Commit 706801f2 authored by Julien Muchembled's avatar Julien Muchembled

NEO: hack to deploy SSL certs via instance parameters

parent 761583fd
......@@ -10,7 +10,7 @@ wrapper = ${directory:etc_run}/neoadmin
logfile = ${directory:log}/neoadmin.log
ip = ${publish:ip}
port = ${publish:port-admin}
ssl = {{ dumps(slapparameter_dict['ssl']) }}
ssl = {{ dumps(bool(slapparameter_dict['ssl'])) }}
cluster = {{ dumps(slapparameter_dict['cluster']) }}
masters = ${publish:masters}
......
......@@ -36,10 +36,19 @@
"type": "object"
},
"ssl": {
"description": "Enable SSL. All nodes look for 3 files in ~/etc: ca.crt, neo.crt, neo.key. Waiting that SlapOS provides a way to manage certificates, the user must deploy them manually.",
"description": "Enable SSL. All nodes look for 3 files in ~/etc: ca.crt, neo.crt, neo.key. Waiting that SlapOS provides a way to manage certificates, the user must deploy them manually, or use the temporary _ca/_cert/_key parameters.",
"default": true,
"type": "boolean"
},
"_ca": {
"type": "string"
},
"_cert": {
"type": "string"
},
"_key": {
"type": "string"
},
"node-list": {
"description": "List of dictionaries containing parameters for each node.",
"items": {
......
......@@ -10,7 +10,7 @@ wrapper = ${directory:etc_run}/neomaster
logfile = ${directory:log}/neomaster.log
ip = ${publish:ip}
port = ${publish:port-master}
ssl = {{ dumps(slapparameter_dict['ssl']) }}
ssl = {{ dumps(bool(slapparameter_dict['ssl'])) }}
cluster = {{ dumps(slapparameter_dict['cluster']) }}
partitions = {{ slapparameter_dict['partitions'] }}
replicas = {{ slapparameter_dict['replicas'] }}
......
......@@ -61,11 +61,26 @@ masters = {{ ' '.join(sorted(master_list)) }}
admins = {{ ' '.join(sorted(admin_list)) }}
{%- endif %}
{#- Hack to deploy SSL certs via instance parameters #}
{%- for name, pem in zip(('ca.crt', 'neo.crt', 'neo.key'),
slapparameter_dict['ssl']) %}
{%- if pem %}
[{{ section(name) }}]
recipe = slapos.recipe.template:jinja2
rendered = ${directory:etc}/{{name}}
template = inline:{{'{{'}}pem}}
context = key pem :pem
pem = {{dumps(pem)}}
{%- endif %}
{%- endfor %}
{#- endhack #}
[neo-storage]
recipe = slapos.cookbook:neoppod.storage
binary = {{ bin_directory }}/neostorage
ip = ${publish:ip}
ssl = {{ dumps(slapparameter_dict['ssl']) }}
ssl = {{ dumps(bool(slapparameter_dict['ssl'])) }}
cluster = {{ dumps(slapparameter_dict['cluster']) }}
masters = ${publish:masters}
database-adapter = MySQL
......
......@@ -42,7 +42,11 @@ config-cluster = {{ parameter_dict['cluster'] }}
{% set replicas = parameter_dict.get('replicas', 0) -%}
config-partitions = {{ dumps(parameter_dict.get('partitions', 12)) }}
config-replicas = {{ dumps(replicas) }}
config-ssl = {{ dumps(parameter_dict.get('ssl', 1)) }}
config-ssl = {{ dumps((
parameter_dict.get('_ca'),
parameter_dict.get('_cert'),
parameter_dict.get('_key'),
) if parameter_dict.get('ssl', 1) else ()) }}
config-upstream-cluster = {{ dumps(parameter_dict.get('upstream-cluster', '')) }}
config-upstream-masters = {{ dumps(parameter_dict.get('upstream-masters', '')) }}
software-type = {{ software_type }}
......
......@@ -74,19 +74,19 @@ context =
[root-common]
<= download-base-neo
md5sum = 88c34cfa913b89b2ed4c69168965cf84
md5sum = f3259726bd5d824c569dc7db6b7d26a0
[instance-neo-admin]
<= download-base-neo
md5sum = 7bbe0285e499f011dad68825a2264cad
md5sum = f030a25d320f2edf0186b69bfa521228
[instance-neo-master]
<= download-base-neo
md5sum = 0cf303254855c3e1a8e3819004bee70f
md5sum = 82f3f76f54ee9db355966a7ada61f56e
[instance-neo-storage-mysql]
<= download-base-neo
md5sum = 0b62b63540d1bd1a2802f44aff5d1a57
md5sum = 84b1150ce30ec827485f9c17debd6b44
[template-neo-my-cnf]
<= download-base-neo
......
......@@ -316,7 +316,7 @@ rendered = ${monitor-template-dummy:target}
[template-erp5]
<= download-base
filename = instance-erp5.cfg.in
md5sum = e8348f675195f25cf4212b72cb8a907b
md5sum = 78c2db733e72c4197a90e8be1ff15098
[template-zeo]
<= download-base
......@@ -326,7 +326,7 @@ md5sum = 9670cf63099e2c520017a23defff51a4
[template-zope]
<= download-base
filename = instance-zope.cfg.in
md5sum = bf997f8bd9cacea96a514589bd7578a9
md5sum = f11c877cf2fd9b03aa2687cec017a87b
link-binary =
${aspell:location}/bin/aspell
${dmtx-utils:location}/bin/dmtxwrite
......
......@@ -64,9 +64,10 @@ connection-url = smtp://127.0.0.2:0/
{% do neo.append(server_dict.get('cluster')) -%}
{% do server_dict.update(cluster='${publish-early:neo-cluster}') -%}
{{ root_common.request_neo(server_dict, 'zodb-neo', 'neo-') }}
{% if not server_dict.get('ssl', 1) -%}
{% do zodb_dict[name].setdefault('storage-dict', {}).update(ssl=0) -%}
{% endif -%}
{% set client_dict = zodb_dict[name].setdefault('storage-dict', {}) -%}
{% for k in 'ssl', '_ca', '_cert', '_key' -%}
{% do k in server_dict and client_dict.setdefault(k, server_dict[k]) -%}
{% endfor -%}
{% else -%}
{{ assert(server_type == 'zeo', server_type) -}}
{# BBB: for compatibility, keep 'zodb' as partition_reference for ZEO -#}
......
......@@ -175,6 +175,27 @@ context = section parameter_dict preload-userhosts-runzope-parameter
template = {{ parameter_dict['runzope-userhosts-preloaded-template'] }}
mode = 755
{# Hack to deploy SSL certs via instance parameters -#}
{% for zodb in zodb_dict.itervalues() -%}
{% set storage_dict = zodb.setdefault('storage-dict', {}) -%}
{% if zodb['type'] == 'neo' and storage_dict.get('ssl', 1) -%}
{% for k, v in (('_ca', 'ca.crt'),
('_cert', 'neo.crt'),
('_key', 'neo.key')) -%}
{% if k in storage_dict -%}
[{{ section('neo-ssl-' + k[1:]) }}]
recipe = slapos.recipe.template:jinja2
rendered = ${directory:etc}/{{v}}
template = inline:{{'{{'}}pem}}
context = key pem :pem
pem = {{dumps(storage_dict.pop(k))}}
{% endif -%}
{% endfor -%}
{% endif -%}
{% endfor -%}
{# endhack -#}
[zope-base]
recipe = slapos.cookbook:generic.zope.zeo.client
inituser = ${directory:instance}/inituser
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment