stack/caucase: Implement updater promise

This promise will check that certificate matches the key and will check that it is renewed before 15 days before expiration.

stack/caucase: Implement updater promise
This promise will check that certificate matches the key and will check that it is renewed before 15 days before expiration.
ca0fd8e3 · Łukasz Nowak · 8c1fa483 · ca0fd8e3 · ca0fd8e3
Commit ca0fd8e3 authored Mar 02, 2020 by Łukasz Nowak
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 2 deletions

stack/caucase/buildout.hash.cfg stack/caucase/buildout.hash.cfg +1 -1

stack/caucase/caucase.jinja2.library stack/caucase/caucase.jinja2.library +11 -1

No files found.
--- a/stack/caucase/buildout.hash.cfg
+++ b/stack/caucase/buildout.hash.cfg
@@ -15,4 +15,4 @@
 [caucase-jinja2-library]
 filename = caucase.jinja2.library
-md5sum = 93dae9ec9df9c095f69b175e5772677e
+md5sum = 9a7247cdb2ee1d66c074b0660c54713f
--- a/stack/caucase/caucase.jinja2.library
+++ b/stack/caucase/caucase.jinja2.library
@@ -52,7 +52,8 @@ config-command = '{{ buildout_bin_directory }}/caucase-probe' 'http://{{ netloc
  mode='service',
  template_csr=None,
  template_csr_pem=None,
-  openssl=None
+  openssl=None,
+  promise=True
 ) -%}
 [{{ prefix }}-directory]
 recipe = slapos.cookbook:mkdirectory
@@ -104,6 +105,15 @@ command-line = '{{ buildout_bin_directory }}/caucase-updater'
  {% if key_path %}--key '{{ key_path }}' {%- endif %}
  {% if on_renew %}--on-renew '{{ on_renew }}' {%- endif %}
  {% if max_sleep %}--max-sleep '{{ max_sleep }}' {%- endif %}
+{% if promise -%}
+[{{ prefix }}-promise]
+<= monitor-promise-base
+module = check_certificate
+name = {{ prefix }}.py
+config-certificate = {{ crt_path }}
+config-key = {{ key_path }}
+config-certificate-expiration-days = 15
+{%- endif %}
 {%- endmacro %}
 {% macro rerequest(prefix, buildout_bin_directory, template, csr, key) -%}