add certificate-authority software release

41ecd028 · Alain Takoudjou · a47d14b8 · 41ecd028 · 41ecd028 · 41ecd028
Commit 41ecd028 authored May 02, 2017 by Alain Takoudjou
5 changed files
--- a/software/certificate-authority/instance.cfg.in
+++ b/software/certificate-authority/instance.cfg.in
+[buildout]
+parts =
+  publish-connection-parameter
+extends =
+  {{ certificate_authority_template }}
+
+
+eggs-directory = {{ eggs_directory }}
+develop-eggs-directory = {{ develop_eggs_directory }}
+offline = true
+
+[publish-connection-parameter]
+recipe = slapos.cookbook:publish.serialised
+http-url = ${certificate-authority-server:insecure-url}
+https-url = ${certificate-authority-server:url}
\ No newline at end of file
--- a/software/certificate-authority/software.cfg
+++ b/software/certificate-authority/software.cfg
+[buildout]
+extends =
+  ../../stack/certificate-authority/buildout.cfg
+  ../../stack/slapos.cfg
+
+parts = 
+  slapos-cookbook
+  extra-eggs
+  template
+
+[template]
+recipe = slapos.recipe.template:jinja2
+template = ${:_profile_base_location_}/instance.cfg.in
+rendered = ${buildout:directory}/template.cfg
+mode = 0644
+md5sum = c61a8f951e99002753c3a53d0a18b16d
+context =
+  key bin_directory buildout:bin-directory
+  key develop_eggs_directory buildout:develop-eggs-directory
+  key eggs_directory buildout:eggs-directory
+  key certificate_authority_template template-certificate-authority:rendered
--- a/stack/certificate-authority/buildout.cfg
+++ b/stack/certificate-authority/buildout.cfg
@@ -75,6 +75,15 @@ SQLAlchemy = 1.1.9
 caucase = 0.1.1
 futures = 3.1.1
 gunicorn = 19.7.1
+slapos.recipe.template = 2.10
+
+# Required by:
+# Flask-User==0.6.11
+passlib = 1.7.1
+
+# Required by:
+# caucase==0.1.1
+pyasn1 = 0.2.3

 # Required by:
 # Flask-User==0.6.11

--- a/stack/certificate-authority/buildout.hash.cfg
+++ b/stack/certificate-authority/buildout.hash.cfg
@@ -28,4 +28,4 @@ md5sum = a317d2f948cd3d16c860d05cc07ecf42

 [template-certificate-authority]
 filename = template-certificate-authority.cfg
-md5sum = e097dab69a38e428600b171ce2f6d68c
\ No newline at end of file
+md5sum = 5ed16bcece904dd4527210c7453c84ca
\ No newline at end of file
--- a/stack/certificate-authority/instance-certificate-authority.cfg.jinja2.in
+++ b/stack/certificate-authority/instance-certificate-authority.cfg.jinja2.in
@@ -8,8 +8,8 @@ parts =
  certificate-authority-server

 [certificate-authority-parameters]
-server-port = 8009
-server-https-port = 8010
+server-port = ${slap-configuration:configuration.ca-server-port}
+server-https-port = ${slap-configuration:configuration.ca-server-https-port}
 # Overrite this to set frontend or DNS URL (URL is used as CRL distribution point)
 # Please set http not HTTPS scheme
 crl-external-url = http://[${slap-configuration:ipv6-random}]:${:server-port}
@@ -80,11 +80,11 @@ command-line =
 recipe = plone.recipe.command
 command = 
  if [ -s "${:key}" ] && [ -s "${:cert}" ]; then
-    cat << EOF > ${:output}
-    [ca-nginx-ssl]
-    key=${:key}
-    cert=${:cert}
-    EOF
+  cat << EOF > ${:output}
+  [ca-nginx-ssl]
+  key=${:key}
+  cert=${:cert}
+  EOF
  fi
 key = ${directory:ssl}/ca-cert.key
 cert = ${directory:ssl}/ca-cert.crt
@@ -133,17 +133,17 @@ input = inline:
  # enable debug
  # debug
  # log-file ${directory:log}/ca-server.log
-  subject /C=XX/ST=State/L=City/OU=OUnit/O=Company/CN=SlapOS Certificate Authority/emailAddress=xx@example.com
-  max-request-amount 10
+  subject ${slap-configuration:configuration.ca-subject}
+  max-request-amount ${slap-configuration:configuration.max-request-amount}
  external-url ${certificate-authority-parameters:crl-external-url}
  # one year (in seconds)
-  crt-life-time 31536000
+  crt-life-time ${slap-configuration:configuration.crt-life-time}
  # crl-life-period correspond to about one week
-  crl-life-period 0.02
+  crl-life-period ${slap-configuration:configuration.crl-life-period}
  # ca-life-time = ca-life-period * crt-life-time
-  ca-life-period 10
+  ca-life-period ${slap-configuration:configuration.ca-life-period}
  # time before clean certificate on CA: 60*24*60*60
-  crt-keep-time 5184000
+  crt-keep-time ${slap-configuration:configuration.crt-keep-time}

 output = ${directory:etc}/ca.conf
 mode = 700
@@ -239,3 +239,17 @@ partition = ${slap-connection:partition-id}
 url = ${slap-connection:server-url}
 key = ${slap-connection:key-file}
 cert = ${slap-connection:cert-file}
+
+configuration.ca-server-port = 8009
+configuration.ca-server-https-port = 8010
+# /CN=XXX is required
+configuration.ca-subject = /C=Country/ST=State/L=City/OU=O-Unit/O=Company/CN=SlapOS Certificate Authority/emailAddress=xx@example.com
+configuration.max-request-amount = 10
+# one year (in seconds)
+configuration.crt-life-time = 31536000
+# crl-life-period correspond to about one week
+configuration.crl-life-period = 0.02
+# ca-life-period = ca-life-period * crt-life-time
+configuration.ca-life-period = 10
+# time before clean certificate on CA: 60*24*60*60
+configuration.crt-keep-time = 5184000
\ No newline at end of file