MYSQL : Request certificate during recipe

parent 4911ab8f
...@@ -25,10 +25,12 @@ ...@@ -25,10 +25,12 @@
# #
############################################################################## ##############################################################################
from slapos.recipe.librecipe import BaseSlapRecipe from slapos.recipe.librecipe import BaseSlapRecipe
import hashlib
import os import os
import pkg_resources import pkg_resources
import sys import sys
import zc.buildout import zc.buildout
import ConfigParser
class Recipe(BaseSlapRecipe): class Recipe(BaseSlapRecipe):
def getTemplateFilename(self, template_name): def getTemplateFilename(self, template_name):
...@@ -46,15 +48,17 @@ class Recipe(BaseSlapRecipe): ...@@ -46,15 +48,17 @@ class Recipe(BaseSlapRecipe):
mysql_conf = self.installMysqlServer(self.getLocalIPv4Address(), 45678) mysql_conf = self.installMysqlServer(self.getLocalIPv4Address(), 45678)
ca_conf = self.installCertificateAuthority() ca_conf = self.installCertificateAuthority()
key, certificate = self.requestCertificate('Login Based Access')
stunnel_conf = self.installStunnel(self.getGlobalIPv6Address(), 12345, stunnel_conf = self.installStunnel(self.getGlobalIPv6Address(), 12345,
mysql_conf['tcp_port'], mysql_conf['tcp_port'],
ca_conf['ca_certificate'], ca_conf['ca_crl'], certificate, ca_conf['ca_crl'],
ca_conf['certificate_authority_path']) ca_conf['certificate_authority_path'])
self.linkBinary() self.linkBinary()
self.setConnectionDict(dict( self.setConnectionDict(dict(
stunnel_ip = stunnel_conf['ip'], stunnel_ip = stunnel_conf['ip'],
stunnel_port = stunnel_conf['tcp_port'], stunnel_port = stunnel_conf['port'],
mysql_database = mysql_conf['mysql_database'], mysql_database = mysql_conf['mysql_database'],
mysql_user = mysql_conf['mysql_user'], mysql_user = mysql_conf['mysql_user'],
mysql_password = mysql_conf['mysql_password'], mysql_password = mysql_conf['mysql_password'],
...@@ -187,6 +191,18 @@ class Recipe(BaseSlapRecipe): ...@@ -187,6 +191,18 @@ class Recipe(BaseSlapRecipe):
certificate_authority_path=config['ca_dir'] certificate_authority_path=config['ca_dir']
) )
def requestCertificate(self, name):
hash = hashlib.sha512(name).hexdigest()
key = os.path.join(self.ca_private, hash + self.ca_key_ext)
certificate = os.path.join(self.ca_certs, hash + self.ca_crt_ext)
parser = ConfigParser.RawConfigParser()
parser.add_section('certificate')
parser.set('certificate', 'name', name)
parser.set('certificate', 'key_file', key)
parser.set('certificate', 'certificate_file', certificate)
parser.write(open(os.path.join(self.ca_request_dir, hash), 'w'))
return key, certificate
def installStunnel(self, ip, port, external_port, def installStunnel(self, ip, port, external_port,
ca_certificate, ca_crl, ca_path): ca_certificate, ca_crl, ca_path):
"""Installs stunnel""" """Installs stunnel"""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment