Skip to content

slapos
slapos
Commit dac2c055 authored by Alain Takoudjou's avatar Alain Takoudjou
Browse files
Options

re6st registry: generate dh parameters file

parent 2140b3ce
Hide whitespace changes
Inline Side-by-side
Showing with 36 additions and 25 deletions
slapos/recipe/re6stnet/__init__.py
View file @ dac2c055
...@@ -71,9 +71,13 @@ class Recipe(GenericBaseRecipe): ...@@ -71,9 +71,13 @@ class Recipe(GenericBaseRecipe):
def generateCertificate(self): def generateCertificate(self):
key_file = self.options['key-file'].strip() key_file = self.options['key-file'].strip()
cert_file = self.options['cert-file'].strip() cert_file = self.options['cert-file'].strip()
dh_file = self.options['dh-file'].strip()
if not os.path.exists(key_file): if not os.path.exists(key_file):
serial = self.getSerialFromIpv6(self.options['ipv6-prefix'].strip()) serial = self.getSerialFromIpv6(self.options['ipv6-prefix'].strip())
dh_command = [self.options['openssl-bin'], 'dhparam', '-out',
'%s' % dh_file, self.options['key-size']]
key_command = [self.options['openssl-bin'], 'genrsa', '-out', key_command = [self.options['openssl-bin'], 'genrsa', '-out',
'%s' % key_file, self.options['key-size']] '%s' % key_file, self.options['key-size']]
...@@ -82,6 +86,7 @@ class Recipe(GenericBaseRecipe): ...@@ -82,6 +86,7 @@ class Recipe(GenericBaseRecipe):
'-x509', '-batch', '-key', '%s' % key_file, '-set_serial', '-x509', '-batch', '-key', '%s' % key_file, '-set_serial',
'%s' % serial, '-days', '3650', '-out', '%s' % cert_file] '%s' % serial, '-days', '3650', '-out', '%s' % cert_file]
subprocess.check_call(dh_command)
subprocess.check_call(key_command) subprocess.check_call(key_command)
subprocess.check_call(cert_command) subprocess.check_call(cert_command)
......
slapos/test/recipe/test_re6stnet.py
View file @ dac2c055
...@@ -24,6 +24,7 @@ class Re6stnetTest(unittest.TestCase): ...@@ -24,6 +24,7 @@ class Re6stnetTest(unittest.TestCase):
'openssl-bin': '/usr/bin/openssl', 'openssl-bin': '/usr/bin/openssl',
'key-file': os.path.join(self.ssl_dir, 'cert.key'), 'key-file': os.path.join(self.ssl_dir, 'cert.key'),
'cert-file': os.path.join(self.ssl_dir, 'cert.crt'), 'cert-file': os.path.join(self.ssl_dir, 'cert.crt'),
'dh-file': os.path.join(self.ssl_dir, 'dh.pem'),
'key-size': '2048', 'key-size': '2048',
'conf-dir': self.conf_dir, 'conf-dir': self.conf_dir,
'token-dir': self.token_dir, 'token-dir': self.token_dir,
...@@ -71,7 +72,7 @@ class Re6stnetTest(unittest.TestCase): ...@@ -71,7 +72,7 @@ class Re6stnetTest(unittest.TestCase):
options = self.options options = self.options
return re6stnet.Recipe(buildout=buildout, name='re6stnet', options=options) return re6stnet.Recipe(buildout=buildout, name='re6stnet', options=options)
def checkWrapper(self, path): def checkWrapper(self, path):
self.assertTrue(os.path.exists(path)) self.assertTrue(os.path.exists(path))
content = "" content = ""
...@@ -98,6 +99,9 @@ class Re6stnetTest(unittest.TestCase): ...@@ -98,6 +99,9 @@ class Re6stnetTest(unittest.TestCase):
content = f.read() content = f.read()
self.assertIn("@%s" % config_file, content) self.assertIn("@%s" % config_file, content)
def fake_generateCertificates(self):
return
def test_generateCertificates(self): def test_generateCertificates(self):
self.options['ipv6-prefix'] = '2001:db8:24::/48' self.options['ipv6-prefix'] = '2001:db8:24::/48'
...@@ -107,31 +111,35 @@ class Re6stnetTest(unittest.TestCase): ...@@ -107,31 +111,35 @@ class Re6stnetTest(unittest.TestCase):
recipe.generateCertificate() recipe.generateCertificate()
self.assertTrue(os.path.exists(self.options['key-file'])) self.assertItemsEqual(os.listdir(self.ssl_dir),
self.assertTrue(os.path.exists(self.options['cert-file'])) ['cert.key', 'cert.crt', 'dh.pem'])
last_time = time.ctime(os.stat(self.options['key-file'])[7]) last_time = time.ctime(os.stat(self.options['key-file'])[7])
recipe.generateCertificate() recipe.generateCertificate()
self.assertTrue(os.path.exists(self.options['key-file'])) self.assertTrue(os.path.exists(self.options['key-file']))
this_time = time.ctime(os.stat(self.options['key-file'])[7]) this_time = time.ctime(os.stat(self.options['key-file'])[7])
self.assertEqual(last_time, this_time) self.assertEqual(last_time, this_time)
def test_generateCertificates_other_ipv6(self): def test_getSerialFromIpv6(self):
self.options['ipv6-prefix'] = 'be28:db8:fe6a:d85:4fe:54a:ae:aea/64' ipv6 = 'be28:db8:fe6a:d85:4fe:54a:ae:aea/64'
recipe = self.new_recipe() recipe = self.new_recipe()
serial = recipe.getSerialFromIpv6(ipv6)
recipe.generateCertificate()
self.assertEqual(serial, '0x1be280db8fe6a0d8504fe054a00ae0aea')
self.assertTrue(os.path.exists(self.options['key-file']))
self.assertTrue(os.path.exists(self.options['cert-file'])) ipv6 = '2001:db8:24::/48'
serial = recipe.getSerialFromIpv6(ipv6)
self.assertEqual(serial, '0x120010db80024')
def test_install(self): def test_install(self):
recipe = self.new_recipe() recipe = self.new_recipe()
recipe.generateCertificate = self.fake_generateCertificates
recipe.options.update({ recipe.options.update({
'ipv6-prefix': '2001:db8:24::/48', 'ipv6-prefix': '2001:db8:24::/48',
...@@ -148,9 +156,6 @@ class Re6stnetTest(unittest.TestCase): ...@@ -148,9 +156,6 @@ class Re6stnetTest(unittest.TestCase):
# Recipe will raise not found error when trying to publish slave informations # Recipe will raise not found error when trying to publish slave informations
pass pass
self.assertItemsEqual(os.listdir(self.ssl_dir),
['cert.key', 'cert.crt'])
token_file = os.path.join(self.options['conf-dir'], 'token.json') token_file = os.path.join(self.options['conf-dir'], 'token.json')
self.assertTrue(os.path.exists(token_file)) self.assertTrue(os.path.exists(token_file))
...@@ -200,23 +205,21 @@ class Re6stnetTest(unittest.TestCase): ...@@ -200,23 +205,21 @@ class Re6stnetTest(unittest.TestCase):
def test_install_empty_slave(self): def test_install_empty_slave(self):
recipe = self.new_recipe() recipe = self.new_recipe()
recipe.generateCertificate = self.fake_generateCertificates
recipe.options.update({ recipe.options.update({
'ipv6-prefix': '2001:db8:24::/48' 'ipv6-prefix': '2001:db8:24::/48'
}) })
recipe.install() recipe.install()
self.assertItemsEqual(os.listdir(self.ssl_dir),
['cert.key', 'cert.crt'])
token_file = os.path.join(self.options['conf-dir'], 'token.json') token_file = os.path.join(self.options['conf-dir'], 'token.json')
self.assertTrue(os.path.exists(token_file)) self.assertTrue(os.path.exists(token_file))
token_content = recipe.readFile(token_file) token_content = recipe.readFile(token_file)
self.assertEqual(token_content, '{}') self.assertEqual(token_content, '{}')
self.assertItemsEqual(os.listdir(self.options['token-dir']), []) self.assertItemsEqual(os.listdir(self.options['token-dir']), [])
self.checkWrapper(os.path.join(self.base_dir, 'manager_wrapper')) self.checkWrapper(os.path.join(self.base_dir, 'manager_wrapper'))
self.checkWrapper(os.path.join(self.base_dir, 'drop_wrapper')) self.checkWrapper(os.path.join(self.base_dir, 'drop_wrapper'))
self.checkWrapper(os.path.join(self.base_dir, 'check_wrapper')) self.checkWrapper(os.path.join(self.base_dir, 'check_wrapper'))
......
software/re6stnet/instance-re6stnet.cfg.in
View file @ dac2c055
...@@ -106,6 +106,7 @@ ipv6 = {{ ipv6 }} ...@@ -106,6 +106,7 @@ ipv6 = {{ ipv6 }}
db = ${re6stnet-dirs:registry}/registry.db db = ${re6stnet-dirs:registry}/registry.db
ca = ${re6stnet-dirs:ssl}/re6stnet.crt ca = ${re6stnet-dirs:ssl}/re6stnet.crt
key = ${re6stnet-dirs:ssl}/re6stnet.key key = ${re6stnet-dirs:ssl}/re6stnet.key
dh = ${re6stnet-dirs:ssl}/dh.pem
mailhost = 127.0.0.1 mailhost = 127.0.0.1
prefix-length = 16 prefix-length = 16
anonymous-prefix-length = 32 anonymous-prefix-length = 32
...@@ -140,6 +141,7 @@ ipv4 = ${re6st-registry-conf-dict:ipv4} ...@@ -140,6 +141,7 @@ ipv4 = ${re6st-registry-conf-dict:ipv4}
db-path = ${re6st-registry-conf-dict:db} db-path = ${re6st-registry-conf-dict:db}
key-file = ${re6st-registry-conf-dict:key} key-file = ${re6st-registry-conf-dict:key}
cert-file = ${re6st-registry-conf-dict:ca} cert-file = ${re6st-registry-conf-dict:ca}
dh-file = ${re6st-registry-conf-dict:dh}
slave-instance-list = ${slap-parameter:slave_instance_list} slave-instance-list = ${slap-parameter:slave_instance_list}
......
software/re6stnet/re6st-registry.conf.in
View file @ dac2c055
...@@ -4,6 +4,7 @@ port {{ parameter_dict['port'] }} ...@@ -4,6 +4,7 @@ port {{ parameter_dict['port'] }}
db {{ parameter_dict['db'] }} db {{ parameter_dict['db'] }}
ca {{ parameter_dict['ca'] }} ca {{ parameter_dict['ca'] }}
key {{ parameter_dict['key'] }} key {{ parameter_dict['key'] }}
dh {{ parameter_dict['dh'] }}
mailhost {{ parameter_dict['mailhost'] }} mailhost {{ parameter_dict['mailhost'] }}
prefix-length {{ parameter_dict['prefix-length'] }} prefix-length {{ parameter_dict['prefix-length'] }}
anonymous-prefix-length {{ parameter_dict['anonymous-prefix-length'] }} anonymous-prefix-length {{ parameter_dict['anonymous-prefix-length'] }}
......
software/re6stnet/software.cfg
View file @ dac2c055
...@@ -93,7 +93,7 @@ extra-context = ...@@ -93,7 +93,7 @@ extra-context =
[template-re6stnet] [template-re6stnet]
< = download-base < = download-base
filename = instance-re6stnet.cfg.in filename = instance-re6stnet.cfg.in
md5sum = e0f4857750bfd55f154c448ad56edaec md5sum = 2449dd8f7438072ac8a9a3b3c67f7179
[template-logrotate-base] [template-logrotate-base]
< = template-jinja2-base < = template-jinja2-base
...@@ -112,7 +112,7 @@ md5sum = c220229ee37866c8cc404d602edd389d ...@@ -112,7 +112,7 @@ md5sum = c220229ee37866c8cc404d602edd389d
[template-re6st-registry-conf] [template-re6st-registry-conf]
< = download-base < = download-base
filename = re6st-registry.conf.in filename = re6st-registry.conf.in
md5sum = 19a5827512cfecc25992fc152c995551 md5sum = 7760a213896755e707993d67d8d980bb
[check-recipe] [check-recipe]
recipe = plone.recipe.command recipe = plone.recipe.command
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7