{% macro caucased( prefix, buildout_bin_directory, caucased_path, data_dir, netloc, service_auto_approve_count=0, user_auto_approve_count=1, key_len=None, backup_dir=None, promise=True ) -%} [{{ prefix }}-directory] recipe = slapos.cookbook:mkdirectory data-dir = {{ data_dir }} mode = 0750 [{{ prefix }}] recipe = slapos.cookbook:wrapper wrapper-path = {{ caucased_path }} command-line = '{{ buildout_bin_directory }}/caucased' --db '${ {{- prefix }}-directory:data-dir}/caucase.sqlite' --server-key '${ {{- prefix }}-directory:data-dir}/server.key.pem' --netloc '{{ netloc }}' {% if key_len %}--key-len '{{ key_len }}' {%- endif %} {% if backup_dir %}--backup-directory {{ backup_dir }} {%- endif %} --service-auto-approve-count '{{ service_auto_approve_count }}' --user-auto-approve-count '{{ user_auto_approve_count }}' --lock-auto-approve-count {% if promise -%} [{{ prefix }}-promise] <= monitor-promise-base module = check_command_execute name = {{ prefix }}.py config-command = '{{ buildout_bin_directory }}/caucase-probe' 'http://{{ netloc }}' {%- endif %} {%- endmacro %} {% macro updater( prefix, buildout_bin_directory, updater_path, url, data_dir, ca_path, crl_path, crt_path=None, key_path=None, on_renew=None, max_sleep=None, mode='service', template_csr=None, template_csr_pem=None, openssl=None, promise=True ) -%} [{{ prefix }}-directory] recipe = slapos.cookbook:mkdirectory data-dir = {{ data_dir }} {% if crt_path %} {% if template_csr_pem or template_csr -%} [{{ prefix }}-provided-csr-content] {% if template_csr_pem %} content = {{ dumps(template_csr_pem) }} {% elif template_csr %} content = {{ template_csr }} {% endif %} [{{ prefix }}-provided-csr] recipe = slapos.recipe.template:jinja2 mode = 644 {% if template_csr_pem %} template = inline:{{ '{{ content }}' }} rendered = ${ {{- prefix }}-directory:data-dir}/provided.csr.pem context = key content {{ prefix }}-provided-csr-content:content {% elif template_csr %} template = {{ '${' + prefix }}-provided-csr-content:content} rendered = ${ {{- prefix }}-directory:data-dir}/provided.csr.pem {% endif %} {{ rerequest( prefix=prefix ~ '-csr', buildout_bin_directory=buildout_bin_directory, template='${' ~ prefix ~ '-provided-csr:rendered}', csr='${:csr}', key=key_path, )}} {%- else -%} [{{ prefix }}-csr] recipe = plone.recipe.command command = '{{ openssl }}' req -newkey rsa:2048 -batch -new -nodes -subj /CN=example.com -keyout '{{ key_path or crt_path }}' -out '${:csr}' {%- endif %} csr = ${ {{- prefix }}-directory:data-dir}/good.csr.pem {%- endif %} [{{ prefix }}] recipe = slapos.cookbook:wrapper wrapper-path = {{ updater_path }} command-line = '{{ buildout_bin_directory }}/caucase-updater' --ca-url '{{ url }}' --cas-ca '${ {{- prefix }}-directory:data-dir}/cas.crt.pem' --mode '{{ mode }}' {% if crt_path %}--csr '${ {{- prefix }}-csr:csr}' --crt '{{ crt_path }}' {%- endif %} --ca '{{ ca_path }}' --crl '{{ crl_path }}' {% if key_path %}--key '{{ key_path }}' {%- endif %} {% if on_renew %}--on-renew '{{ on_renew }}' {%- endif %} {% if max_sleep %}--max-sleep '{{ max_sleep }}' {%- endif %} {% if promise -%} [{{ prefix }}-promise] <= monitor-promise-base module = check_certificate name = {{ prefix }}.py config-certificate = {{ crt_path }} config-key = {{ key_path }} config-certificate-expiration-days = 15 {%- endif %} {%- endmacro %} {% macro rerequest(prefix, buildout_bin_directory, template, csr, key) -%} [{{ prefix }}] recipe = plone.recipe.command checksum-file = '{{ template }}.md5' command = set -e md5_current=$(${buildout:executable} -c "import hashlib ; hashlib.md5(open('{{ template }}').read()).hexdigest()") md5_old=$([ -f ${:checksum-file} ] && cat ${:checksum-file} || echo none) if [ "$md5_current" != "$md5_old" ] || [ ! -f '{{ csr }}' ] || [ ! -f '{{ key }}' ] ; then '{{ buildout_bin_directory }}/caucase-rerequest' --template '{{ template }}' --csr '{{ csr }}' --key '{{ key }}' echo $md5_current > ${:checksum-file} fi update-command = ${:command} stop-on-error = True {%- endmacro %}