Commit ca0fd8e3 authored by Łukasz Nowak's avatar Łukasz Nowak

stack/caucase: Implement updater promise

This promise will check that certificate matches the key and will check
that it is renewed before 15 days before expiration.
parent 8c1fa483
......@@ -15,4 +15,4 @@
[caucase-jinja2-library]
filename = caucase.jinja2.library
md5sum = 93dae9ec9df9c095f69b175e5772677e
md5sum = 9a7247cdb2ee1d66c074b0660c54713f
......@@ -52,7 +52,8 @@ config-command = '{{ buildout_bin_directory }}/caucase-probe' 'http://{{ netloc
mode='service',
template_csr=None,
template_csr_pem=None,
openssl=None
openssl=None,
promise=True
) -%}
[{{ prefix }}-directory]
recipe = slapos.cookbook:mkdirectory
......@@ -104,6 +105,15 @@ command-line = '{{ buildout_bin_directory }}/caucase-updater'
{% if key_path %}--key '{{ key_path }}' {%- endif %}
{% if on_renew %}--on-renew '{{ on_renew }}' {%- endif %}
{% if max_sleep %}--max-sleep '{{ max_sleep }}' {%- endif %}
{% if promise -%}
[{{ prefix }}-promise]
<= monitor-promise-base
module = check_certificate
name = {{ prefix }}.py
config-certificate = {{ crt_path }}
config-key = {{ key_path }}
config-certificate-expiration-days = 15
{%- endif %}
{%- endmacro %}
{% macro rerequest(prefix, buildout_bin_directory, template, csr, key) -%}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment