Commit c70911f0 authored by Alain Takoudjou's avatar Alain Takoudjou Committed by Tristan Cavelier

Allow to setup certificate authority path

parent 74bb6260
......@@ -2,6 +2,7 @@
{% set ssl_parameter_dict = slapparameter_dict.get('ssl', {}) %}
{% macro section(name) %}{% do part_list.append(name) %}{{ name }}{% endmacro -%}
{% set use_ipv6 = slapparameter_dict.get('use-ipv6', False) -%}
{% set ca_path = slapparameter_dict['certificate-authority-path'] -%}
{#
XXX: This template only supports exactly one IPv4 and (if ipv6 is used) one IPv6
per partition. No more (undefined result), no less (IndexError).
......@@ -75,22 +76,6 @@ ipv6 = {{ zope_address.split(']:')[0][1:] }}
{% set next_port = next_port + 1 -%}
{% endfor -%}
[apache-certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = {{ parameter_dict['openssl'] }}/bin/openssl
ca-dir = ${directory:ca-dir}
requests-directory = ${directory:requests}
wrapper = ${directory:services}/apache-ca
ca-private = ${directory:private}
ca-certs = ${directory:certs}
ca-newcerts = ${directory:newcerts}
ca-crl = ${directory:crl}
country-code = {{ slapparameter_dict['country-code'] }}
email = {{ slapparameter_dict['email'] }}
state = {{ slapparameter_dict['state'] }}
city = {{ slapparameter_dict['city'] }}
company = {{ slapparameter_dict['company'] }}
[haproxy-cfg-parameter-dict]
socket-path = ${directory:run}/haproxy.sock
server-check-path = {{ dumps(slapparameter_dict['haproxy-server-check-path']) }}
......@@ -135,8 +120,8 @@ ssl-session-cache = ${directory:log}/apache-ssl-session-cache
ca-cert = {{ dumps(ssl_parameter_dict.get('ca-cert')) }}
crl = {{ dumps(ssl_parameter_dict.get('ca-crl')) }}
{% else -%}
ca-cert = ${apache-certificate-authority:ca-dir}/cacert.pem
crl = ${apache-certificate-authority:ca-crl}
ca-cert = {{ ca_path }}/cacert.pem
crl = {{ ca_path }}/crl
{% endif -%}
[apache-conf]
......@@ -188,17 +173,10 @@ services = ${:etc}/run
var = ${buildout:directory}/var
run = ${:var}/run
log = ${:var}/log
ca-dir = ${buildout:directory}/srv/ssl
requests = ${:ca-dir}/requests
private = ${:ca-dir}/private
certs = ${:ca-dir}/certs
newcerts = ${:ca-dir}/newcerts
crl = ${:ca-dir}/crl
[buildout]
extends = {{ logrotate_cfg }}
parts +=
publish
logrotate-apache
apache-certificate-authority
{{ part_list | join('\n ') }}
......@@ -66,8 +66,38 @@ recipe = slapos.cookbook:generate.password
return =
zope-address-list
hosts-dict
extra-config =
bt5
bt5-repository-url
ca-path
cloudooo-url
deadlock-debugger-password
developer-list
hosts-dict
inituser-login
inituser-password
instance-count
kumofs-url
longrequest-logger-interval
longrequest-logger-timeout
memcached-url
mysql-test-url-list
mysql-url-list
name
port-base
site-id
smtp-url
thread-amount
tidstorage-ip
tidstorage-port
timerserver-interval
timezone
webdav
zodb-dict
zodb-storage-type
config-bt5 = {{ dumps(slapparameter_dict.get('bt5', 'erp5_full_text_myisam_catalog erp5_configurator_standard erp5_configurator_maxma_demo erp5_configurator_ung erp5_configurator_run_my_doc slapos_configurator')) }}
config-bt5-repository-url = {{ dumps(slapparameter_dict.get('bt5-repository-url', local_bt5_repository)) }}
config-ca-path = ${directory:ca-dir}
config-cloudooo-url = ${request-cloudooo:connection-url}
config-deadlock-debugger-password = ${deadlock-debugger-password:passwd}
config-developer-list = {{ dumps(slapparameter_dict.get('developer-list', [inituser_login])) }}
......@@ -144,6 +174,15 @@ config-url = ${request-balancer:{{ family_name }}-v6}
name = balancer
software-type = balancer
sla-computer_guid = {{ dumps(slapparameter_dict.get('balancer-computer-guid', computer_id)) }}
extra-config =
tcpv4-port
haproxy-server-check-path
backend-path-dict
ssl-authentication-dict
ssl
zope-family-dict
certificate-authority-path
{{ zope_address_list_id_dict.values() | join(' ') }}
return =
{%- for family in zope_family_dict %}
{{ family }}
......@@ -159,11 +198,7 @@ config-{{ name }} = {{ ' ${' ~ zope_section_id ~ ':connection-zope-address-list}
# XXX: should those really be same for all families ?
config-haproxy-server-check-path = {{ dumps(balancer_dict.get('haproxy-server-check-path', '/') % {'site-id': site_id}) }}
config-ssl = {{ dumps(balancer_dict.get('ssl', {})) }}
config-country-code = {{ slapparameter_dict.get('country-code', 'ZZ') }}
config-email = {{ slapparameter_dict.get('email', 'nobody@example.com') }}
config-state = {{ slapparameter_dict.get('state', "('State',)") }}
config-city = {{ slapparameter_dict.get('city', 'City') }}
config-company = {{ slapparameter_dict.get('company', 'Compagny') }}
config-certificate-authority-path = ${directory:ca-dir}
[request-frontend-base]
{% if has_frontend -%}
......@@ -184,6 +219,39 @@ config-{{ name }} = {{ value }}
return = site_url
{% endif -%}
[directory]
recipe = slapos.cookbook:mkdirectory
{% if slapparameter_dict.get('certificate-authority-path', '') -%}
ca-dir = {{ slapparameter_dict.get('certificate-authority-path') }}
{% else -%}
ca-dir = ${buildout:directory}/srv/ssl
{% endif -%}
bin = ${buildout:directory}/bin
etc = ${buildout:directory}/etc
services = ${:etc}/run
requests = ${:ca-dir}/requests
private = ${:ca-dir}/private
certs = ${:ca-dir}/certs
newcerts = ${:ca-dir}/newcerts
crl = ${:ca-dir}/crl
[apache-certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = {{ openssl_location }}/bin/openssl
ca-dir = ${directory:ca-dir}
requests-directory = ${directory:requests}
wrapper = ${directory:services}/service-ca
ca-private = ${directory:private}
ca-certs = ${directory:certs}
ca-newcerts = ${directory:newcerts}
ca-crl = ${directory:crl}
country-code = {{ dumps(slapparameter_dict.get('country-code', 'ZZ')) }}
email = {{ dumps(slapparameter_dict.get('email', 'nobody@example.com')) }}
state = {{ dumps(slapparameter_dict.get('state', "('State',)")) }}
city = {{ dumps(slapparameter_dict.get('city', 'City')) }}
company = {{ dumps(slapparameter_dict.get('company', 'Compagny')) }}
[publish]
recipe = slapos.cookbook:publish.serialised
deadlock-debugger-password = ${deadlock-debugger-password:passwd}
......@@ -198,4 +266,9 @@ hosts-dict = {{ '${' ~ zope_address_list_id_dict.keys()[0] ~ ':connection-hosts-
{% endfor -%}
[buildout]
parts = publish
parts =
apache-certificate-authority
publish
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
{% endif %}
This diff is collapsed.
......@@ -34,6 +34,12 @@ repository = http://git.erp5.org/repos/slapos.core.git
branch = operation-control
git-executable = ${git:location}/bin/git
[slapos.cookbook-repository]
recipe = slapos.recipe.build:gitclone
repository = http://git.erp5.org/repos/slapos.git
branch = slapos-master-cluster
git-executable = ${git:location}/bin/git
[vifib-fix-products-paths]
recipe = plone.recipe.command
stop-on-error = true
......@@ -57,10 +63,19 @@ extra-paths +=
${vifib:location}/master
[template-erp5]
md5sum = 6ada1fd4af0a451516443bfb6d00b717
< = download-base-part
filename = instance-erp5.cfg.in
#md5sum =
[template-balancer]
md5sum = 818ab59ae966114735866aecef7a8563
< = download-base-part
filename = instance-balancer.cfg.in
#md5sum =
[template-zope]
< = download-base-part
filename = instance-zope.cfg.in
#md5sum =
[template-apache-conf]
md5sum = bb329fc28bef095a01efc901d2f84149
......@@ -73,6 +88,7 @@ md5sum = 61824aab2172d21f1d6403a35cab47cd
python-memcached = 1.47
facebook-sdk = 0.4.0
google-api-python-client = 1.2
jsonschema = 2.4.0
# stick to Zope 2.12.22 because Zope 2.12.23's
# ObjectManager.__getitem__ is much slower for a module having lots of
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment