Commit 28c78ec2 authored by Łukasz Nowak's avatar Łukasz Nowak

Configure certificate authority.

Rely on portal introspections functionality.
parent fe7a0738
...@@ -107,7 +107,7 @@ class Recipe(BaseSlapRecipe): ...@@ -107,7 +107,7 @@ class Recipe(BaseSlapRecipe):
self.installERP5Site(user, password, zope_access, mysql_conf, self.installERP5Site(user, password, zope_access, mysql_conf,
conversion_server_conf, memcached_conf, kumo_conf, conversion_server_conf, memcached_conf, kumo_conf,
self.site_id, default_bt5_list) self.site_id, default_bt5_list, ca_conf)
self.installTestRunner(ca_conf, mysql_conf, conversion_server_conf, self.installTestRunner(ca_conf, mysql_conf, conversion_server_conf,
memcached_conf, kumo_conf) memcached_conf, kumo_conf)
...@@ -649,7 +649,7 @@ class Recipe(BaseSlapRecipe): ...@@ -649,7 +649,7 @@ class Recipe(BaseSlapRecipe):
def installERP5Site(self, user, password, zope_access, mysql_conf, def installERP5Site(self, user, password, zope_access, mysql_conf,
conversion_server_conf=None, memcached_conf=None, conversion_server_conf=None, memcached_conf=None,
kumo_conf=None, kumo_conf=None,
erp5_site_id='erp5', default_bt5_list=[], erp5_site_id='erp5', default_bt5_list=[], ca_conf={},
supervisor_controlled=True): supervisor_controlled=True):
""" """
Create a script to automatically set up an erp5 site (controlled by Create a script to automatically set up an erp5 site (controlled by
...@@ -684,7 +684,9 @@ class Recipe(BaseSlapRecipe): ...@@ -684,7 +684,9 @@ class Recipe(BaseSlapRecipe):
conversion_server, conversion_server,
kumo_conf.get("kumo_address"), kumo_conf.get("kumo_address"),
bt5_list, bt5_list,
bt5_repository_list]) bt5_repository_list,
ca_conf.get('certificate_authority_path'),
self.options.get('openssl_binary')])
self.path_list.extend(script) self.path_list.extend(script)
......
...@@ -43,7 +43,8 @@ class ERP5Updater(object): ...@@ -43,7 +43,8 @@ class ERP5Updater(object):
def __init__(self, user, password, host, def __init__(self, user, password, host,
site_id, mysql_url, memcached_address, site_id, mysql_url, memcached_address,
conversion_server_address, persistent_cache_address, conversion_server_address, persistent_cache_address,
bt5_list, bt5_repository_list): bt5_list, bt5_repository_list, certificate_authority_path,
openssl_binary):
authentication_string = '%s:%s' % (user, password) authentication_string = '%s:%s' % (user, password)
base64string = base64.encodestring(authentication_string).strip() base64string = base64.encodestring(authentication_string).strip()
...@@ -62,6 +63,10 @@ class ERP5Updater(object): ...@@ -62,6 +63,10 @@ class ERP5Updater(object):
self.conversion_server_address = host self.conversion_server_address = host
self.conversion_server_port = int(port) self.conversion_server_port = int(port)
# Certificate Authority Tool configuration
self.certificate_authority_path = certificate_authority_path
self.openssl_binary = openssl_binary
def log(self, level, message): def log(self, level, message):
date = time.strftime("%a, %d %b %Y %H:%M:%S +0000") date = time.strftime("%a, %d %b %Y %H:%M:%S +0000")
print "%s - %s : %s" % (date, level, message) print "%s - %s : %s" % (date, level, message)
...@@ -225,6 +230,48 @@ class ERP5Updater(object): ...@@ -225,6 +230,48 @@ class ERP5Updater(object):
return is_updated return is_updated
def updateCertificateAuthority(self):
""" Update the certificate authority only if is not configured yet """
if self.isCertificateAuthorityAvailable():
if self.isCertificateAuthorityConfigured():
return True
path = "/%s/portal_certificate_authority/" \
"manage_editCertificateAuthorityTool" % self.site_id
self.POST(path, {"certificate_authority_path": self.certificate_authority_path,
"openssl_binary": self.openssl_binary})
def isCertificateAuthorityAvailable(self):
""" Check if certificate Authority is available. """
external_connection_dict = self.system_signature_dict[
'external_connection_dict']
if 'portal_certificate_authority/certificate_authority_path' in \
external_connection_dict:
return True
return False
def isCertificateAuthorityConfigured(self):
""" Check if certificate Authority is configured correctly. """
external_connection_dict = self.system_signature_dict[
'external_connection_dict']
if self.certificate_authority_path == external_connection_dict.get(
'portal_certificate_authority/certificate_authority_path') and \
self.openssl_binary == external_connection_dict.get(
'portal_certificate_authority/openssl_binary'):
return True
return False
def isCertificateAuthorityConfigured(self):
""" Check if certificate Authority is configured correctly. """
external_connection_dict = self.system_signature_dict[
'external_connection_dict']
if self.certificate_authority_path == external_connection_dict.get(
'portal_certificate_authority/certificate_authority_path') and \
self.openssl_binary == external_connection_dict.get(
'portal_certificate_authority/openssl_binary'):
return True
return False
def updateMemcached(self): def updateMemcached(self):
# Assert Memcached configuration # Assert Memcached configuration
self._assertAndUpdateDocument( self._assertAndUpdateDocument(
...@@ -283,7 +330,7 @@ class ERP5Updater(object): ...@@ -283,7 +330,7 @@ class ERP5Updater(object):
def run(self): def run(self):
""" Keep running until kill""" """ Keep running until kill"""
while 1: while 1:
time.sleep(self.short_sleeping_time) #time.sleep(self.short_sleeping_time)
if not self.updateERP5Site(): if not self.updateERP5Site():
self.loadSystemSignatureDict() self.loadSystemSignatureDict()
if self._hasFailureActivity(): if self._hasFailureActivity():
...@@ -299,7 +346,7 @@ class ERP5Updater(object): ...@@ -299,7 +346,7 @@ class ERP5Updater(object):
self.updateMemcached() self.updateMemcached()
if self.updateConversionServer(): if self.updateConversionServer():
continue continue
self.updateCertificateAuthority()
time.sleep(self.sleeping_time) time.sleep(self.sleeping_time)
def updateERP5(argument_list): def updateERP5(argument_list):
...@@ -310,6 +357,8 @@ def updateERP5(argument_list): ...@@ -310,6 +357,8 @@ def updateERP5(argument_list):
conversion_server_address = argument_list[4] conversion_server_address = argument_list[4]
persistent_cache_provider = argument_list[5] persistent_cache_provider = argument_list[5]
bt5_list = argument_list[6] bt5_list = argument_list[6]
certificate_authority_path = argument_list[8]
openssl_binary = argument_list[9]
bt5_repository_list = [] bt5_repository_list = []
if len(argument_list) > 7: if len(argument_list) > 7:
...@@ -328,6 +377,8 @@ def updateERP5(argument_list): ...@@ -328,6 +377,8 @@ def updateERP5(argument_list):
conversion_server_address=conversion_server_address, conversion_server_address=conversion_server_address,
persistent_cache_address=persistent_cache_provider, persistent_cache_address=persistent_cache_provider,
bt5_list=bt5_list, bt5_list=bt5_list,
bt5_repository_list=bt5_repository_list) bt5_repository_list=bt5_repository_list,
certificate_authority_path=certificate_authority_path,
openssl_binary=openssl_binary)
erp5_upgrader.run() erp5_upgrader.run()
...@@ -185,7 +185,7 @@ SSLCARevocationPath %(ca_crl)s""" ...@@ -185,7 +185,7 @@ SSLCARevocationPath %(ca_crl)s"""
# Connect direct to Zope to create the instance. # Connect direct to Zope to create the instance.
self.installERP5Site(user, password, service_url_list[-1], mysql_conf, self.installERP5Site(user, password, service_url_list[-1], mysql_conf,
conversion_server_conf, memcached_conf, kumo_conf, conversion_server_conf, memcached_conf, kumo_conf,
self.site_id, self.default_bt5_list) self.site_id, self.default_bt5_list, ca_conf)
self.setConnectionDict(dict( self.setConnectionDict(dict(
front_end_url=apache_frontend_login, front_end_url=apache_frontend_login,
...@@ -245,7 +245,7 @@ SSLCARevocationPath %(ca_crl)s""" ...@@ -245,7 +245,7 @@ SSLCARevocationPath %(ca_crl)s"""
self.linkBinary() self.linkBinary()
self.installERP5Site(user, password, zope_access, mysql_conf, self.installERP5Site(user, password, zope_access, mysql_conf,
conversion_server_conf, memcached_conf, kumo_conf, conversion_server_conf, memcached_conf, kumo_conf,
self.site_id, self.default_bt5_list) self.site_id, self.default_bt5_list, ca_conf)
self.setConnectionDict(dict( self.setConnectionDict(dict(
development_zope='http://%s:%s/' % (ip, zope_port), development_zope='http://%s:%s/' % (ip, zope_port),
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment