Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos-caddy
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Guillaume Hervier
slapos-caddy
Commits
064614ce
Commit
064614ce
authored
Apr 27, 2016
by
Rafael Monnerat
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
wip: frontend-apache: Validate certificate from all frontend slaves.
parent
1387ff31
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
44 additions
and
2 deletions
+44
-2
slapos/recipe/certificate_authority/__init__.py
slapos/recipe/certificate_authority/__init__.py
+7
-0
software/apache-frontend/common.cfg
software/apache-frontend/common.cfg
+1
-1
software/apache-frontend/templates/apache-custom-slave-list.cfg.in
...apache-frontend/templates/apache-custom-slave-list.cfg.in
+36
-1
No files found.
slapos/recipe/certificate_authority/__init__.py
View file @
064614ce
...
...
@@ -95,6 +95,13 @@ class Recipe(GenericBaseRecipe):
class
Request
(
Recipe
):
def
setPath
(
self
):
self
.
request_directory
=
self
.
options
[
'requests-directory'
]
self
.
ca_private
=
self
.
options
[
'ca-private'
]
self
.
ca_certs
=
self
.
options
[
'ca-certs'
]
self
.
ca_key_ext
=
'.key'
self
.
ca_crt_ext
=
'.crt'
def
_options
(
self
,
options
):
if
'name'
not
in
options
:
options
[
'name'
]
=
self
.
name
...
...
software/apache-frontend/common.cfg
View file @
064614ce
...
...
@@ -80,7 +80,7 @@ mode = 0644
[template-slave-list]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/apache-custom-slave-list.cfg.in
md5sum =
c01c0ebb749d16bda4649bf42d36c7ea
md5sum =
7f010ef92fdea8fb4de9bc93c76604ba
mode = 640
[template-slave-configuration]
...
...
software/apache-frontend/templates/apache-custom-slave-list.cfg.in
View file @
064614ce
...
...
@@ -98,7 +98,7 @@ command = {{frontend_configuration.get('apache-directory')}}/bin/htpasswd -cb ${
#### Set Slave Certificates if needed
# Set ssl certificates for each slave
{% for cert_name in ('ssl_
key', 'ssl_crt', 'ssl_
ca_crt', 'ssl_csr', 'ssl_proxy_ca_crt')-%}
{% for cert_name in ('ssl_ca_crt', 'ssl_csr', 'ssl_proxy_ca_crt')-%}
{% if cert_name in slave_instance -%}
{% set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) -%}
{% set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) -%}
...
...
@@ -118,6 +118,41 @@ value = {{ dumps(slave_instance.get(cert_name)) }}
{% endif -%}
{% endfor -%}
[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = {{ custom_ssl_directory }}/requests/
private = {{ custom_ssl_directory }}/private/
certs = {{ custom_ssl_directory }}/certs/
newcerts = {{ custom_ssl_directory }}/newcerts/
crl = {{ custom_ssl_directory }}/crl/
{% if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance -%}
{% set cert_title = '%s-crt' % (slave_reference) -%}
{% set key_title = '%s-key' % (slave_reference) -%}
{% set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) -%}
{% set key_file = '/'.join([custom_ssl_directory, key_title.replace('-','.')]) -%}
{% do part_list.append(cert_title) -%}
{% do slave_instance.__setitem__('path_to_ssl_crt', cert_file) -%}
{% do slave_instance.__setitem__('path_to_ssl_key', key_file) -%}
[{{cert_title}}]
recipe = slapos.cookbook:certificate_authority.request
#openssl-binary = ${openssl:location}/bin/openssl
requests-directory = ${cadirectory:requests}
ca-private = ${cadirectory:private}
ca-certs = ${cadirectory:certs}
ca-newcerts = ${cadirectory:newcerts}
ca-crl = ${cadirectory:crl}
key-file = {{ key_file }}
cert-file = {{ cert_file }}
key-content = {{ dumps(slave_instance.get('ssl_key')) }}
cert-content = {{ dumps(slave_instance.get('ssl_crt')) }}
{% endif -%}
############################
#### Set Slave Configuration
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment