Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Eric Zheng
slapos
Commits
41ecd028
Commit
41ecd028
authored
May 02, 2017
by
Alain Takoudjou
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
add certificate-authority software release
parent
a47d14b8
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
73 additions
and
14 deletions
+73
-14
software/certificate-authority/instance.cfg.in
software/certificate-authority/instance.cfg.in
+15
-0
software/certificate-authority/software.cfg
software/certificate-authority/software.cfg
+21
-0
stack/certificate-authority/buildout.cfg
stack/certificate-authority/buildout.cfg
+9
-0
stack/certificate-authority/buildout.hash.cfg
stack/certificate-authority/buildout.hash.cfg
+1
-1
stack/certificate-authority/instance-certificate-authority.cfg.jinja2.in
...te-authority/instance-certificate-authority.cfg.jinja2.in
+27
-13
No files found.
software/certificate-authority/instance.cfg.in
0 → 100644
View file @
41ecd028
[buildout]
parts =
publish-connection-parameter
extends =
{{ certificate_authority_template }}
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true
[publish-connection-parameter]
recipe = slapos.cookbook:publish.serialised
http-url = ${certificate-authority-server:insecure-url}
https-url = ${certificate-authority-server:url}
\ No newline at end of file
software/certificate-authority/software.cfg
0 → 100644
View file @
41ecd028
[buildout]
extends =
../../stack/certificate-authority/buildout.cfg
../../stack/slapos.cfg
parts =
slapos-cookbook
extra-eggs
template
[template]
recipe = slapos.recipe.template:jinja2
template = ${:_profile_base_location_}/instance.cfg.in
rendered = ${buildout:directory}/template.cfg
mode = 0644
md5sum = c61a8f951e99002753c3a53d0a18b16d
context =
key bin_directory buildout:bin-directory
key develop_eggs_directory buildout:develop-eggs-directory
key eggs_directory buildout:eggs-directory
key certificate_authority_template template-certificate-authority:rendered
stack/certificate-authority/buildout.cfg
View file @
41ecd028
...
...
@@ -75,6 +75,15 @@ SQLAlchemy = 1.1.9
caucase = 0.1.1
futures = 3.1.1
gunicorn = 19.7.1
slapos.recipe.template = 2.10
# Required by:
# Flask-User==0.6.11
passlib = 1.7.1
# Required by:
# caucase==0.1.1
pyasn1 = 0.2.3
# Required by:
# Flask-User==0.6.11
...
...
stack/certificate-authority/buildout.hash.cfg
View file @
41ecd028
...
...
@@ -28,4 +28,4 @@ md5sum = a317d2f948cd3d16c860d05cc07ecf42
[template-certificate-authority]
filename = template-certificate-authority.cfg
md5sum = e097dab69a38e428600b171ce2f6d68c
\ No newline at end of file
md5sum = 5ed16bcece904dd4527210c7453c84ca
\ No newline at end of file
stack/certificate-authority/instance-certificate-authority.cfg.jinja2.in
View file @
41ecd028
...
...
@@ -8,8 +8,8 @@ parts =
certificate-authority-server
[certificate-authority-parameters]
server-port =
8009
server-https-port =
8010
server-port =
${slap-configuration:configuration.ca-server-port}
server-https-port =
${slap-configuration:configuration.ca-server-https-port}
# Overrite this to set frontend or DNS URL (URL is used as CRL distribution point)
# Please set http not HTTPS scheme
crl-external-url = http://[${slap-configuration:ipv6-random}]:${:server-port}
...
...
@@ -80,11 +80,11 @@ command-line =
recipe = plone.recipe.command
command =
if [ -s "${:key}" ] && [ -s "${:cert}" ]; then
cat << EOF > ${:output}
[ca-nginx-ssl]
key=${:key}
cert=${:cert}
EOF
cat << EOF > ${:output}
[ca-nginx-ssl]
key=${:key}
cert=${:cert}
EOF
fi
key = ${directory:ssl}/ca-cert.key
cert = ${directory:ssl}/ca-cert.crt
...
...
@@ -133,17 +133,17 @@ input = inline:
# enable debug
# debug
# log-file ${directory:log}/ca-server.log
subject
/C=XX/ST=State/L=City/OU=OUnit/O=Company/CN=SlapOS Certificate Authority/emailAddress=xx@example.com
max-request-amount
10
subject
${slap-configuration:configuration.ca-subject}
max-request-amount
${slap-configuration:configuration.max-request-amount}
external-url ${certificate-authority-parameters:crl-external-url}
# one year (in seconds)
crt-life-time
31536000
crt-life-time
${slap-configuration:configuration.crt-life-time}
# crl-life-period correspond to about one week
crl-life-period
0.02
crl-life-period
${slap-configuration:configuration.crl-life-period}
# ca-life-time = ca-life-period * crt-life-time
ca-life-period
10
ca-life-period
${slap-configuration:configuration.ca-life-period}
# time before clean certificate on CA: 60*24*60*60
crt-keep-time
5184000
crt-keep-time
${slap-configuration:configuration.crt-keep-time}
output = ${directory:etc}/ca.conf
mode = 700
...
...
@@ -239,3 +239,17 @@ partition = ${slap-connection:partition-id}
url = ${slap-connection:server-url}
key = ${slap-connection:key-file}
cert = ${slap-connection:cert-file}
configuration.ca-server-port = 8009
configuration.ca-server-https-port = 8010
# /CN=XXX is required
configuration.ca-subject = /C=Country/ST=State/L=City/OU=O-Unit/O=Company/CN=SlapOS Certificate Authority/emailAddress=xx@example.com
configuration.max-request-amount = 10
# one year (in seconds)
configuration.crt-life-time = 31536000
# crl-life-period correspond to about one week
configuration.crl-life-period = 0.02
# ca-life-period = ca-life-period * crt-life-time
configuration.ca-life-period = 10
# time before clean certificate on CA: 60*24*60*60
configuration.crt-keep-time = 5184000
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment