50,7 +39,7 @@ recipe = slapos.cookbook:mkdirectory
home = ${buildout:directory}
etc = ${:home}/etc
var = ${:home}/var
script = ${:etc}/run/
script = ${:etc}/run
service = ${:etc}/service
log = ${:var}/log
......@@ -58,7 +47,7 @@ log = ${:var}/log
logfile = ${directory:log}/beremiz-runtime.log
recipe = slapos.cookbook:wrapper
command-line =
{{ buildout['bin-directory'] }}/pythonwitheggs {{ buildout['directory'] }}/src/beremiz/Beremiz_service.py -a ${instance-parameter:configuration.autostart} -p ${instance-parameter:configuration.port} -i ${instance-parameter:configuration.interface} -x 1 ${directory:home}/${instance-parameter:configuration.runtime_plc_name}
{{ buildout['bin-directory'] }}/pythonwitheggs {{ buildout['directory'] }}/parts/beremiz-source/Beremiz_service.py -a ${instance-parameter:configuration.autostart} -p ${instance-parameter:configuration.port} -i ${instance-parameter:configuration.interface} -x 1 ${directory:home}/parts/download-plc
wrapper-path = ${directory:service}/beremiz-runtime
[beremiz-runtime-promise]
......
# the default SlapOs profile which setup a modbus server instance usually over OSIE's coupler
[buildout]
allow-picked-versions = true
extensions = mr.developer
auto-checkout = beremiz
extends =
buildout.hash.cfg
https://lab.nexedi.com/nexedi/slapos/raw/master/stack/monitor/buildout.cfg
https://lab.nexedi.com/nexedi/slapos/raw/master/stack/slapos.cfg
https://lab.nexedi.com/nexedi/slapos/raw/master/component/python3/buildout.cfg
../../component/git/buildout.cfg
../../stack/monitor/buildout.cfg
../../stack/slapos.cfg
parts =
python-interpreter
beremiz-source
slapos-cookbook
instance-profile
python-interpreter
# fix for pypi: https://mail.python.org/pipermail/distutils-sig/2017-October/031712.html
index = https://pypi.python.org/simple/
[sources]
beremiz = git https://github.com/beremiz/beremiz.git branch=default
[beremiz-source]
recipe = slapos.recipe.build:gitclone
repository = https://github.com/beremiz/beremiz.git
branch = default
git-executable = ${git:location}/bin/git
[beremiz]
recipe = zc.recipe.egg:develop
egg = beremiz
setup = ${buildout:directory}/src/beremiz
setup = ${beremiz-source:location}
[Twisted]
recipe = zc.recipe.egg:custom
......@@ -31,6 +28,7 @@ egg = Twisted
setup-eggs =
six
pathlib
incremental
[python-interpreter]
recipe = zc.recipe.egg
......@@ -53,7 +51,6 @@ eggs = click
[instance-profile]
recipe = slapos.recipe.template:jinja2
template = ${:_profile_base_location_}/${:filename}
mode = 0644
rendered = ${buildout:directory}/instance.cfg
extensions = jinja2.ext.do
context =
......@@ -95,4 +92,3 @@ typing = 3.10.0.0
autobahn = 19.11.2
txaio = 18.8.1
idna = 2.10
mr.developer = 2.0.1
......@@ -22,19 +22,19 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-caddy-frontend]
filename = instance-apache-frontend.cfg.in
md5sum = 0950e09ad1f03f0789308f5f7a7eb1b8
md5sum = 04e550480d3057ca65d87c6fadbaed6e
[profile-caddy-replicate]
filename = instance-apache-replicate.cfg.in
md5sum = c5d1e235959a877b4f3157369c6f5e10
md5sum = 63b418626ef0f8ac54d6359fb6637371
[profile-slave-list]
_update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
md5sum = c67e172c0c6eca955b18962404056a33
md5sum = e3ba0da5d137dcbd56c2604d200ac3b9
[profile-replicate-publish-slave-information]
_update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
md5sum = df304a8aee87b6f2425241016a48f7a5
md5sum = be54431846fe7f3cee65260eefc83d62
[profile-caddy-frontend-configuration]
_update_hash_filename_ = templates/Caddyfile.in
......@@ -46,11 +46,11 @@ md5sum = 88af61e7abbf30dc99a1a2526161128d
[template-default-slave-virtualhost]
_update_hash_filename_ = templates/default-virtualhost.conf.in
md5sum = 37475d79f28c5f126bc1947fdb938fdb
md5sum = 57c86795293b11300a036f5f8cf2c868
[template-backend-haproxy-configuration]
_update_hash_filename_ = templates/backend-haproxy.cfg.in
md5sum = ae4c9ce775ea003aa51eda5ecbbeec73
md5sum = 6d4ad68ac44ccc72fe9148bd8e05a6f0
[template-empty]
_update_hash_filename_ = templates/empty.in
......@@ -62,7 +62,7 @@ md5sum = 975177dedf677d24e14cede5d13187ce
[template-trafficserver-records-config]
_update_hash_filename_ = templates/trafficserver/records.config.jinja2
md5sum = e87238c53d080ef9ef90040e57bc1395
md5sum = 715baa302d562a7e4eddc3d1bf72f981
[template-trafficserver-storage-config]
_update_hash_filename_ = templates/trafficserver/storage.config.jinja2
......@@ -94,15 +94,15 @@ md5sum = 8c150e1e6c993708d31936742f3a7302
[caddyprofiledeps-setup]
filename = setup.py
md5sum = 8e1c6c06c09beb921965b3ce98c67c9e
md5sum = f6f72d03af7d9dc29fb4d4fef1062e73
[caddyprofiledeps-dummy]
filename = caddyprofiledummy.py
md5sum = 59cb33f11272ee09eccea74981d2304a
md5sum = b41b8de115ad815d0b0db306ad650365
[profile-kedifa]
filename = instance-kedifa.cfg.in
md5sum = dfb4dabd1e4094de1276d171f998ef47
md5sum = 88f3a8cc30d3cf30f4bd2797f5c16221
[template-backend-haproxy-rsyslogd-conf]
_update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in
......@@ -111,3 +111,7 @@ md5sum = 3336d554661b138dcef97b1d1866803c
[template-slave-introspection-httpd-nginx]
_update_hash_filename_ = templates/slave-introspection-httpd-nginx.conf.in
md5sum = 3067e6ba6c6901821d57d2109517d39c
[template-expose-csr-nginx-conf]
_update_hash_filename_ = templates/expose-csr-nginx.conf.in
md5sum = 5620baa8819fcc8340fa6777ee551a1a
from __future__ import print_function
import caucase.client
import caucase.utils
import os
import ssl
import sys
import urllib
import urlparse
from cryptography import x509
from cryptography.hazmat.primitives import serialization
class Recipe(object):
def __init__(self, *args, **kwargs):
pass
......@@ -19,3 +30,94 @@ def validate_netloc(netloc):
else:
hostname = parsed.hostname
return netloc == '%s:%s' % (hostname, parsed.port)
def _check_certificate(url, certificate):
parsed = urlparse.urlparse(url)
got_certificate = ssl.get_server_certificate((parsed.hostname, parsed.port))
if certificate.strip() != got_certificate.strip():
raise ValueError('Certificate for %s does not match expected one' % (url,))
def _get_exposed_csr(url, certificate):
_check_certificate(url, certificate)
self_signed = ssl.create_default_context()
self_signed.check_hostname = False
self_signed.verify_mode = ssl.CERT_NONE
return urllib.urlopen(url, context=self_signed).read()
def _get_caucase_client(ca_url, ca_crt, user_key):
return caucase.client.CaucaseClient(
ca_url=ca_url + '/cas',
ca_crt_pem_list=caucase.utils.getCertList(ca_crt),
user_key=user_key,
)
def _get_caucase_csr_list(ca_url, ca_crt, user_key):
csr_list = []
for entry in _get_caucase_client(
ca_url, ca_crt, user_key).getPendingCertificateRequestList():
csr = caucase.utils.load_certificate_request(
caucase.utils.toBytes(entry['csr']))
csr_list.append({
'csr_id': entry['id'],
'csr': csr.public_bytes(serialization.Encoding.PEM).decode()
})
return csr_list
def _csr_match(*csr_list):
number_list = set([])
for csr in csr_list:
number_list.add(
x509.load_pem_x509_csr(str(csr)).public_key().public_numbers())
return len(number_list) == 1
def _sign_csr(ca_url, ca_crt, user_key, csr, csr_list):
signed = False
client = _get_caucase_client(ca_url, ca_crt, user_key)
for csr_entry in csr_list:
if _csr_match(csr, csr_entry['csr']):
client.createCertificate(int(csr_entry['csr_id']))
print('Signed csr with id %s' % (csr_entry['csr_id'],))
signed = True
break
return signed
def _mark_done(filename):
with open(filename, 'w') as fh:
fh.write('done')
print('Marked file %s' % (filename,))
def _is_done(filename):
if os.path.exists(filename):
return True
return False
def smart_sign():
ca_url, ca_crt, done_file, user_key, csr_url, \
csr_url_certificate = sys.argv[1:]
if _is_done(done_file):
return
exposed_csr = _get_exposed_csr(csr_url, csr_url_certificate)
caucase_csr_list = _get_caucase_csr_list(ca_url, ca_crt, user_key)
if _sign_csr(
ca_url, ca_crt, user_key, exposed_csr, caucase_csr_list):
_mark_done(done_file)
else:
print('Failed to sign %s' % (csr_url,))
def caucase_csr_sign_check():
ca_url, ca_crt, user_key = sys.argv[1:]
if len(_get_caucase_csr_list(ca_url, ca_crt, user_key)) != 0:
print('ERR There are CSR to sign on %s' % (ca_url,))
sys.exit(1)
else:
print('OK No CSR to sign on %s' % (ca_url,))
......@@ -63,6 +63,75 @@ parts =
[caddyprofiledeps]
recipe = caddyprofiledeps
[frontend-node-id]
# Store id file in top of hierarchy, so it does not depend on directory creation
file = ${buildout:directory}/.frontend-node-id.txt
recipe = slapos.recipe.build
init =
import os
import secrets
if not os.path.exists(options['file']):
with open(options['file'], 'w') as fh:
fh.write(secrets.token_urlsafe(4))
with open(options['file'], 'r') as fh:
options['value'] = fh.read()
[frontend-node-private-salt]
# Private, not communicated, stable hash, which can be used to salt other
# hashes, so their values are connected to the node, but practicaly impossible
# to crack (until the node is hacked itself, but then those values are
# stolen anyway)
recipe = slapos.recipe.build
init =
import os
import uuid
if not os.path.exists(options['file']):
with open(options['file'], 'w') as fh:
fh.write(uuid.uuid4().hex)
with open(options['file'], 'r') as fh:
options['value'] = fh.read()
file = ${buildout:directory}/.frontend-node-private-salt.txt
[version-hash]
recipe = slapos.recipe.build
software-release-url = ${slap-connection:software-release-url}
hash-salt = ${frontend-node-private-salt:value}
init =
import hashlib
import base64
options['value'] = base64.urlsafe_b64encode(hashlib.md5(''.join([options['software-release-url'].strip(), options['hash-salt']])).digest())
[frontend-node-information]
recipe = slapos.recipe.build
file = ${buildout:directory}/.frontend-node-information.json
node-id = ${frontend-node-id:value}
current-hash = ${version-hash:value}
current-software-release-url = ${version-hash:software-release-url}
init =
import json
changed = False
try:
with open(options['file'], 'r') as fh:
data = json.load(fh)
except Exception:
changed = True
data = {
'node-id': options['node-id'],
'version-hash-history': {options['current-hash']: options['current-software-release-url']}
}
if 'node-id' not in data:
data['node-id'] = options['node-id']
changed = True
if 'version-hash-history' not in data:
data['version-hash-history'] = {}
changed = True
if options['current-hash'] not in data['version-hash-history']:
data['version-hash-history'][options['current-hash']] = options['current-software-release-url']
changed = True
if changed:
with open(options['file'], 'w') as fh:
json.dump(data, fh)
options['value'] = data
# Create all needed directories
[directory]
recipe = slapos.cookbook:mkdirectory
......@@ -89,10 +158,10 @@ bbb-ssl-dir = ${:srv}/bbb-ssl
frontend_cluster = ${:var}/frontend_cluster
# csr_id publication
csr_id = ${:srv}/csr_id
certificate-csr_id = ${:etc}/certificate-csr_id
expose-csr_id-var = ${:var}/expose-csr_id
# CSR publication
expose-csr = ${:srv}/expose-csr
expose-csr-etc = ${:etc}/expose-csr
expose-csr-var = ${:var}/expose-csr
# slave introspection
slave-introspection-var = ${:var}/slave-introspection
......@@ -179,6 +248,7 @@ template-empty = {{ software_parameter_dict['template_empty'] }}
template-default-slave-virtualhost = {{ software_parameter_dict['template_default_slave_virtualhost'] }}
template-backend-haproxy-configuration = {{ software_parameter_dict['template_backend_haproxy_configuration'] }}
template-backend-haproxy-rsyslogd-conf = {{ software_parameter_dict['template_backend_haproxy_rsyslogd_conf'] }}
template-expose-csr-nginx-conf = {{ software_parameter_dict['template_expose_csr_nginx_conf'] }}
[kedifa-login-config]
d = ${directory:ca-dir}
......@@ -295,14 +365,19 @@ extra-context =
key master_key_download_url :master_key_download_url
key autocert caddy-directory:autocert
key caddy_log_directory caddy-directory:slave-log
key expose_csr_id_organization :organization
key expose_csr_id_organizational_unit :organizational-unit
key expose_csr_organization :organization
key expose_csr_organizational_unit :organizational-unit
key global_ipv6 slap-configuration:ipv6-random
key empty_template software-release-path:template-empty
key template_default_slave_configuration software-release-path:template-default-slave-virtualhost
key template_expose_csr_nginx_conf software-release-path:template-expose-csr-nginx-conf
key software_type :software_type
key frontend_lazy_graceful_reload frontend-caddy-lazy-graceful:rendered
key monitor_base_url monitor-instance-parameter:monitor-base-url
key node_id frontend-node-id:value
key version_hash version-hash:value
key software_release_url version-hash:software-release-url
key node_information frontend-node-information:value
key custom_ssl_directory caddy-directory:custom-ssl-directory
# BBB: SlapOS Master non-zero knowledge BEGIN
key apache_certificate apache-certificate:rendered
......@@ -460,6 +535,8 @@ disk-cache-size = ${configuration:disk-cache-size}
ram-cache-size = ${configuration:ram-cache-size}
templates-dir = {{ software_parameter_dict['trafficserver'] }}/etc/trafficserver/body_factory
request-timeout = ${configuration:request-timeout}
version-hash = ${version-hash:value}
node-id = ${frontend-node-id:value}
[trafficserver-configuration-directory]
recipe = plone.recipe.command
......
......@@ -69,7 +69,7 @@
},
"automatic-internal-kedifa-caucase-csr": {
"default": "true",
"description": "Automatically signs CSRs sent to KeDiFa's caucase, based on csr_id and matching certificate.",
"description": "Automatically signs CSRs sent to KeDiFa's caucase, based on CSR comparison.",
"enum": [
"true",
"false"
......@@ -79,7 +79,7 @@
},
"automatic-internal-backend-client-caucase-csr": {
"default": "true",
"description": "Automatically signs CSRs sent to Backend Client's caucase, based on csr_id and matching certificate.",
"description": "Automatically signs CSRs sent to Backend Client's caucase, based on CSR comparison.",
"enum": [
"true",
"false"
......
......@@ -17,8 +17,7 @@ parts =
caucased
caucased-promise
caucase-updater
expose-csr_id
promise-expose-csr_id-ip-port
promise-expose-csr-ip-port
promise-logrotate-setup
[monitor-instance-parameter]
......@@ -74,10 +73,10 @@ backup-caucased = ${:backup}/caucased
# reservation
reservation = ${:srv}/reservation
# csr_id publication
csr_id = ${:srv}/csr_id
certificate-csr_id = ${:var}/certificate-csr_id
expose-csr_id-var = ${:var}/expose-csr_id
# CSR publication
expose-csr = ${:srv}/expose-csr
expose-csr-etc = ${:etc}/expose-csr
expose-csr-var = ${:var}/expose-csr
[kedifa-csr]
recipe = plone.recipe.command
......@@ -113,29 +112,19 @@ stop-on-error = True
template_csr='${kedifa-csr:template-csr}'
)}}
[store-csr_id]
[expose-csr-link-csr]
recipe = plone.recipe.command
csr_id_path = ${directory:csr_id}/csr_id.txt
csr_work_path = ${directory:tmp}/${:_buildout_section_name_}
filename = csr.pem
csr_path = ${directory:expose-csr}/${:filename}
stop-on-error = False
update-command = ${:command}
command =
{{ software_parameter_dict['bin_directory'] }}/caucase \
--ca-url {{ caucase_url }} \
--ca-crt ${kedifa-config:ca-certificate} \
--crl ${kedifa-config:crl} \
--mode service \
{#- XXX: Need to use caucase-updater-csr:csr, as there is no way to obatin csr_id from caucase-updater -#}
{#- XXX: nor directly path to the generated CSR #}
--send-csr ${caucase-updater-csr:csr} > ${:csr_work_path} && \
cut -d ' ' -f 1 ${:csr_work_path} > ${:csr_id_path}
[certificate-csr_id]
ln -sf ${caucase-updater-csr:csr} ${:csr_path}
[expose-csr-certificate]
recipe = plone.recipe.command
certificate = ${directory:certificate-csr_id}/certificate.pem
key = ${directory:certificate-csr_id}/key.pem
certificate = ${directory:expose-csr-etc}/certificate.pem
key = ${directory:expose-csr-etc}/key.pem
{#- Can be stopped on error, as does not rely on self provided service #}
stop-on-error = True
......@@ -147,70 +136,44 @@ command =
-days 5 -nodes -x509 -keyout ${:key} -out ${:certificate}
fi
[expose-csr_id-configuration]
[expose-csr-configuration]
ip = {{ instance_parameter_dict['ipv6-random'] }}
port = 17000
key = ${certificate-csr_id:key}
certificate = ${certificate-csr_id:certificate}
error-log = ${directory:log}/expose-csr_id.log
[expose-csr_id-template]
key = ${expose-csr-certificate:key}
certificate = ${expose-csr-certificate:certificate}
error-log = ${directory:log}/expose-csr.log
var = ${directory:expose-csr-var}
pid = ${directory:var}/nginx-expose-csr.pid
root = ${directory:expose-csr}
nginx_mime = {{ software_parameter_dict['nginx_mime'] }}
[expose-csr-template]
recipe = slapos.recipe.template:jinja2
var = ${directory:expose-csr_id-var}
pid = ${directory:var}/nginx-expose-csr_id.pid
rendered = ${directory:etc}/nginx-expose-csr_id.conf
template = inline:
daemon off;
pid ${:pid};
error_log ${expose-csr_id-configuration:error-log};
events {
}
http {
include {{ software_parameter_dict['nginx_mime'] }};
server {
server_name_in_redirect off;
port_in_redirect off;
error_log ${expose-csr_id-configuration:error-log};
access_log /dev/null;
listen [${expose-csr_id-configuration:ip}]:${expose-csr_id-configuration:port} ssl;
ssl_certificate ${expose-csr_id-configuration:certificate};
ssl_certificate_key ${expose-csr_id-configuration:key};
default_type application/octet-stream;
client_body_temp_path ${:var} 1 2;
proxy_temp_path ${:var} 1 2;
fastcgi_temp_path ${:var} 1 2;
uwsgi_temp_path ${:var} 1 2;
scgi_temp_path ${:var} 1 2;
location / {
alias ${directory:csr_id}/;
autoindex off;
sendfile on;
sendfile_max_chunk 1m;
}
}
}
[promise-expose-csr_id-ip-port]
rendered = ${directory:expose-csr-etc}/nginx.conf
template = {{ software_parameter_dict['template_expose_csr_nginx_conf'] }}
context =
section configuration expose-csr-configuration
[promise-expose-csr-ip-port]
<= monitor-promise-base
promise = check_socket_listening
name = expose-csr_id-ip-port-listening.py
config-host = ${expose-csr_id-configuration:ip}
config-port = ${expose-csr_id-configuration:port}
name = expose-csr-ip-port-listening.py
config-host = ${expose-csr-configuration:ip}
config-port = ${expose-csr-configuration:port}
[expose-csr_id]
depends = ${store-csr_id:command}
[expose-csr]
recipe = slapos.cookbook:wrapper
command-line = {{ software_parameter_dict['nginx'] }}
-c ${expose-csr_id-template:rendered}
-c ${expose-csr-template:rendered}
url = https://[${expose-csr-configuration:ip}]:${expose-csr-configuration:port}
wrapper-path = ${directory:service}/expose-csr_id
wrapper-path = ${directory:service}/expose-csr
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
[get-csr_id-certificate]
[expose-csr-certificate-get]
recipe = collective.recipe.shelloutput
commands =
certificate = cat ${certificate-csr_id:certificate}
certificate = cat ${expose-csr-certificate:certificate}
[jinja2-template-base]
recipe = slapos.recipe.template:jinja2
......@@ -325,8 +288,8 @@ caucase-url = {{ caucase_url }}
master-key-generate-auth-url = https://[${kedifa-config:ip}]:${kedifa-config:port}/${master-auth-random:passwd}/generateauth
master-key-upload-url = https://[${kedifa-config:ip}]:${kedifa-config:port}/${master-auth-random:passwd}?auth=
master-key-download-url = https://[${kedifa-config:ip}]:${kedifa-config:port}/${master-auth-random:passwd}
csr_id-url = https://[${expose-csr_id-configuration:ip}]:${expose-csr_id-configuration:port}/csr_id.txt
csr_id-certificate = ${get-csr_id-certificate:certificate}
kedifa-csr-url = ${expose-csr:url}/${expose-csr-link-csr:filename}
csr-certificate = ${expose-csr-certificate-get:certificate}
monitor-base-url = ${monitor-instance-parameter:monitor-base-url}
[promise-logrotate-setup]
......
......@@ -46,24 +46,28 @@
"description": "Total amount of Slaves allocated to the Instance (include blocked ones)",
"type": "integer"
},
"kedifa-csr_id-url": {
"description": "URL on which KeDiFa publishes its csr_id sent to caucase.",
"kedifa-csr-url": {
"description": "URL on which KeDiFa publishes its CSR sent to caucase.",
"type": "string"
},
"kedifa-csr_id-certificate": {
"description": "Certificate used to serve data on kedifa-csr_id-url.",
"kedifa-csr-certificate": {
"description": "Certificate used to serve data on kedifa-csr-url.",
"type": "string"
},
"kedifa-caucase-url": {
"description": "Url to caucase used by KeDiFa.",
"type": "string"
},
"caddy-frontend-N-csr_id-url": {
"description": "URL on which frontend node number N publishes its csr_id sent to caucase.",
"caddy-frontend-N-kedifa-csr-url": {
"description": "URL on which frontend node number N publishes its Kedifa CSR sent to caucase.",
"type": "string"
},
"caddy-frontend-N-csr_id-certificate": {
"description": "Certificate used to serve data on caddy-frontend-N-csr_id-url.",
"caddy-frontend-N-backend-client-csr-url": {
"description": "URL on which frontend node number N publishes its Backend Client CSR sent to caucase.",
"type": "string"
},
"caddy-frontend-N-csr-certificate": {
"description": "Certificate used to serve data on CSRs.",
"type": "string"
},
"warning-slave-dict": {
......
......@@ -9,10 +9,16 @@ setup(
'validators',
'furl',
'orderedmultidict',
'caucase',
'python2-secrets',
],
entry_points={
'zc.buildout': [
'default = caddyprofiledummy:Recipe',
],
'console_scripts': [
'smart-caucase-signer = caddyprofiledummy:smart_sign',
'caucase-csr-sign-check = caddyprofiledummy:caucase_csr_sign_check'
]
}
)
......@@ -99,6 +99,7 @@ template_trafficserver_records_config = ${template-trafficserver-records-config:
template_trafficserver_storage_config = ${template-trafficserver-storage-config:target}
template_validate_script = ${template-validate-script:target}
template_wrapper = ${template-wrapper:output}
template_expose_csr_nginx_conf = ${template-expose-csr-nginx-conf:target}
# directories
bin_directory = ${buildout:bin-directory}
......@@ -123,6 +124,8 @@ kedifa-updater = ${:bin_directory}/kedifa-updater
kedifa-csr = ${:bin_directory}/kedifa-csr
xz_location = ${xz-utils:location}
htpasswd = ${:bin_directory}/htpasswd
smart_caucase_signer = ${:bin_directory}/smart-caucase-signer
caucase_csr_sign_check = ${:bin_directory}/caucase-csr-sign-check
[template]
recipe = slapos.recipe.template:jinja2
......@@ -203,11 +206,15 @@ output = ${buildout:directory}/template-wrapper.cfg
[template-backend-haproxy-rsyslogd-conf]
<=download-template
[template-expose-csr-nginx-conf]
<=download-template
[versions]
kedifa = 0.0.6
# Modern KeDiFa requires zc.lockfile
zc.lockfile = 1.4
python2-secrets = 1.0.5
validators = 0.12.2
PyRSS2Gen = 1.1
cns.recipe.symlink = 0.2.3
......
......@@ -330,6 +330,8 @@ certificate = {{ certificate }}
https_port = {{ dumps('' ~ configuration['port']) }}
http_port = {{ dumps('' ~ configuration['plain_http_port']) }}
local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
version-hash = {{ version_hash }}
node-id = {{ node_id }}
{%- for key, value in slave_instance.iteritems() %}
{%- if value is not none %}
{{ key }} = {{ dumps(value) }}
......@@ -453,9 +455,9 @@ recipe = slapos.cookbook:publish.serialised
slave-instance-information-list = {{ json_module.dumps(slave_instance_information_list, sort_keys=True) }}
{%- endif %}
monitor-base-url = {{ monitor_base_url }}
csr_id-url = https://[${expose-csr_id-configuration:ip}]:${expose-csr_id-configuration:port}/csr_id.txt
backend-client-csr_id-url = https://[${expose-csr_id-configuration:ip}]:${expose-csr_id-configuration:port}/backend-haproxy-csr_id.txt
csr_id-certificate = ${get-csr_id-certificate:certificate}
kedifa-csr-url = ${expose-csr:url}/${expose-csr-link-csr-kedifa:filename}
backend-client-csr-url = ${expose-csr:url}/${expose-csr-link-csr-backend-haproxy:filename}
csr-certificate = ${expose-csr-certificate-get:certificate}
{%- set furled = furl_module.furl(backend_haproxy_configuration['statistic-frontend-secure_access']) %}
{%- do furled.set(username = backend_haproxy_configuration['statistic-username']) %}
{%- do furled.set(password = backend_haproxy_configuration['statistic-password']) %}
......@@ -463,6 +465,8 @@ csr_id-certificate = ${get-csr_id-certificate:certificate}
{#- We unquote, as furl quotes automatically, but there is buildout value on purpose like ${...:...} in the passwod #}
{%- set statistic_url = urlparse_module.unquote(furled.tostr()) %}
backend-haproxy-statistic-url = {{ statistic_url }}
{#- sort_keys are important in order to avoid shuffling parameters on each run #}
node-information-json = {{ json_module.dumps(node_information, sort_keys=True) }}
[kedifa-updater]
recipe = slapos.cookbook:wrapper
......@@ -513,23 +517,26 @@ global-ipv6 = ${slap-configuration:ipv6-random}
request-timeout = {{ dumps('' ~ configuration['request-timeout']) }}
backend-connect-timeout = {{ dumps('' ~ configuration['backend-connect-timeout']) }}
backend-connect-retries = {{ dumps('' ~ configuration['backend-connect-retries']) }}
version-hash = {{ version_hash }}
node-id = {{ node_id }}
[store-backend-haproxy-csr_id]
[template-expose-csr-link-csr]
recipe = plone.recipe.command
csr_id_path = {{ directory['csr_id'] }}/backend-haproxy-csr_id.txt
csr_work_path = {{ directory['tmp'] }}/${:_buildout_section_name_}
stop-on-error = False
update-command = ${:command}
csr_path = {{ directory['expose-csr'] }}/${:filename}
command =
{{ software_parameter_dict['bin_directory'] }}/caucase \
--ca-url {{ backend_haproxy_configuration['caucase-url'] }} \
--ca-crt {{ backend_haproxy_configuration['cas-ca-certificate'] }} \
--crl {{ backend_haproxy_configuration['crl'] }} \
--mode service \
--send-csr {{ backend_haproxy_configuration['csr'] }} > ${:csr_work_path} && \
cut -d ' ' -f 1 ${:csr_work_path} > ${:csr_id_path}
ln -sf ${:csr} ${:csr_path}
[expose-csr-link-csr-backend-haproxy]
<= template-expose-csr-link-csr
filename = backend-haproxy-csr.pem
csr = {{ backend_haproxy_configuration['csr'] }}
[expose-csr-link-csr-kedifa]
<= template-expose-csr-link-csr
filename = kedifa-csr.pem
csr = {{ kedifa_configuration['csr'] }}
##<Backend haproxy>
......@@ -550,32 +557,14 @@ parts +=
publish-caddy-information
tunnel-6to4-base-http_port
tunnel-6to4-base-https_port
expose-csr_id
promise-expose-csr_id-ip-port
promise-expose-csr-ip-port
cache-access = {{ cache_access }}
[store-csr_id]
recipe = plone.recipe.command
csr_id_path = {{ directory['csr_id'] }}/csr_id.txt
csr_work_path = {{ directory['tmp'] }}/${:_buildout_section_name_}
stop-on-error = False
update-command = ${:command}
command =
{{ software_parameter_dict['bin_directory'] }}/caucase \
--ca-url {{ kedifa_configuration['caucase-url'] }} \
--ca-crt {{ kedifa_configuration['cas-ca-certificate'] }} \
--crl {{ kedifa_configuration['crl'] }} \
--mode service \
--send-csr {{ kedifa_configuration['csr'] }} > ${:csr_work_path} && \
cut -d ' ' -f 1 ${:csr_work_path} > ${:csr_id_path}
[certificate-csr_id]
[expose-csr-certificate]
recipe = plone.recipe.command
certificate = {{ directory['certificate-csr_id'] }}/certificate.pem
key = {{ directory['certificate-csr_id'] }}/key.pem
certificate = {{ directory['expose-csr-etc'] }}/certificate.pem
key = {{ directory['expose-csr-etc'] }}/key.pem
{#- Can be stopped on error, as does not rely on self provided service #}
stop-on-error = True
......@@ -583,76 +572,48 @@ update-command = ${:command}
command =
if ! [ -f ${:key} ] && ! [ -f ${:certificate} ] ; then
openssl req -new -newkey rsa:2048 -sha256 -subj \
"/O={{ expose_csr_id_organization }}/OU={{ expose_csr_id_organizational_unit }}/CN=${slap-configuration:ipv6-random}" \
"/O={{ expose_csr_organization }}/OU={{ expose_csr_organizational_unit }}/CN=${slap-configuration:ipv6-random}" \
-days 5 -nodes -x509 -keyout ${:key} -out ${:certificate}
fi
[expose-csr_id-configuration]
[expose-csr-configuration]
ip = ${slap-configuration:ipv6-random}
port = 17001
key = ${certificate-csr_id:key}
certificate = ${certificate-csr_id:certificate}
error-log = {{ directory['log'] }}/expose-csr_id.log
[expose-csr_id-template]
key = ${expose-csr-certificate:key}
certificate = ${expose-csr-certificate:certificate}
error-log = {{ directory['log'] }}/expose-csr.log
var = {{ directory['expose-csr-var'] }}
pid = {{ directory['var'] }}/nginx-expose-csr.pid
root = {{ directory['expose-csr'] }}
nginx_mime = {{ software_parameter_dict['nginx_mime'] }}
[expose-csr-template]
recipe = slapos.recipe.template:jinja2
var = {{ directory['expose-csr_id-var'] }}
pid = {{ directory['var'] }}/nginx-expose-csr_id.pid
rendered = {{ directory['etc'] }}/nginx-expose-csr_id.conf
template = inline:
daemon off;
pid ${:pid};
error_log ${expose-csr_id-configuration:error-log};
events {
}
http {
include {{ software_parameter_dict['nginx_mime'] }};
server {
server_name_in_redirect off;
port_in_redirect off;
error_log ${expose-csr_id-configuration:error-log};
access_log /dev/null;
listen [${expose-csr_id-configuration:ip}]:${expose-csr_id-configuration:port} ssl;
ssl_certificate ${expose-csr_id-configuration:certificate};
ssl_certificate_key ${expose-csr_id-configuration:key};
default_type application/octet-stream;
client_body_temp_path ${:var} 1 2;
proxy_temp_path ${:var} 1 2;
fastcgi_temp_path ${:var} 1 2;
uwsgi_temp_path ${:var} 1 2;
scgi_temp_path ${:var} 1 2;
location / {
alias {{ directory['csr_id'] }}/;
autoindex off;
sendfile on;
sendfile_max_chunk 1m;
}
}
}
[promise-expose-csr_id-ip-port]
rendered = {{ directory['expose-csr-etc'] }}/nginx.conf
template = {{ template_expose_csr_nginx_conf }}
context =
section configuration expose-csr-configuration
[promise-expose-csr-ip-port]
<= monitor-promise-base
promise = check_socket_listening
name = expose-csr_id-ip-port-listening.py
config-host = ${expose-csr_id-configuration:ip}
config-port = ${expose-csr_id-configuration:port}
[expose-csr_id]
depends =
${store-csr_id:command}
${store-backend-haproxy-csr_id:command}
name = expose-csr-ip-port-listening.py
config-host = ${expose-csr-configuration:ip}
config-port = ${expose-csr-configuration:port}
[expose-csr]
recipe = slapos.cookbook:wrapper
command-line = {{ software_parameter_dict['nginx'] }}
-c ${expose-csr_id-template:rendered}
-c ${expose-csr-template:rendered}
url = https://[${expose-csr-configuration:ip}]:${expose-csr-configuration:port}
wrapper-path = {{ directory['service'] }}/expose-csr_id
wrapper-path = {{ directory['service'] }}/expose-csr
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
[get-csr_id-certificate]
[expose-csr-certificate-get]
recipe = collective.recipe.shelloutput
commands =
certificate = cat ${certificate-csr_id:certificate}
certificate = cat ${expose-csr-certificate:certificate}
[promise-logrotate-setup]
<= monitor-promise-base
......
......@@ -58,6 +58,8 @@ frontend statistic
frontend http-backend
bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }}
http-request add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash'] }}"
http-response add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash']}}"
{%- for slave_instance in backend_slave_list -%}
{{ frontend_entry(slave_instance, 'http', False) }}
{%- endfor %}
......
......@@ -21,6 +21,10 @@
# workaround for lost connection to haproxy by reconnecting
try_duration 3s
try_interval 250ms
header_upstream +Via "{proto} rapid-cdn-frontend-{{ slave_parameter['node-id'] }}-{{ slave_parameter['version-hash'] }}"
{%- if not slave_parameter['disable-via-header'] %}
header_downstream +Via "{proto} rapid-cdn-frontend-{{ slave_parameter['node-id'] }}-{{ slave_parameter['version-hash'] }}"
{%- endif %}
{%- endmacro %} {# proxy_header #}
{%- macro hsts_header(tls) %}
......
daemon off;
pid {{ configuration['pid'] }};
error_log {{ configuration['error-log'] }};
events {
}
http {
include {{ configuration['nginx_mime'] }};
server {
server_name_in_redirect off;
port_in_redirect off;
error_log {{ configuration['error-log'] }};
access_log /dev/null;
listen [{{ configuration['ip'] }}]:{{ configuration['port'] }} ssl;
ssl_certificate {{ configuration['certificate'] }};
ssl_certificate_key {{ configuration['key'] }};
default_type application/octet-stream;
client_body_temp_path {{ configuration['var'] }} 1 2;
proxy_temp_path {{ configuration['var'] }} 1 2;
fastcgi_temp_path {{ configuration['var'] }} 1 2;
uwsgi_temp_path {{ configuration['var'] }} 1 2;
scgi_temp_path {{ configuration['var'] }} 1 2;
location / {
alias {{ configuration['root'] }}/;
autoindex off;
sendfile on;
sendfile_max_chunk 1m;
}
}
}
......@@ -72,6 +72,9 @@ log-access-url = {{ dumps(json_module.dumps(log_access_url, sort_keys=True)) }}
{{ key }} = {{ dumps(value) }}
{% endfor %}
{% endif %}
{% for frontend_key, frontend_value in frontend_information.iteritems() %}
{{ frontend_key }} = {{ frontend_value }}
{% endfor %}
{% endfor %}
[buildout]
......
......@@ -18,6 +18,12 @@ LOCAL proxy.local.incoming_ip_to_bind STRING {{ ats_configuration['local-ip'] }}
CONFIG proxy.config.log.logfile_dir STRING {{ ats_directory['log'] }}
# Never change Server header
CONFIG proxy.config.http.response_server_enabled INT 0
# Handle Via header
CONFIG proxy.config.http.insert_request_via_str INT 1
CONFIG proxy.config.http.request_via_str STRING rapid-cdn-cache-{{ ats_configuration['node-id'] }}-{{ ats_configuration['version-hash'] }}
CONFIG proxy.config.http.insert_response_via_str INT 1
CONFIG proxy.config.http.response_via_str STRING rapid-cdn-cache-{{ ats_configuration['node-id'] }}-{{ ats_configuration['version-hash'] }}
# Implement RFC 5861 with core
CONFIG proxy.config.http.cache.open_write_fail_action INT 2
CONFIG proxy.config.body_factory.template_sets_dir STRING {{ ats_configuration['templates-dir'] }}
......@@ -53,13 +59,6 @@ CONFIG proxy.config.exec_thread.affinity INT 1
##############################################################################
CONFIG proxy.config.http.server_ports STRING {{ ats_configuration['local-ip'] + ':' + ats_configuration['input-port'] }}
##############################################################################
# Via: headers. Docs:
# https://docs.trafficserver.apache.org/records.config#proxy-config-http-insert-response-via-str
##############################################################################
CONFIG proxy.config.http.insert_request_via_str INT 1
CONFIG proxy.config.http.insert_response_via_str INT 0
##############################################################################
# Parent proxy configuration, in addition to these settings also see parent.config. Docs:
# https://docs.trafficserver.apache.org/records.config#parent-proxy-configuration
......
This diff is collapsed.
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/expose-csr.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr_id.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_dummy-cached_access_log
......
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aibcc-sign-promise.py
T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-sign-promise.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py
......@@ -14,7 +16,7 @@ T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr_id-ip-port-listening.py
T-1/etc/plugin/expose-csr-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
......@@ -33,7 +35,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
......
......@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:expose-csr-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
......@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
......
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/expose-csr.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr_id.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_dummy-cached_access_log
......
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aibcc-sign-promise.py
T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-sign-promise.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py
......@@ -14,7 +16,7 @@ T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr_id-ip-port-listening.py
T-1/etc/plugin/expose-csr-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
......@@ -33,7 +35,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
......
......@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:expose-csr-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
......@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
......
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/expose-csr.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr_id.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_dummy-cached_access_log
......
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aibcc-sign-promise.py
T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-sign-promise.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py
......@@ -14,7 +16,7 @@ T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr_id-ip-port-listening.py
T-1/etc/plugin/expose-csr-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
......@@ -33,7 +35,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
......
......@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:expose-csr-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
......@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
......
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/expose-csr.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr_id.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_dummy-cached_access_log
......
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aibcc-sign-promise.py
T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-sign-promise.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py
......@@ -14,7 +16,7 @@ T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr_id-ip-port-listening.py
T-1/etc/plugin/expose-csr-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
......@@ -33,7 +35,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
......
......@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:expose-csr-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
......@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
......
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
T-2/var/log/slave-introspection-error.log
T-2/var/log/trafficserver/manager.log
T-0/etc/plugin/__init__.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-backend-haproxy-statistic-url-caddy-frontend-1.py
T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
T-0/etc/plugin/rejected-slave.py
T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-1/etc/plugin/promise-logrotate-setup.py
T-2/etc/plugin/__init__.py
T-2/etc/plugin/backend-client-caucase-updater.py
T-2/etc/plugin/backend-haproxy-configuration.py
T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/promise-logrotate-setup.py
T-2/etc/plugin/re6st-connectivity.py
T-2/etc/plugin/slave-introspection-configuration.py
T-2/etc/plugin/slave_introspection_https.py
T-2/etc/plugin/trafficserver-cache-availability.py
T-2/etc/plugin/trafficserver-port-listening.py
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid
T-2/var/run/backend-haproxy-rsyslogd.pid
T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-2/var/run/slave-introspection.pid
T-2/var/run/slave_introspection_configuration_last_state
T-2/var/run/slave_introspection_graceful_configuration_state_signature
T-0:bootstrap-monitor EXITED
T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-safe-graceful EXITED
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:slave-instrospection-nginx-{hash-generic}-on-watch RUNNING
T-2:slave-introspection-safe-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/expose-csr.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr_id.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/monitor-httpd-access.log
......
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aibcc-sign-promise.py
T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-sign-promise.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py
......@@ -14,7 +16,7 @@ T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr_id-ip-port-listening.py
T-1/etc/plugin/expose-csr-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
......@@ -33,7 +35,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
......
......@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:expose-csr-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
......@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
......
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/expose-csr.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr_id.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/monitor-httpd-access.log
......
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aibcc-sign-promise.py
T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-sign-promise.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py
......@@ -14,7 +16,7 @@ T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr_id-ip-port-listening.py
T-1/etc/plugin/expose-csr-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
......@@ -33,7 +35,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
......
......@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:expose-csr-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
......@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
......
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/expose-csr.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr_id.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_default_access_log
......
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aibcc-sign-promise.py
T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-sign-promise.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py
......@@ -14,7 +16,7 @@ T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr_id-ip-port-listening.py
T-1/etc/plugin/expose-csr-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
......@@ -33,7 +35,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
......
......@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:expose-csr-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
......@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
......
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/expose-csr.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr_id.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_default_access_log
......
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aibcc-sign-promise.py
T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-sign-promise.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py
......@@ -14,7 +16,7 @@ T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr_id-ip-port-listening.py
T-1/etc/plugin/expose-csr-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
......@@ -33,7 +35,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
......
......@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:expose-csr-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
......@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
......
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/expose-csr.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr_id.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_replicate_access_log
......@@ -18,7 +18,7 @@ T-2/var/log/slave-introspection-access.log
T-2/var/log/slave-introspection-error.log
T-2/var/log/trafficserver/manager.log
T-3/var/log/backend-haproxy.log
T-3/var/log/expose-csr_id.log
T-3/var/log/expose-csr.log
T-3/var/log/frontend-access.log
T-3/var/log/frontend-error.log
T-3/var/log/httpd/_replicate_access_log
......
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aibcc-sign-promise.py
T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-sign-promise.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py
......@@ -15,7 +17,7 @@ T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr_id-ip-port-listening.py
T-1/etc/plugin/expose-csr-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
......@@ -34,7 +36,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
......@@ -58,7 +60,7 @@ T-3/etc/plugin/caddy_frontend_ipv6_http.py
T-3/etc/plugin/caddy_frontend_ipv6_https.py
T-3/etc/plugin/caucase-updater.py
T-3/etc/plugin/check-free-disk-space.py
T-3/etc/plugin/expose-csr_id-ip-port-listening.py
T-3/etc/plugin/expose-csr-ip-port-listening.py
T-3/etc/plugin/frontend-caddy-configuration-promise.py
T-3/etc/plugin/monitor-bootstrap-status.py
T-3/etc/plugin/monitor-http-frontend.py
......
......@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:expose-csr-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
......@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
......@@ -46,7 +46,7 @@ T-3:backend-haproxy-safe-graceful EXITED
T-3:bootstrap-monitor EXITED
T-3:certificate_authority-{hash-generic}-on-watch STOPPED
T-3:crond-{hash-generic}-on-watch STOPPED
T-3:expose-csr_id-{hash-generic}-on-watch STOPPED
T-3:expose-csr-{hash-generic}-on-watch STOPPED
T-3:frontend-caddy-safe-graceful EXITED
T-3:frontend_caddy-{hash-caddy-T-3}-on-watch STOPPED
T-3:kedifa-login-certificate-caucase-updater-on-watch STOPPED
......
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment