summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPedro Alvarez <pedro.alvarez@codethink.co.uk>2015-11-10 16:09:00 +0000
committerBaserock Gerrit <gerrit@baserock.org>2015-11-19 12:07:32 +0000
commit3bb6e5b2d99a316a43d7381ff10b66c299fed094 (patch)
treea61ec2b03b828e13303beb4403080dc5f6142337
parentb870c40c2b9cd908ce9ddee8bf00fdeb9c623398 (diff)
downloaddefinitions-3bb6e5b2d99a316a43d7381ff10b66c299fed094.tar.gz
trove.configure: Add support for installing SSL certificates
Change-Id: I892b1b0a99c7103fbe2a4ab49b273b76397b3feb
-rwxr-xr-xextensions/trove.configure24
-rw-r--r--extensions/trove.configure.help8
2 files changed, 32 insertions, 0 deletions
diff --git a/extensions/trove.configure b/extensions/trove.configure
index f823762c..c1cd8a65 100755
--- a/extensions/trove.configure
+++ b/extensions/trove.configure
@@ -107,12 +107,14 @@ ROOT="$1"
TROVE_DATA="$ROOT/etc/trove"
mkdir -p "$TROVE_DATA"
+# Install mandatory files
install -m 0600 "$LORRY_SSH_KEY" "$TROVE_DATA/lorry.key"
install -m 0644 "${LORRY_SSH_KEY}.pub" "$TROVE_DATA/lorry.key.pub"
install -m 0644 "$TROVE_ADMIN_SSH_PUBKEY" "$TROVE_DATA/admin.key.pub"
install -m 0644 "$WORKER_SSH_PUBKEY" "$TROVE_DATA/worker.key.pub"
+# Create base configuration file
python <<'EOF' >"$TROVE_DATA/trove.conf"
import os, sys, yaml
@@ -141,8 +143,30 @@ for key in optional_keys:
yaml.dump(trove_configuration, sys.stdout, default_flow_style=False)
EOF
+# Add backups configuration
if [ -n "$TROVE_BACKUP_KEYS" ]; then
mkdir -p "$TROVE_DATA/backup-keys"
cp -- $TROVE_BACKUP_KEYS "$TROVE_DATA/backup-keys"
echo "TROVE_BACKUP_KEYS: /etc/trove/backup-keys/*" >> "$TROVE_DATA/trove.conf"
fi
+
+# Add SSL configuration
+if test "x$TROVE_SSL_PEMFILE" != "x"; then
+ if test -f "$TROVE_SSL_PEMFILE"; then
+ install -m 0600 "$TROVE_SSL_PEMFILE" "$TROVE_DATA/trove-ssl-pemfile.pem"
+ echo "TROVE_SSL_PEMFILE: /etc/trove/trove-ssl-pemfile.pem" >> "$TROVE_DATA/trove.conf"
+ else
+ echo "ERROR: $TROVE_SSL_PEMFILE (TROVE_SSL_PEMFILE) doesn't exist."
+ exit 1
+ fi
+fi
+
+if test "x$TROVE_SSL_CA_FILE" != "x"; then
+ if test -f "$TROVE_SSL_CA_FILE"; then
+ install -m 0644 "$TROVE_SSL_CA_FILE" "$TROVE_DATA/trove-ssl-ca-file.pem"
+ echo "TROVE_SSL_CA_FILE: /etc/trove/trove-ssl-ca-file.pem" >> "$TROVE_DATA/trove.conf"
+ else
+ echo "ERROR: $TROVE_SSL_CA_FILE (TROVE_SSL_CA_FILE) doesn't exist."
+ exit 1
+ fi
+fi
diff --git a/extensions/trove.configure.help b/extensions/trove.configure.help
index c96bdf74..2669f693 100644
--- a/extensions/trove.configure.help
+++ b/extensions/trove.configure.help
@@ -15,6 +15,8 @@ help: |
* `LORRY_CONTROLLER_MINIONS` (optional, defaults to 4)
* `TROVE_BACKUP_KEYS` - a space-separated list of paths to SSH keys.
(optional)
+ * `TROVE_SSL_PEMFILE` (optional)
+ * `TROVE_SSL_CA_FILE` (optional)
The variables are described in more detail below.
@@ -105,6 +107,12 @@ help: |
If this is set, the Trove will have a backup user that can be accessed
with rsync using the SSH keys provided.
+ * `TROVE_SSL_PEMFILE` -- SSL certificate to use in lighttpd SSL
+ configuration.
+
+ * `TROVE_SSL_CA_FILE` -- CA chain certificate to use in lighttpd SSL
+ configuration.
+
Example
-------