re6st master: check certificate to revoke every thirty minutes

2140b3ce · Alain Takoudjou · ef936b2a · 2140b3ce · 2140b3ce · 2140b3ce
Commit 2140b3ce authored Apr 09, 2015 by Alain Takoudjou
4 changed files
--- a/software/re6stnet/instance-re6stnet.cfg.in
+++ b/software/re6stnet/instance-re6stnet.cfg.in
 {% set python_bin = parameter_dict['python-executable'] -%}
 {% set re6st_registry = parameter_dict['re6st-registry'] -%}
+{% set re6stnet = parameter_dict['re6stnet'] -%}
 {% set publish_dict = {} -%}
 {% set part_list = [] -%}
 {% set ipv6 = (ipv6_set | list)[0] -%}
@@ -119,17 +120,12 @@ context = section parameter_dict re6st-registry-conf-dict
 [re6st-registry]
 recipe = slapos.cookbook:re6stnet.registry
-port = ${re6st-registry-conf-dict:port}
-ipv4 = ${re6st-registry-conf-dict:ipv4}
 command = {{ re6st_registry }}
-config-file = ${re6st-registry-conf:rendered}
-db-path = ${re6st-registry-conf-dict:db}
 wrapper = ${directory:services}/re6st-registry
 manager-wrapper = ${directory:bin}/re6stManageToken
 check-service-wrapper = ${directory:bin}/re6stCheckService
 drop-service-wrapper = ${directory:bin}/re6stManageDeleteToken
-key-file = ${re6st-registry-conf-dict:key}
+revoke-service-wrapper = ${directory:bin}/re6stRevokeCertificate
-cert-file = ${re6st-registry-conf-dict:ca}
 openssl-bin = {{ openssl_bin }}/openssl
 python-bin = {{ python_bin }}
 ipv6-prefix = {{ slapparameter_dict.get('ipv6-prefix', '2001:db8:24::/48') }}
@@ -137,6 +133,14 @@ key-size = {{ slapparameter_dict.get('key-size', 2048) }}
 conf-dir = ${re6stnet-dirs:conf}
 token-dir = ${re6stnet-dirs:token}
+#Re6st config
+config-file = ${re6st-registry-conf:rendered}
+port = ${re6st-registry-conf-dict:port}
+ipv4 = ${re6st-registry-conf-dict:ipv4}
+db-path = ${re6st-registry-conf-dict:db}
+key-file = ${re6st-registry-conf-dict:key}
+cert-file = ${re6st-registry-conf-dict:ca}
 slave-instance-list = ${slap-parameter:slave_instance_list}
 environment = 
@@ -154,6 +158,13 @@ name = re6stnet-check-token
 frequency = 0 */1 * * *
 command = {{ python_bin }} ${re6st-registry:check-service-wrapper}
+[cron-entry-re6st-revoke]
+recipe = slapos.cookbook:cron.d
+cron-entries = ${cron:cron-entries}
+name = re6stnet-revoke-cert
+frequency = */30 * * * *
+command = {{ python_bin }} ${re6st-registry:revoke-service-wrapper}
 [cron-entry-re6st-drop]
 recipe = slapos.cookbook:cron.d
 cron-entries = ${cron:cron-entries}
@@ -197,6 +208,7 @@ parts =
  cron-entry-logrotate
  cron-entry-re6st-check
  cron-entry-re6st-drop
+  cron-entry-re6st-revoke
  apache-httpd
  publish

--- a/software/re6stnet/instance.cfg.in
+++ b/software/re6stnet/instance.cfg.in
@@ -30,7 +30,8 @@ context =
 [dynamic-template-re6stnet-parameters]
 bin-directory = {{ bin_directory }}
 python-executable  = {{ python_with_eggs }}
-re6st-registry = {{ re6stnet_registry }}
+re6st-registry = {{ bin_directory }}/re6st-registry
+re6stnet = {{ bin_directory }}/re6stnet
 template-apache-conf = {{ template_apache_conf }}
 apache-location = {{ apache_location }}
 template-re6st-registry-conf = {{ template_re6st_registry_conf }}

--- a/software/re6stnet/re6st-registry.conf.in
+++ b/software/re6stnet/re6st-registry.conf.in
 port  {{ parameter_dict['port'] }}
 4  {{ parameter_dict['ipv4'] }}
-6  {{ parameter_dict['ipv6'] }}
+# 6  {{ parameter_dict['ipv6'] }}
 db  {{ parameter_dict['db'] }}
 ca  {{ parameter_dict['ca'] }}
 key  {{ parameter_dict['key'] }}

--- a/software/re6stnet/software.cfg
+++ b/software/re6stnet/software.cfg
@@ -78,7 +78,7 @@ context =
 < = template-jinja2-base
 filename = template.cfg
 template = ${:_profile_base_location_}/instance.cfg.in
-md5sum = 0929cf851c4883bcb5c69fc2f918eaeb
+md5sum = ded1faad7f289ffe9ac7aeee3d98413e
 extra-context =
    key apache_location apache:location
    key dash_location dash:location
@@ -89,12 +89,11 @@ extra-context =
    key template_re6st_registry_conf template-re6st-registry-conf:target
    key template_logrotate_base template-logrotate-base:rendered
    raw python_with_eggs ${buildout:directory}/bin/${extra-eggs:interpreter}
-    raw re6stnet_registry ${buildout:directory}/bin/re6st-registry
 [template-re6stnet]
 < = download-base
 filename = instance-re6stnet.cfg.in
-md5sum = e088fb05ea6e1ceff8a5ac00fd28bd75
+md5sum = e0f4857750bfd55f154c448ad56edaec
 [template-logrotate-base]
 < = template-jinja2-base
@@ -113,7 +112,7 @@ md5sum = c220229ee37866c8cc404d602edd389d
 [template-re6st-registry-conf]
 < = download-base
 filename = re6st-registry.conf.in
-md5sum = ae910e8e154be6575bb19f6eae686a87
+md5sum = 19a5827512cfecc25992fc152c995551
 [check-recipe]
 recipe = plone.recipe.command