Commit 3b1a991b authored by Levin Zimmermann's avatar Levin Zimmermann

stack/erp5/WCFS+NEO{SSL:1}: Auto-deploy SSL files from instance parameters

Before this patch SlapOS users had to manually add SSL files in case WCFS
was used in combination with NEO+SSL. This is bad as we can easily forget
to update local parameter files when updating instance parameters ("_ca",
"_cert" and "_key"). This builds up on nexedi/slapos@706801f2.
parent 9ec83164
...@@ -102,4 +102,4 @@ md5sum = 5cf0316fdd17a940031e4083bbededd8 ...@@ -102,4 +102,4 @@ md5sum = 5cf0316fdd17a940031e4083bbededd8
[instance-wcfs.cfg.in] [instance-wcfs.cfg.in]
filename = instance-wcfs.cfg.in filename = instance-wcfs.cfg.in
md5sum = 8902dee42974083d3d96614070be049b md5sum = 29bff387a18b0c54a3868453114e10f0
{# instance that runs WCFS service associated with ZODB storage #} {# instance that runs WCFS service associated with ZODB storage #}
{% from "instance_zodb_base" import zodb_dict with context %} {% from "instance_zodb_base" import zodb_dict with context %}
{% macro section(name) %}{% do part_list.append(name) %}{{ name }}{% endmacro -%}
{% set part_list = [] -%}
{% set ssl_dict = {"ca": 'ca.crt', "cert": 'neo.crt', "key": 'neo.key'} -%}
{# build zurl to connect to configured ZODB #} {# build zurl to connect to configured ZODB #}
{% if len(zodb_dict) != 1 -%} {% if len(zodb_dict) != 1 -%}
...@@ -8,7 +10,7 @@ ...@@ -8,7 +10,7 @@
{% endif -%} {% endif -%}
{% set db_name, zodb = zodb_dict.popitem() -%} {% set db_name, zodb = zodb_dict.popitem() -%}
{% set z = zodb['storage-dict'] -%} {% set z = dict(zodb['storage-dict']) -%}
{% if zodb['type'] == 'zeo' -%} {% if zodb['type'] == 'zeo' -%}
{% set zurl = ('zeo://%s?storage=%s' % (z['server'], z['storage'])) -%} {% set zurl = ('zeo://%s?storage=%s' % (z['server'], z['storage'])) -%}
{% elif zodb['type'] == 'neo' -%} {% elif zodb['type'] == 'neo' -%}
...@@ -27,6 +29,7 @@ ...@@ -27,6 +29,7 @@
{# they can be ignored as they are merely resulting from a convenience hack. -#} {# they can be ignored as they are merely resulting from a convenience hack. -#}
{# (see https://lab.nexedi.com/nexedi/slapos/commit/706801f2) -#} {# (see https://lab.nexedi.com/nexedi/slapos/commit/706801f2) -#}
{% if k not in ["_ca", "_key", "_cert"] %} {% if k not in ["_ca", "_key", "_cert"] %}
{% set v = (ssl_dict.get(k) and "${directory:etc}/" + ssl_dict.get(k)) or v -%}
{% do argv.append('%s=%s' % (k,v)) -%} {% do argv.append('%s=%s' % (k,v)) -%}
{% endif %} {% endif %}
{% endfor -%} {% endfor -%}
...@@ -38,14 +41,6 @@ ...@@ -38,14 +41,6 @@
{% endif -%} {% endif -%}
[buildout]
extends = {{ template_monitor }}
parts +=
wcfs
wcfs-promise
publish
[directory] [directory]
recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc etc = ${buildout:directory}/etc
...@@ -71,3 +66,31 @@ config-command = {{ bin_directory }}/wcfs status {{ zurl }} ...@@ -71,3 +66,31 @@ config-command = {{ bin_directory }}/wcfs status {{ zurl }}
[publish] [publish]
recipe = slapos.cookbook:publish.serialised recipe = slapos.cookbook:publish.serialised
serving-zurl = {{ zurl }} serving-zurl = {{ zurl }}
{# Hack to deploy SSL certs via instance parameters -#}
{# XXX Duplication wrt https://lab.nexedi.com/nexedi/slapos/-/blob/5ae99219/stack/erp5/instance-zope.cfg.in -#}
{% set storage_dict = zodb.setdefault('storage-dict', {}) -%}
{% if zodb['type'] == 'neo' and storage_dict.get('ssl', 1) -%}
{% for k,v in ssl_dict|dictsort -%}
{% set k = "_{}".format(k) -%}
{% if k in storage_dict -%}
[{{ section('neo-ssl-' + k[1:]) }}]
recipe = slapos.recipe.template:jinja2
output = ${directory:etc}/{{v}}
inline = {{'{{'}}pem}}
context = key pem :pem
pem = {{dumps(storage_dict.pop(k))}}
{% endif -%}
{% endfor -%}
{% endif -%}
{# endhack -#}
[buildout]
extends = {{ template_monitor }}
parts +=
wcfs
wcfs-promise
publish
{{ '\n '.join(part_list) }}
...@@ -102,4 +102,4 @@ md5sum = 5cf0316fdd17a940031e4083bbededd8 ...@@ -102,4 +102,4 @@ md5sum = 5cf0316fdd17a940031e4083bbededd8
[instance-wcfs.cfg.in] [instance-wcfs.cfg.in]
filename = instance-wcfs.cfg.in filename = instance-wcfs.cfg.in
md5sum = 8902dee42974083d3d96614070be049b md5sum = 29bff387a18b0c54a3868453114e10f0
{# instance that runs WCFS service associated with ZODB storage #} {# instance that runs WCFS service associated with ZODB storage #}
{% from "instance_zodb_base" import zodb_dict with context %} {% from "instance_zodb_base" import zodb_dict with context %}
{% macro section(name) %}{% do part_list.append(name) %}{{ name }}{% endmacro -%}
{% set part_list = [] -%}
{% set ssl_dict = {"ca": 'ca.crt', "cert": 'neo.crt', "key": 'neo.key'} -%}
{# build zurl to connect to configured ZODB #} {# build zurl to connect to configured ZODB #}
{% if len(zodb_dict) != 1 -%} {% if len(zodb_dict) != 1 -%}
...@@ -8,7 +10,7 @@ ...@@ -8,7 +10,7 @@
{% endif -%} {% endif -%}
{% set db_name, zodb = zodb_dict.popitem() -%} {% set db_name, zodb = zodb_dict.popitem() -%}
{% set z = zodb['storage-dict'] -%} {% set z = dict(zodb['storage-dict']) -%}
{% if zodb['type'] == 'zeo' -%} {% if zodb['type'] == 'zeo' -%}
{% set zurl = ('zeo://%s?storage=%s' % (z['server'], z['storage'])) -%} {% set zurl = ('zeo://%s?storage=%s' % (z['server'], z['storage'])) -%}
{% elif zodb['type'] == 'neo' -%} {% elif zodb['type'] == 'neo' -%}
...@@ -27,6 +29,7 @@ ...@@ -27,6 +29,7 @@
{# they can be ignored as they are merely resulting from a convenience hack. -#} {# they can be ignored as they are merely resulting from a convenience hack. -#}
{# (see https://lab.nexedi.com/nexedi/slapos/commit/706801f2) -#} {# (see https://lab.nexedi.com/nexedi/slapos/commit/706801f2) -#}
{% if k not in ["_ca", "_key", "_cert"] %} {% if k not in ["_ca", "_key", "_cert"] %}
{% set v = (ssl_dict.get(k) and "${directory:etc}/" + ssl_dict.get(k)) or v -%}
{% do argv.append('%s=%s' % (k,v)) -%} {% do argv.append('%s=%s' % (k,v)) -%}
{% endif %} {% endif %}
{% endfor -%} {% endfor -%}
...@@ -38,14 +41,6 @@ ...@@ -38,14 +41,6 @@
{% endif -%} {% endif -%}
[buildout]
extends = {{ template_monitor }}
parts +=
wcfs
wcfs-promise
publish
[directory] [directory]
recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc etc = ${buildout:directory}/etc
...@@ -71,3 +66,31 @@ config-command = {{ bin_directory }}/wcfs status {{ zurl }} ...@@ -71,3 +66,31 @@ config-command = {{ bin_directory }}/wcfs status {{ zurl }}
[publish] [publish]
recipe = slapos.cookbook:publish.serialised recipe = slapos.cookbook:publish.serialised
serving-zurl = {{ zurl }} serving-zurl = {{ zurl }}
{# Hack to deploy SSL certs via instance parameters -#}
{# XXX Duplication wrt https://lab.nexedi.com/nexedi/slapos/-/blob/5ae99219/stack/erp5/instance-zope.cfg.in -#}
{% set storage_dict = zodb.setdefault('storage-dict', {}) -%}
{% if zodb['type'] == 'neo' and storage_dict.get('ssl', 1) -%}
{% for k,v in ssl_dict|dictsort -%}
{% set k = "_{}".format(k) -%}
{% if k in storage_dict -%}
[{{ section('neo-ssl-' + k[1:]) }}]
recipe = slapos.recipe.template:jinja2
output = ${directory:etc}/{{v}}
inline = {{'{{'}}pem}}
context = key pem :pem
pem = {{dumps(storage_dict.pop(k))}}
{% endif -%}
{% endfor -%}
{% endif -%}
{# endhack -#}
[buildout]
extends = {{ template_monitor }}
parts +=
wcfs
wcfs-promise
publish
{{ '\n '.join(part_list) }}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment