Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kwabena Antwi-Boasiako
slapos
Commits
27b85290
Commit
27b85290
authored
Jun 06, 2011
by
Cédric de Saint Martin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Kumofs : add stunnel
parent
c4cab724
Changes
6
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
500 additions
and
3 deletions
+500
-3
slapos/recipe/kumofs/__init__.py
slapos/recipe/kumofs/__init__.py
+14
-2
slapos/recipe/kumofs/certificate_authority.py
slapos/recipe/kumofs/certificate_authority.py
+112
-0
slapos/recipe/kumofs/template/openssl.cnf.ca.in
slapos/recipe/kumofs/template/openssl.cnf.ca.in
+350
-0
slapos/recipe/kumofs/template/stunnel.conf.in
slapos/recipe/kumofs/template/stunnel.conf.in
+14
-0
software/kumofs/instance.cfg
software/kumofs/instance.cfg
+6
-1
software/kumofs/software.cfg
software/kumofs/software.cfg
+4
-0
No files found.
slapos/recipe/kumofs/__init__.py
View file @
27b85290
...
...
@@ -37,11 +37,23 @@ class Recipe(BaseSlapRecipe):
def
_install
(
self
):
self
.
path_list
=
[]
self
.
requirements
,
self
.
ws
=
self
.
egg
.
working_set
()
# XXX-Cedric : add logrotate?
kumo_conf
=
self
.
installKumo
(
self
.
getGlobalIPv6Address
())
kumo_conf
=
self
.
installKumo
(
self
.
getLocalIPv4Address
())
ca_conf
=
self
.
installCertificateAuthority
()
key
,
certificate
=
self
.
requestCertificate
(
'Login Based Access'
)
stunnel_conf
=
self
.
installStunnel
(
self
.
getGlobalIPv6Address
(),
12345
,
kumo_conf_conf
[
'kumo_gateway_port'
],
certificate
,
key
,
ca_conf
[
'ca_crl'
],
ca_conf
[
'certificate_authority_path'
])
self
.
linkBinary
()
self
.
setConnectionDict
(
dict
(
address
=
kumo_conf
[
'kumo_address'
],
kumofs_local_ip
=
kumo_conf
[
'kumo_gateway_ip'
],
stunnel_ip
=
stunnel_conf
[
'ip'
],
stunnel_port
=
stunnel_conf
[
'port'
],
))
return
self
.
path_list
...
...
slapos/recipe/kumofs/certificate_authority.py
0 → 100644
View file @
27b85290
import
os
import
subprocess
import
time
import
ConfigParser
def
popenCommunicate
(
command_list
,
input
=
None
):
subprocess_kw
=
dict
(
stdout
=
subprocess
.
PIPE
,
stderr
=
subprocess
.
STDOUT
)
if
input
is
not
None
:
subprocess_kw
.
update
(
stdin
=
subprocess
.
PIPE
)
popen
=
subprocess
.
Popen
(
command_list
,
**
subprocess_kw
)
result
=
popen
.
communicate
(
input
)[
0
]
if
popen
.
returncode
is
None
:
popen
.
kill
()
if
popen
.
returncode
!=
0
:
raise
ValueError
(
'Issue during calling %r, result was:
\
n
%s'
%
(
command_list
,
result
))
return
result
class
CertificateAuthority
:
def
__init__
(
self
,
key
,
certificate
,
openssl_binary
,
openssl_configuration
,
request_dir
):
self
.
key
=
key
self
.
certificate
=
certificate
self
.
openssl_binary
=
openssl_binary
self
.
openssl_configuration
=
openssl_configuration
self
.
request_dir
=
request_dir
def
checkAuthority
(
self
):
file_list
=
[
self
.
key
,
self
.
certificate
]
ca_ready
=
True
for
f
in
file_list
:
if
not
os
.
path
.
exists
(
f
):
ca_ready
=
False
break
if
ca_ready
:
return
for
f
in
file_list
:
if
os
.
path
.
exists
(
f
):
os
.
unlink
(
f
)
try
:
# no CA, let us create new one
popenCommunicate
([
self
.
openssl_binary
,
'req'
,
'-nodes'
,
'-config'
,
self
.
openssl_configuration
,
'-new'
,
'-x509'
,
'-extensions'
,
'v3_ca'
,
'-keyout'
,
self
.
key
,
'-out'
,
self
.
certificate
,
'-days'
,
'10950'
],
'Automatic Certificate Authority
\
n
'
)
except
:
try
:
for
f
in
file_list
:
if
os
.
path
.
exists
(
f
):
os
.
unlink
(
f
)
except
:
# do not raise during cleanup
pass
raise
def
_checkCertificate
(
self
,
common_name
,
key
,
certificate
):
file_list
=
[
key
,
certificate
]
ready
=
True
for
f
in
file_list
:
if
not
os
.
path
.
exists
(
f
):
ready
=
False
break
if
ready
:
return
False
for
f
in
file_list
:
if
os
.
path
.
exists
(
f
):
os
.
unlink
(
f
)
csr
=
certificate
+
'.csr'
try
:
popenCommunicate
([
self
.
openssl_binary
,
'req'
,
'-config'
,
self
.
openssl_configuration
,
'-nodes'
,
'-new'
,
'-keyout'
,
key
,
'-out'
,
csr
,
'-days'
,
'3650'
],
common_name
+
'
\
n
'
)
try
:
popenCommunicate
([
self
.
openssl_binary
,
'ca'
,
'-batch'
,
'-config'
,
self
.
openssl_configuration
,
'-out'
,
certificate
,
'-infiles'
,
csr
])
finally
:
if
os
.
path
.
exists
(
csr
):
os
.
unlink
(
csr
)
except
:
try
:
for
f
in
file_list
:
if
os
.
path
.
exists
(
f
):
os
.
unlink
(
f
)
except
:
# do not raise during cleanup
pass
raise
else
:
return
True
def
checkRequestDir
(
self
):
for
request_file
in
os
.
listdir
(
self
.
request_dir
):
parser
=
ConfigParser
.
RawConfigParser
()
parser
.
readfp
(
open
(
os
.
path
.
join
(
self
.
request_dir
,
request_file
),
'r'
))
if
self
.
_checkCertificate
(
parser
.
get
(
'certificate'
,
'name'
),
parser
.
get
(
'certificate'
,
'key_file'
),
parser
.
get
(
'certificate'
,
'certificate_file'
)):
print
'Created certificate %r'
%
parser
.
get
(
'certificate'
,
'name'
)
def
runCertificateAuthority
(
args
):
ca_conf
=
args
[
0
]
ca
=
CertificateAuthority
(
ca_conf
[
'key'
],
ca_conf
[
'certificate'
],
ca_conf
[
'openssl_binary'
],
ca_conf
[
'openssl_configuration'
],
ca_conf
[
'request_dir'
])
while
True
:
ca
.
checkAuthority
()
ca
.
checkRequestDir
()
time
.
sleep
(
60
)
slapos/recipe/kumofs/template/openssl.cnf.ca.in
0 → 100644
View file @
27b85290
This diff is collapsed.
Click to expand it.
slapos/recipe/kumofs/template/stunnel.conf.in
0 → 100644
View file @
27b85290
foreground = yes
output = %(log)s
pid = %(pid_file)s
syslog = no
;accept = %(ip)s%(port)s
CApath = %(ca_path)s
key = %(key)s
CRLpath = %(ca_crl)s
cert = %(cert)s
;key = /etc/ssl/certs/stunnel.pem
[mysqls]
accept = %(ipv6)s:%(port)s
connect = %(ipv4)s:%(external_port)s
software/kumofs/instance.cfg
View file @
27b85290
...
...
@@ -9,4 +9,9 @@ develop-eggs-directory = ${buildout:develop-eggs-directory}
recipe = ${instance-recipe:egg}:${instance-recipe:module}
kumo_gateway_binary = ${kumo:location}/bin/kumo-gateway
kumo_manager_binary = ${kumo:location}/bin/kumo-manager
kumo_server_binary = ${kumo:location}/bin/kumo-server
\ No newline at end of file
kumo_server_binary = ${kumo:location}/bin/kumo-server
dcrond_binary = ${dcron:location}/sbin/crond
innobackupex_binary = ${xtrabackup:location}/bin/innobackupex
openssl_binary = ${openssl:location}/bin/openssl
rdiff_backup_binary = ${buildout:bin-directory}/rdiff-backup
stunnel_binary = ${stunnel:location}/bin/stunnel
software/kumofs/software.cfg
View file @
27b85290
...
...
@@ -15,6 +15,10 @@ extends =
../../component/git/buildout.cfg
../../component/kumo/buildout.cfg
../../component/python-2.7/buildout.cfg
../../component/dcron/buildout.cfg
../../component/stunnel/buildout.cfg
../../component/python-2.7/buildout.cfg
../../component/rdiff-backup/buildout.cfg
versions = versions
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment