Commit bfc71aca authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Encapsulate kedifa-configuration

Instead of passing various kedifa information to the profile generating
configuration use section kedifa-configuration and access later such grouped
values.
parent 8dd5c1da
Pipeline #10465 failed with stage
...@@ -22,7 +22,7 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b ...@@ -22,7 +22,7 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b
[template-apache-frontend] [template-apache-frontend]
filename = instance-apache-frontend.cfg.in filename = instance-apache-frontend.cfg.in
md5sum = 89effc56e5517678b630f62b3477a460 md5sum = 1eae89931b305d9b9e34769946203c1c
[template-caddy-replicate] [template-caddy-replicate]
filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
...@@ -30,7 +30,7 @@ md5sum = 6d7113ebf0c46b0e4c72c128ebb647db ...@@ -30,7 +30,7 @@ md5sum = 6d7113ebf0c46b0e4c72c128ebb647db
[template-slave-list] [template-slave-list]
_update_hash_filename_ = templates/apache-custom-slave-list.cfg.in _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
md5sum = 63eb20821549182a1ab7325604c30c1e md5sum = 9a5919a00a166fb8e902a72707ebc407
[template-replicate-publish-slave-information] [template-replicate-publish-slave-information]
_update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in _update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
......
...@@ -191,6 +191,18 @@ stop-on-error = True ...@@ -191,6 +191,18 @@ stop-on-error = True
template_csr='${kedifa-login-csr:template-csr}' template_csr='${kedifa-login-csr:template-csr}'
)}} )}}
[kedifa-configuration]
caucase-url = {{ slapparameter_dict['kedifa-caucase-url'] }}
ca-certificate = ${kedifa-login-config:ca-certificate}
certificate = ${kedifa-login-config:certificate}
cas-ca-certificate = ${kedifa-login-config:cas-ca-certificate}
csr = ${caucase-updater-csr:csr}
crl = ${kedifa-login-config:crl}
kedifa-updater = {{ parameter_dict['kedifa-updater'] }}
kedifa-updater-mapping-file = ${directory:etc}/kedifa_updater_mapping.txt
kedifa-updater-state-file = ${directory:srv}/kedifa_updater_state.json
slave_kedifa_information = {{ dumps(slapparameter_dict['slave-kedifa-information']) }}
[dynamic-custom-personal-template-slave-list] [dynamic-custom-personal-template-slave-list]
< = jinja2-template-base < = jinja2-template-base
template = {{ parameter_dict['template_slave_list'] }} template = {{ parameter_dict['template_slave_list'] }}
...@@ -198,46 +210,31 @@ filename = custom-personal-instance-slave-list.cfg ...@@ -198,46 +210,31 @@ filename = custom-personal-instance-slave-list.cfg
slave_instance_list = {{ dumps(instance_parameter['slave-instance-list']) }} slave_instance_list = {{ dumps(instance_parameter['slave-instance-list']) }}
extra_slave_instance_list = {{ dumps(instance_parameter.get('configuration.extra_slave_instance_list')) }} extra_slave_instance_list = {{ dumps(instance_parameter.get('configuration.extra_slave_instance_list')) }}
master_key_download_url = {{ dumps(slapparameter_dict['master-key-download-url']) }} master_key_download_url = {{ dumps(slapparameter_dict['master-key-download-url']) }}
slave_kedifa_information = {{ dumps(slapparameter_dict['slave-kedifa-information']) }}
local_ipv4 = {{ dumps(instance_parameter['ipv4-random']) }} local_ipv4 = {{ dumps(instance_parameter['ipv4-random']) }}
local_ipv6 = {{ dumps(instance_parameter['ipv6-random']) }} local_ipv6 = {{ dumps(instance_parameter['ipv6-random']) }}
software_type = single-custom-personal software_type = single-custom-personal
bin_directory = {{ parameter_dict['bin_directory'] }} bin_directory = {{ parameter_dict['bin_directory'] }}
caddy_executable = {{ parameter_dict['caddy'] }} caddy_executable = {{ parameter_dict['caddy'] }}
caucase_url = {{ slapparameter_dict['kedifa-caucase-url'] }}
sixtunnel_executable = {{ parameter_dict['sixtunnel'] }}/bin/6tunnel sixtunnel_executable = {{ parameter_dict['sixtunnel'] }}/bin/6tunnel
kedifa-updater = {{ parameter_dict['kedifa-updater'] }} organization = {{ slapparameter_dict['cluster-identification'] }}
kedifa-updater-mapping-file = ${directory:etc}/kedifa_updater_mapping.txt organizational-unit = {{ instance_parameter['configuration.frontend-name'] }}
kedifa-updater-state-file = ${directory:srv}/kedifa_updater_state.json
kedifa-csr = {{ parameter_dict['kedifa-csr'] }}
extra-context = extra-context =
key kedifa_caucase_ca_certificate kedifa-login-config:ca-certificate
key kedifa_login_certificate kedifa-login-config:certificate
key caddy_configuration_directory caddy-directory:slave-configuration key caddy_configuration_directory caddy-directory:slave-configuration
key caddy_cached_configuration_directory caddy-directory:slave-with-cache-configuration key caddy_cached_configuration_directory caddy-directory:slave-with-cache-configuration
key slave_with_cache_configuration_directory caddy-directory:slave-with-cache-configuration key slave_with_cache_configuration_directory caddy-directory:slave-with-cache-configuration
key kedifa_updater :kedifa-updater
key kedifa_updater_mapping_file :kedifa-updater-mapping-file
key kedifa_updater_state_file :kedifa-updater-state-file
key kedifa_csr :kedifa-csr
key caddy_executable :caddy_executable key caddy_executable :caddy_executable
key caucase_url :caucase_url
key certificate_organization kedifa-login-csr:organization
key certificate_organizational_unit kedifa-login-csr:organizational_unit
key csr_id_csr caucase-updater-csr:csr
key csr_crl kedifa-login-config:crl
key csr_cas_ca_certificate kedifa-login-config:cas-ca-certificate
key http_port configuration:plain_http_port key http_port configuration:plain_http_port
key https_port configuration:port key https_port configuration:port
key public_ipv4 configuration:public-ipv4 key public_ipv4 configuration:public-ipv4
key slave_instance_list :slave_instance_list key slave_instance_list :slave_instance_list
key extra_slave_instance_list :extra_slave_instance_list key extra_slave_instance_list :extra_slave_instance_list
key master_key_download_url :master_key_download_url key master_key_download_url :master_key_download_url
key slave_kedifa_information :slave_kedifa_information
key autocert caddy-directory:autocert key autocert caddy-directory:autocert
key master_certificate caddy-configuration:master-certificate key master_certificate caddy-configuration:master-certificate
key caddy_log_directory caddy-directory:slave-log key caddy_log_directory caddy-directory:slave-log
key caddy_log_cache_direct_directory caddy-directory:slave-log-cache-direct key caddy_log_cache_direct_directory caddy-directory:slave-log-cache-direct
key expose_csr_id_organization :organization
key expose_csr_id_organizational_unit :organizational-unit
key local_ipv4 :local_ipv4 key local_ipv4 :local_ipv4
key local_ipv6 :local_ipv6 key local_ipv6 :local_ipv6
key global_ipv6 slap-network-information:global-ipv6 key global_ipv6 slap-network-information:global-ipv6
...@@ -262,6 +259,7 @@ extra-context = ...@@ -262,6 +259,7 @@ extra-context =
key sixtunnel_executable :sixtunnel_executable key sixtunnel_executable :sixtunnel_executable
key not_found_file caddy-configuration:not-found-file key not_found_file caddy-configuration:not-found-file
key custom_ssl_directory caddy-directory:custom-ssl-directory key custom_ssl_directory caddy-directory:custom-ssl-directory
section kedifa_configuration kedifa-configuration
# BBB: SlapOS Master non-zero knowledge BEGIN # BBB: SlapOS Master non-zero knowledge BEGIN
key apache_certificate apache-certificate:rendered key apache_certificate apache-certificate:rendered
# BBB: SlapOS Master non-zero knowledge END # BBB: SlapOS Master non-zero knowledge END
......
...@@ -19,8 +19,8 @@ ...@@ -19,8 +19,8 @@
{%- else %} {%- else %}
{%- do kedifa_updater_mapping.append(('notreadyyet', master_certificate, apache_certificate)) %} {%- do kedifa_updater_mapping.append(('notreadyyet', master_certificate, apache_certificate)) %}
{%- endif %} {%- endif %}
{%- if slave_kedifa_information %} {%- if kedifa_configuration['slave_kedifa_information'] %}
{%- set slave_kedifa_information = json_module.loads(slave_kedifa_information) %} {%- set slave_kedifa_information = json_module.loads(kedifa_configuration['slave_kedifa_information']) %}
{%- else %} {%- else %}
{%- set slave_kedifa_information = {} %} {%- set slave_kedifa_information = {} %}
{%- endif -%} {%- endif -%}
...@@ -380,13 +380,13 @@ csr_id-certificate = ${get-csr_id-certificate:certificate} ...@@ -380,13 +380,13 @@ csr_id-certificate = ${get-csr_id-certificate:certificate}
[kedifa-updater] [kedifa-updater]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = {{ kedifa_updater }} command-line = {{ kedifa_configuration['kedifa-updater'] }}
--server-ca-certificate {{ kedifa_caucase_ca_certificate }} --server-ca-certificate {{ kedifa_configuration['ca-certificate'] }}
--identity {{ kedifa_login_certificate }} --identity {{ kedifa_configuration['certificate'] }}
--master-certificate {{ master_certificate }} --master-certificate {{ master_certificate }}
--on-update "{{ frontend_graceful_reload }}" --on-update "{{ frontend_graceful_reload }}"
${kedifa-updater-mapping:file} ${kedifa-updater-mapping:file}
{{ kedifa_updater_state_file }} {{ kedifa_configuration['kedifa-updater-state-file'] }}
wrapper-path = {{ directory['service'] }}/kedifa-updater wrapper-path = {{ directory['service'] }}/kedifa-updater
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
...@@ -394,12 +394,12 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg ...@@ -394,12 +394,12 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
[kedifa-updater-run] [kedifa-updater-run]
recipe = plone.recipe.command recipe = plone.recipe.command
stop-on-error = True stop-on-error = True
command = {{ kedifa_updater }} --prepare-only ${kedifa-updater-mapping:file} --on-update "{{ frontend_graceful_reload }}" command = {{ kedifa_configuration['kedifa-updater'] }} --prepare-only ${kedifa-updater-mapping:file} --on-update "{{ frontend_graceful_reload }}"
update-command = ${:command} update-command = ${:command}
[kedifa-updater-mapping] [kedifa-updater-mapping]
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
file = {{ kedifa_updater_mapping_file }} file = {{ kedifa_configuration['kedifa-updater-mapping-file'] }}
template = inline: template = inline:
{%- for mapping in kedifa_updater_mapping %} {%- for mapping in kedifa_updater_mapping %}
{{ mapping[0] }} {{ mapping[1] }} {{ mapping[2] }} {{ mapping[0] }} {{ mapping[1] }} {{ mapping[2] }}
...@@ -449,11 +449,11 @@ stop-on-error = False ...@@ -449,11 +449,11 @@ stop-on-error = False
update-command = ${:command} update-command = ${:command}
command = command =
{{ bin_directory }}/caucase \ {{ bin_directory }}/caucase \
--ca-url {{ caucase_url }} \ --ca-url {{ kedifa_configuration['caucase-url'] }} \
--ca-crt {{ csr_cas_ca_certificate }} \ --ca-crt {{ kedifa_configuration['cas-ca-certificate'] }} \
--crl {{ csr_crl }} \ --crl {{ kedifa_configuration['crl'] }} \
--mode service \ --mode service \
--send-csr {{ csr_id_csr }} > ${:csr_work_path} && \ --send-csr {{ kedifa_configuration['csr'] }} > ${:csr_work_path} && \
cut -d ' ' -f 1 ${:csr_work_path} > ${:csr_id_path} cut -d ' ' -f 1 ${:csr_work_path} > ${:csr_id_path}
[certificate-csr_id] [certificate-csr_id]
...@@ -466,7 +466,7 @@ update-command = ${:command} ...@@ -466,7 +466,7 @@ update-command = ${:command}
command = command =
if ! [ -f ${:key} ] && ! [ -f ${:certificate} ] ; then if ! [ -f ${:key} ] && ! [ -f ${:certificate} ] ; then
openssl req -new -newkey rsa:2048 -sha256 -subj \ openssl req -new -newkey rsa:2048 -sha256 -subj \
"/O={{ certificate_organization }}/OU={{ certificate_organizational_unit }}/CN=${slap-network-information:global-ipv6}" \ "/O={{ expose_csr_id_organization }}/OU={{ expose_csr_id_organizational_unit }}/CN=${slap-network-information:global-ipv6}" \
-days 5 -nodes -x509 -keyout ${:key} -out ${:certificate} -days 5 -nodes -x509 -keyout ${:key} -out ${:certificate}
fi fi
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment