Configure certificate authority.

Rely on portal introspections functionality.

Configure certificate authority.
Rely on portal introspections functionality.
28c78ec2 · Łukasz Nowak · fe7a0738 · 28c78ec2 · 28c78ec2 · 28c78ec2
Commit 28c78ec2 authored Aug 29, 2011 by Łukasz Nowak
Showing with 62 additions and 9 deletions

slapos/recipe/erp5/__init__.py slapos/recipe/erp5/__init__.py +5 -3

slapos/recipe/erp5/erp5.py slapos/recipe/erp5/erp5.py +55 -4

slapos/recipe/vifib.py slapos/recipe/vifib.py +2 -2

No files found.
--- a/slapos/recipe/erp5/__init__.py
+++ b/slapos/recipe/erp5/__init__.py
@@ -107,7 +107,7 @@ class Recipe(BaseSlapRecipe):
    self.installERP5Site(user, password, zope_access, mysql_conf,
             conversion_server_conf, memcached_conf, kumo_conf,
-             self.site_id, default_bt5_list)
+             self.site_id, default_bt5_list, ca_conf)
    self.installTestRunner(ca_conf, mysql_conf, conversion_server_conf,
                           memcached_conf, kumo_conf)
@@ -649,7 +649,7 @@ class Recipe(BaseSlapRecipe):
  def installERP5Site(self, user, password, zope_access, mysql_conf,
                      conversion_server_conf=None, memcached_conf=None,
                      kumo_conf=None,
-                      erp5_site_id='erp5', default_bt5_list=[],
+                      erp5_site_id='erp5', default_bt5_list=[], ca_conf={},
                      supervisor_controlled=True):
    """
    Create  a script  to  automatically set  up  an erp5  site (controlled  by
@@ -684,7 +684,9 @@ class Recipe(BaseSlapRecipe):
                             conversion_server,
                             kumo_conf.get("kumo_address"),
                             bt5_list,
-                             bt5_repository_list])
+                             bt5_repository_list,
+                             ca_conf.get('certificate_authority_path'),
+                             self.options.get('openssl_binary')])
    self.path_list.extend(script)

--- a/slapos/recipe/erp5/erp5.py
+++ b/slapos/recipe/erp5/erp5.py
@@ -43,7 +43,8 @@ class ERP5Updater(object):
  def __init__(self, user, password, host,
      site_id, mysql_url, memcached_address,
      conversion_server_address, persistent_cache_address,
-      bt5_list, bt5_repository_list):
+      bt5_list, bt5_repository_list, certificate_authority_path,
+      openssl_binary):
    authentication_string = '%s:%s' % (user, password)
    base64string = base64.encodestring(authentication_string).strip()
@@ -62,6 +63,10 @@ class ERP5Updater(object):
    self.conversion_server_address = host
    self.conversion_server_port = int(port)
+    # Certificate Authority Tool configuration
+    self.certificate_authority_path = certificate_authority_path
+    self.openssl_binary = openssl_binary
  def log(self, level, message):
    date = time.strftime("%a, %d %b %Y %H:%M:%S +0000")
    print "%s - %s : %s" % (date, level, message)
@@ -225,6 +230,48 @@ class ERP5Updater(object):
    return is_updated
+  def updateCertificateAuthority(self):
+    """ Update the certificate authority only if is not configured yet """
+    if self.isCertificateAuthorityAvailable():
+      if self.isCertificateAuthorityConfigured():
+        return True
+      path = "/%s/portal_certificate_authority/" \
+             "manage_editCertificateAuthorityTool" % self.site_id
+      self.POST(path, {"certificate_authority_path": self.certificate_authority_path,
+                       "openssl_binary": self.openssl_binary})
+  def isCertificateAuthorityAvailable(self):
+    """ Check if certificate Authority is available. """
+    external_connection_dict = self.system_signature_dict[
+      'external_connection_dict']
+    if 'portal_certificate_authority/certificate_authority_path' in \
+      external_connection_dict:
+      return True
+    return False
+  def isCertificateAuthorityConfigured(self):
+    """ Check if certificate Authority is configured correctly. """
+    external_connection_dict = self.system_signature_dict[
+      'external_connection_dict']
+    if self.certificate_authority_path == external_connection_dict.get(
+          'portal_certificate_authority/certificate_authority_path') and \
+       self.openssl_binary == external_connection_dict.get(
+          'portal_certificate_authority/openssl_binary'):
+      return True
+    return False
+  def isCertificateAuthorityConfigured(self):
+    """ Check if certificate Authority is configured correctly. """
+    external_connection_dict = self.system_signature_dict[
+      'external_connection_dict']
+    if self.certificate_authority_path == external_connection_dict.get(
+          'portal_certificate_authority/certificate_authority_path') and \
+       self.openssl_binary == external_connection_dict.get(
+          'portal_certificate_authority/openssl_binary'):
+      return True
+    return False
  def updateMemcached(self):
    # Assert Memcached configuration
    self._assertAndUpdateDocument(
@@ -283,7 +330,7 @@ class ERP5Updater(object):
  def run(self):
    """ Keep running until kill"""
    while 1:
-      time.sleep(self.short_sleeping_time)
+      #time.sleep(self.short_sleeping_time)
      if not self.updateERP5Site():
        self.loadSystemSignatureDict()
        if self._hasFailureActivity():
@@ -299,7 +346,7 @@ class ERP5Updater(object):
        self.updateMemcached()
        if self.updateConversionServer():
          continue
+        self.updateCertificateAuthority()
        time.sleep(self.sleeping_time)
 def updateERP5(argument_list):
@@ -310,6 +357,8 @@ def updateERP5(argument_list):
  conversion_server_address = argument_list[4]
  persistent_cache_provider = argument_list[5]
  bt5_list = argument_list[6]
+  certificate_authority_path = argument_list[8]
+  openssl_binary = argument_list[9]
  bt5_repository_list = []
  if len(argument_list) > 7:
@@ -328,6 +377,8 @@ def updateERP5(argument_list):
    conversion_server_address=conversion_server_address,
    persistent_cache_address=persistent_cache_provider,
    bt5_list=bt5_list,
-    bt5_repository_list=bt5_repository_list)
+    bt5_repository_list=bt5_repository_list,
+    certificate_authority_path=certificate_authority_path,
+    openssl_binary=openssl_binary)
  erp5_upgrader.run()
--- a/slapos/recipe/vifib.py
+++ b/slapos/recipe/vifib.py
@@ -185,7 +185,7 @@ SSLCARevocationPath %(ca_crl)s"""
    # Connect direct to Zope to create the instance.
    self.installERP5Site(user, password, service_url_list[-1], mysql_conf,
             conversion_server_conf, memcached_conf, kumo_conf,
-             self.site_id, self.default_bt5_list)
+             self.site_id, self.default_bt5_list, ca_conf)
    self.setConnectionDict(dict(
      front_end_url=apache_frontend_login,
@@ -245,7 +245,7 @@ SSLCARevocationPath %(ca_crl)s"""
    self.linkBinary()
    self.installERP5Site(user, password, zope_access, mysql_conf,
             conversion_server_conf, memcached_conf, kumo_conf,
-             self.site_id, self.default_bt5_list)
+             self.site_id, self.default_bt5_list, ca_conf)
    self.setConnectionDict(dict(
      development_zope='http://%s:%s/' % (ip, zope_port),