From 4c102f4c1218d9688a061b440dd2631b38d45488 Mon Sep 17 00:00:00 2001 From: Alain Takoudjou <alain.takoudjou@nexedi.com> Date: Fri, 21 Jul 2017 15:41:17 +0200 Subject: [PATCH] caucase: allow to defined how many csr should be signed automatically The caucase parameter 'auto-sign-csr' used to say if the first csr should be signed was changed to 'auto-sign-csr-amount' to let specify how many csr can be signed without human intervention. This parameter will be set to 2 in erp5 software release, so that caucase http server and apache server cas request thier certificate automatically. --- .../instance-caucase-input-schema.json | 34 +++++++---- software/caucase/software.cfg | 2 +- stack/caucase/buildout.cfg | 58 ++++++++++++++++--- stack/caucase/buildout.hash.cfg | 2 +- stack/caucase/instance-caucase.cfg.jinja2.in | 9 +++ 5 files changed, 84 insertions(+), 21 deletions(-) diff --git a/software/caucase/instance-caucase-input-schema.json b/software/caucase/instance-caucase-input-schema.json index 1f5705844..2592373fb 100644 --- a/software/caucase/instance-caucase-input-schema.json +++ b/software/caucase/instance-caucase-input-schema.json @@ -1,23 +1,26 @@ { "type": "object", "$schema": "http://json-schema.org/draft-04/schema", + "extends": "./schema-definitions.json#", "title": "Input Parameters", "properties": { "server-port": { - "title": "http port to use", - "description": "Caucase http port to use.", - "type": "integer", - "default": 8009, - "minimum": 1, - "maximum": 65535 + "allOf": [{ + "$ref": "#/definitions/tcpv4port" + }, { + "title": "http port to use", + "description": "Caucase http port to use.", + "default": 8009 + }] }, "server-https-port": { - "title": "https port to use", - "description": "Caucase port to use for https connexion.", - "type": "integer", - "default": 8010, - "minimum": 1, - "maximum": 65535 + "allOf": [{ + "$ref": "#/definitions/tcpv4port" + }, { + "title": "https port to use", + "description": "Caucase port to use for https connexion.", + "default": 8010 + }] }, "external-url": { "title": "External http url", @@ -61,6 +64,13 @@ "description": "The time in seconds before a generated certificate will be deleted on CA server. Set 0 to never delete. Default: 30*24*60*60 seconds (30 days)", "default": 5184000, "type": "integer" + }, + "auto-sign-csr-amount": { + "title": "Number of CSR to sign automatically", + "description": "The number of CSR to sign automatically at startup. Has no effect if there is more than the specified value of csr submitted to caucase. This value should be as lowest as possible", + "default": 1, + "minimum": 1, + "type": "integer" } } } \ No newline at end of file diff --git a/software/caucase/software.cfg b/software/caucase/software.cfg index 7d4324316..0a812c7b0 100644 --- a/software/caucase/software.cfg +++ b/software/caucase/software.cfg @@ -5,6 +5,6 @@ extends = parts = slapos-cookbook - cacause-extra-eggs + caucase-extra-eggs instance-caucase diff --git a/stack/caucase/buildout.cfg b/stack/caucase/buildout.cfg index e2c881c7c..b74e93f0b 100644 --- a/stack/caucase/buildout.cfg +++ b/stack/caucase/buildout.cfg @@ -88,17 +88,18 @@ context = [versions] Flask-User = 0.6.11 -SQLAlchemy = 1.1.9 -caucase = 0.1.3 +apache-libcloud = 2.1.0 +bcrypt = 3.1.3 +caucase = 0.1.4 futures = 3.1.1 +gitdb2 = 2.0.2 gunicorn = 19.7.1 slapos.recipe.template = 3.0 - -APacheDEX = 1.6.2 -bcrypt = 3.1.3 +slapos.toolbox = 0.69 +smmap2 = 2.0.3 # Required by: -# caucase==0.1.3 +# caucase==0.1.4 Flask-AlchemyDumps = 0.0.10 # Required by: @@ -122,6 +123,18 @@ Flask-Script = 2.0.5 # Flask-User==0.6.11 Flask-WTF = 0.14.2 +# Required by: +# slapos.toolbox==0.69 +GitPython = 2.1.5 + +# Required by: +# slapos.toolbox==0.69 +PyRSS2Gen = 1.1 + +# Required by: +# Flask-AlchemyDumps==0.0.10 +SQLAlchemy = 1.1.11 + # Required by: # Flask-AlchemyDumps==0.0.10 Unipath = 1.1 @@ -130,14 +143,45 @@ Unipath = 1.1 # Flask-WTF==0.14.2 WTForms = 2.1 +# Required by: +# slapos.toolbox==0.69 +atomize = 0.2.0 + # Required by: # Flask-Mail==0.9.1 blinker = 1.4 # Required by: -# caucase==0.1.3 +# slapos.toolbox==0.69 +dnspython = 1.15.0 + +# Required by: +# slapos.toolbox==0.69 +erp5.util = 0.4.49 + +# Required by: +# slapos.toolbox==0.69 +feedparser = 5.2.1 + +# Required by: +# slapos.toolbox==0.69 +lockfile = 0.12.2 + +# Required by: +# slapos.toolbox==0.69 +passlib = 1.7.1 + +# Required by: +# caucase==0.1.4 pem = 16.1.0 +# caucase==0.1.4 +pyasn1 = 0.2.3 + +# Required by: +# caucase==0.1.4 +pyasn1-modules = 0.0.9 + # Required by: # Flask-User==0.6.11 pycryptodome = 3.4.6 diff --git a/stack/caucase/buildout.hash.cfg b/stack/caucase/buildout.hash.cfg index 34da2fa67..10761ed70 100644 --- a/stack/caucase/buildout.hash.cfg +++ b/stack/caucase/buildout.hash.cfg @@ -28,7 +28,7 @@ md5sum = a317d2f948cd3d16c860d05cc07ecf42 [template-caucase] filename = instance-caucase.cfg.jinja2.in -md5sum = 1988d9c98c2331f49335a1b9a4c26026 +md5sum = 7db9e8bf23cf4689e7986c381b94d2cb [instance-caucase] filename = instance.cfg.in diff --git a/stack/caucase/instance-caucase.cfg.jinja2.in b/stack/caucase/instance-caucase.cfg.jinja2.in index febd9b04f..a964a2c31 100644 --- a/stack/caucase/instance-caucase.cfg.jinja2.in +++ b/stack/caucase/instance-caucase.cfg.jinja2.in @@ -24,6 +24,12 @@ crl-life-period = {{ slapparameter_dict.get('crl-life-period', 0.02) }} ca-life-period = {{ slapparameter_dict.get('ca-life-period', 10) }} # time before clean certificate on CA: 60*24*60*60 crt-keep-time = {{ slapparameter_dict.get('crt-keep-time', 5184000) }} +# number of csr to sign automaticaly, minimum value is 1 +{% if int(slapparameter_dict.get('auto-sign-csr-amount', 1)) < 1 -%} +auto-sign-csr-amount = 1 +{% else -%} +auto-sign-csr-amount = {{ slapparameter_dict.get('auto-sign-csr-amount', 1) }} +{% endif -%} [directory] recipe = slapos.cookbook:mkdirectory @@ -135,6 +141,8 @@ input = inline: ca-life-period ${ca-parameters:ca-life-period} # time before clean certificate on CA: 60*24*60*60 crt-keep-time ${ca-parameters:crt-keep-time} + # number of csr to sign automaticaly + auto-sign-csr-amount ${ca-parameters:auto-sign-csr-amount} output = ${directory:etc}/ca.conf mode = 700 @@ -211,6 +219,7 @@ curl_path = {{ curl_executable_location }} recipe = slapos.cookbook:publish.serialised http-url = ${caucase-server:http-url} https-url = ${caucase-server:url} +init-user = admin {% do part_list.append('publish-connection-parameter') -%} {% endif -%} -- 2.30.9