Commit 4c102f4c authored by Alain Takoudjou's avatar Alain Takoudjou

caucase: allow to defined how many csr should be signed automatically

The caucase parameter 'auto-sign-csr' used to say if the first csr should be signed
was changed to 'auto-sign-csr-amount' to let specify how many csr can be signed without
human intervention.
This parameter will be set to 2 in erp5 software release, so that caucase http server and
apache server cas request thier certificate automatically.
parent 6f32b361
{
"type": "object",
"$schema": "http://json-schema.org/draft-04/schema",
"extends": "./schema-definitions.json#",
"title": "Input Parameters",
"properties": {
"server-port": {
"allOf": [{
"$ref": "#/definitions/tcpv4port"
}, {
"title": "http port to use",
"description": "Caucase http port to use.",
"type": "integer",
"default": 8009,
"minimum": 1,
"maximum": 65535
"default": 8009
}]
},
"server-https-port": {
"allOf": [{
"$ref": "#/definitions/tcpv4port"
}, {
"title": "https port to use",
"description": "Caucase port to use for https connexion.",
"type": "integer",
"default": 8010,
"minimum": 1,
"maximum": 65535
"default": 8010
}]
},
"external-url": {
"title": "External http url",
......@@ -61,6 +64,13 @@
"description": "The time in seconds before a generated certificate will be deleted on CA server. Set 0 to never delete. Default: 30*24*60*60 seconds (30 days)",
"default": 5184000,
"type": "integer"
},
"auto-sign-csr-amount": {
"title": "Number of CSR to sign automatically",
"description": "The number of CSR to sign automatically at startup. Has no effect if there is more than the specified value of csr submitted to caucase. This value should be as lowest as possible",
"default": 1,
"minimum": 1,
"type": "integer"
}
}
}
\ No newline at end of file
......@@ -5,6 +5,6 @@ extends =
parts =
slapos-cookbook
cacause-extra-eggs
caucase-extra-eggs
instance-caucase
......@@ -88,17 +88,18 @@ context =
[versions]
Flask-User = 0.6.11
SQLAlchemy = 1.1.9
caucase = 0.1.3
apache-libcloud = 2.1.0
bcrypt = 3.1.3
caucase = 0.1.4
futures = 3.1.1
gitdb2 = 2.0.2
gunicorn = 19.7.1
slapos.recipe.template = 3.0
APacheDEX = 1.6.2
bcrypt = 3.1.3
slapos.toolbox = 0.69
smmap2 = 2.0.3
# Required by:
# caucase==0.1.3
# caucase==0.1.4
Flask-AlchemyDumps = 0.0.10
# Required by:
......@@ -122,6 +123,18 @@ Flask-Script = 2.0.5
# Flask-User==0.6.11
Flask-WTF = 0.14.2
# Required by:
# slapos.toolbox==0.69
GitPython = 2.1.5
# Required by:
# slapos.toolbox==0.69
PyRSS2Gen = 1.1
# Required by:
# Flask-AlchemyDumps==0.0.10
SQLAlchemy = 1.1.11
# Required by:
# Flask-AlchemyDumps==0.0.10
Unipath = 1.1
......@@ -130,14 +143,45 @@ Unipath = 1.1
# Flask-WTF==0.14.2
WTForms = 2.1
# Required by:
# slapos.toolbox==0.69
atomize = 0.2.0
# Required by:
# Flask-Mail==0.9.1
blinker = 1.4
# Required by:
# caucase==0.1.3
# slapos.toolbox==0.69
dnspython = 1.15.0
# Required by:
# slapos.toolbox==0.69
erp5.util = 0.4.49
# Required by:
# slapos.toolbox==0.69
feedparser = 5.2.1
# Required by:
# slapos.toolbox==0.69
lockfile = 0.12.2
# Required by:
# slapos.toolbox==0.69
passlib = 1.7.1
# Required by:
# caucase==0.1.4
pem = 16.1.0
# caucase==0.1.4
pyasn1 = 0.2.3
# Required by:
# caucase==0.1.4
pyasn1-modules = 0.0.9
# Required by:
# Flask-User==0.6.11
pycryptodome = 3.4.6
......@@ -28,7 +28,7 @@ md5sum = a317d2f948cd3d16c860d05cc07ecf42
[template-caucase]
filename = instance-caucase.cfg.jinja2.in
md5sum = 1988d9c98c2331f49335a1b9a4c26026
md5sum = 7db9e8bf23cf4689e7986c381b94d2cb
[instance-caucase]
filename = instance.cfg.in
......
......@@ -24,6 +24,12 @@ crl-life-period = {{ slapparameter_dict.get('crl-life-period', 0.02) }}
ca-life-period = {{ slapparameter_dict.get('ca-life-period', 10) }}
# time before clean certificate on CA: 60*24*60*60
crt-keep-time = {{ slapparameter_dict.get('crt-keep-time', 5184000) }}
# number of csr to sign automaticaly, minimum value is 1
{% if int(slapparameter_dict.get('auto-sign-csr-amount', 1)) < 1 -%}
auto-sign-csr-amount = 1
{% else -%}
auto-sign-csr-amount = {{ slapparameter_dict.get('auto-sign-csr-amount', 1) }}
{% endif -%}
[directory]
recipe = slapos.cookbook:mkdirectory
......@@ -135,6 +141,8 @@ input = inline:
ca-life-period ${ca-parameters:ca-life-period}
# time before clean certificate on CA: 60*24*60*60
crt-keep-time ${ca-parameters:crt-keep-time}
# number of csr to sign automaticaly
auto-sign-csr-amount ${ca-parameters:auto-sign-csr-amount}
output = ${directory:etc}/ca.conf
mode = 700
......@@ -211,6 +219,7 @@ curl_path = {{ curl_executable_location }}
recipe = slapos.cookbook:publish.serialised
http-url = ${caucase-server:http-url}
https-url = ${caucase-server:url}
init-user = admin
{% do part_list.append('publish-connection-parameter') -%}
{% endif -%}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment