Commit ca0fd8e3 authored by Łukasz Nowak's avatar Łukasz Nowak

stack/caucase: Implement updater promise

This promise will check that certificate matches the key and will check
that it is renewed before 15 days before expiration.
parent 8c1fa483
No related merge requests found
...@@ -15,4 +15,4 @@ ...@@ -15,4 +15,4 @@
[caucase-jinja2-library] [caucase-jinja2-library]
filename = caucase.jinja2.library filename = caucase.jinja2.library
md5sum = 93dae9ec9df9c095f69b175e5772677e md5sum = 9a7247cdb2ee1d66c074b0660c54713f
...@@ -52,7 +52,8 @@ config-command = '{{ buildout_bin_directory }}/caucase-probe' 'http://{{ netloc ...@@ -52,7 +52,8 @@ config-command = '{{ buildout_bin_directory }}/caucase-probe' 'http://{{ netloc
mode='service', mode='service',
template_csr=None, template_csr=None,
template_csr_pem=None, template_csr_pem=None,
openssl=None openssl=None,
promise=True
) -%} ) -%}
[{{ prefix }}-directory] [{{ prefix }}-directory]
recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
...@@ -104,6 +105,15 @@ command-line = '{{ buildout_bin_directory }}/caucase-updater' ...@@ -104,6 +105,15 @@ command-line = '{{ buildout_bin_directory }}/caucase-updater'
{% if key_path %}--key '{{ key_path }}' {%- endif %} {% if key_path %}--key '{{ key_path }}' {%- endif %}
{% if on_renew %}--on-renew '{{ on_renew }}' {%- endif %} {% if on_renew %}--on-renew '{{ on_renew }}' {%- endif %}
{% if max_sleep %}--max-sleep '{{ max_sleep }}' {%- endif %} {% if max_sleep %}--max-sleep '{{ max_sleep }}' {%- endif %}
{% if promise -%}
[{{ prefix }}-promise]
<= monitor-promise-base
module = check_certificate
name = {{ prefix }}.py
config-certificate = {{ crt_path }}
config-key = {{ key_path }}
config-certificate-expiration-days = 15
{%- endif %}
{%- endmacro %} {%- endmacro %}
{% macro rerequest(prefix, buildout_bin_directory, template, csr, key) -%} {% macro rerequest(prefix, buildout_bin_directory, template, csr, key) -%}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment