Commit bd4ad0f1 authored by Alain Takoudjou's avatar Alain Takoudjou

fix re6stnet log rotate, split certificate generation

parent ffbac7a4
...@@ -29,7 +29,7 @@ import subprocess ...@@ -29,7 +29,7 @@ import subprocess
from slapos.recipe.librecipe import GenericBaseRecipe from slapos.recipe.librecipe import GenericBaseRecipe
import socket import socket
import struct import struct
import os import os, stat
import string, random import string, random
import json import json
import traceback import traceback
...@@ -72,12 +72,18 @@ class Recipe(GenericBaseRecipe): ...@@ -72,12 +72,18 @@ class Recipe(GenericBaseRecipe):
key_file = self.options['key-file'].strip() key_file = self.options['key-file'].strip()
cert_file = self.options['cert-file'].strip() cert_file = self.options['cert-file'].strip()
dh_file = self.options['dh-file'].strip() dh_file = self.options['dh-file'].strip()
if not os.path.exists(key_file): if not os.path.exists(dh_file):
serial = self.getSerialFromIpv6(self.options['ipv6-prefix'].strip())
dh_command = [self.options['openssl-bin'], 'dhparam', '-out', dh_command = [self.options['openssl-bin'], 'dhparam', '-out',
'%s' % dh_file, self.options['key-size']] '%s' % dh_file, self.options['key-size']]
try:
subprocess.check_call(dh_command)
except Exception:
if os.path.exists(dh_file):
os.unlink(dh_file)
raise
if not os.path.exists(cert_file):
serial = self.getSerialFromIpv6(self.options['ipv6-prefix'].strip())
key_command = [self.options['openssl-bin'], 'genrsa', '-out', key_command = [self.options['openssl-bin'], 'genrsa', '-out',
'%s' % key_file, self.options['key-size']] '%s' % key_file, self.options['key-size']]
...@@ -86,9 +92,19 @@ class Recipe(GenericBaseRecipe): ...@@ -86,9 +92,19 @@ class Recipe(GenericBaseRecipe):
'-x509', '-batch', '-key', '%s' % key_file, '-set_serial', '-x509', '-batch', '-key', '%s' % key_file, '-set_serial',
'%s' % serial, '-days', '3650', '-out', '%s' % cert_file] '%s' % serial, '-days', '3650', '-out', '%s' % cert_file]
subprocess.check_call(dh_command) try:
subprocess.check_call(key_command) subprocess.check_call(key_command)
except Exception:
if os.path.exists(key_file):
os.unlink(key_file)
raise
try:
subprocess.check_call(cert_command) subprocess.check_call(cert_command)
except Exception:
if os.path.exists(cert_file):
os.unlink(cert_file)
raise
def generateSlaveTokenList(self, slave_instance_list, token_file): def generateSlaveTokenList(self, slave_instance_list, token_file):
to_remove_dict = {} to_remove_dict = {}
...@@ -150,9 +166,15 @@ class Recipe(GenericBaseRecipe): ...@@ -150,9 +166,15 @@ class Recipe(GenericBaseRecipe):
self.generateCertificate() self.generateCertificate()
wrapper = self.createWrapper(name=self.options['wrapper'], wrapper = self.createFile(self.options['wrapper'], self.substituteTemplate(
command=self.options['command'], self.getTemplateFilename('registry-run.in'), dict(
parameters=['@%s' % self.options['config-file']]) parameter='@%s' % self.options['config-file'],
pid_file=self.options['pid-file'],
command=self.options['command']
)
)
)
os.chmod(self.options['wrapper'], stat.S_IRWXU)
path_list.append(wrapper) path_list.append(wrapper)
......
#!/bin/sh
echo $$ > %(pid_file)s
exec %(command)s \
%(parameter)s
\ No newline at end of file
...@@ -123,6 +123,7 @@ context = section parameter_dict re6st-registry-conf-dict ...@@ -123,6 +123,7 @@ context = section parameter_dict re6st-registry-conf-dict
recipe = slapos.cookbook:re6stnet.registry recipe = slapos.cookbook:re6stnet.registry
command = {{ re6st_registry }} command = {{ re6st_registry }}
wrapper = ${directory:services}/re6st-registry wrapper = ${directory:services}/re6st-registry
pid-file = ${directory:run}/registry.pid
manager-wrapper = ${directory:bin}/re6stManageToken manager-wrapper = ${directory:bin}/re6stManageToken
check-service-wrapper = ${directory:bin}/re6stCheckService check-service-wrapper = ${directory:bin}/re6stCheckService
drop-service-wrapper = ${directory:bin}/re6stManageDeleteToken drop-service-wrapper = ${directory:bin}/re6stManageDeleteToken
...@@ -178,6 +179,7 @@ command = {{ python_bin }} ${re6st-registry:drop-service-wrapper} ...@@ -178,6 +179,7 @@ command = {{ python_bin }} ${re6st-registry:drop-service-wrapper}
< = logrotate-entry-base < = logrotate-entry-base
name = re6stnet name = re6stnet
log = ${re6st-registry-conf-dict:logfile} log = ${re6st-registry-conf-dict:logfile}
post = {{ parameter_dict['bin-directory'] }}/slapos-kill --pidfile ${re6st-registry:pid-file} -s USR1
[re6st-registry-promise] [re6st-registry-promise]
recipe = slapos.cookbook:check_port_listening recipe = slapos.cookbook:check_port_listening
......
...@@ -94,7 +94,7 @@ extra-context = ...@@ -94,7 +94,7 @@ extra-context =
[template-re6stnet] [template-re6stnet]
< = download-base < = download-base
filename = instance-re6stnet.cfg.in filename = instance-re6stnet.cfg.in
md5sum = ff1242b9ed8295181e4a4178d480dbcb md5sum = c83fceedba8a817d49f8cf56bfbc2b83
[template-logrotate-base] [template-logrotate-base]
< = template-jinja2-base < = template-jinja2-base
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment