From 3bb6e5b2d99a316a43d7381ff10b66c299fed094 Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@codethink.co.uk>
Date: Tue, 10 Nov 2015 16:09:00 +0000
Subject: trove.configure: Add support for installing SSL certificates

Change-Id: I892b1b0a99c7103fbe2a4ab49b273b76397b3feb
---
 extensions/trove.configure      | 24 ++++++++++++++++++++++++
 extensions/trove.configure.help |  8 ++++++++
 2 files changed, 32 insertions(+)

diff --git a/extensions/trove.configure b/extensions/trove.configure
index f823762c..c1cd8a65 100755
--- a/extensions/trove.configure
+++ b/extensions/trove.configure
@@ -107,12 +107,14 @@ ROOT="$1"
 TROVE_DATA="$ROOT/etc/trove"
 mkdir -p "$TROVE_DATA"
 
+# Install mandatory files
 install -m 0600 "$LORRY_SSH_KEY" "$TROVE_DATA/lorry.key"
 install -m 0644 "${LORRY_SSH_KEY}.pub" "$TROVE_DATA/lorry.key.pub"
 install -m 0644 "$TROVE_ADMIN_SSH_PUBKEY" "$TROVE_DATA/admin.key.pub"
 install -m 0644 "$WORKER_SSH_PUBKEY" "$TROVE_DATA/worker.key.pub"
 
 
+# Create base configuration file
 python <<'EOF' >"$TROVE_DATA/trove.conf"
 import os, sys, yaml
 
@@ -141,8 +143,30 @@ for key in optional_keys:
 yaml.dump(trove_configuration, sys.stdout, default_flow_style=False)
 EOF
 
+# Add backups configuration
 if [ -n "$TROVE_BACKUP_KEYS" ]; then
     mkdir -p "$TROVE_DATA/backup-keys"
     cp -- $TROVE_BACKUP_KEYS "$TROVE_DATA/backup-keys"
     echo "TROVE_BACKUP_KEYS: /etc/trove/backup-keys/*" >> "$TROVE_DATA/trove.conf"
 fi
+
+# Add SSL configuration
+if test "x$TROVE_SSL_PEMFILE" != "x"; then
+    if test -f "$TROVE_SSL_PEMFILE"; then
+        install -m 0600 "$TROVE_SSL_PEMFILE" "$TROVE_DATA/trove-ssl-pemfile.pem"
+        echo "TROVE_SSL_PEMFILE: /etc/trove/trove-ssl-pemfile.pem" >> "$TROVE_DATA/trove.conf"
+    else
+        echo "ERROR: $TROVE_SSL_PEMFILE (TROVE_SSL_PEMFILE) doesn't exist."
+        exit 1
+    fi
+fi
+
+if test "x$TROVE_SSL_CA_FILE" != "x"; then
+    if test -f "$TROVE_SSL_CA_FILE"; then
+        install -m 0644 "$TROVE_SSL_CA_FILE" "$TROVE_DATA/trove-ssl-ca-file.pem"
+        echo "TROVE_SSL_CA_FILE: /etc/trove/trove-ssl-ca-file.pem" >> "$TROVE_DATA/trove.conf"
+    else
+        echo "ERROR: $TROVE_SSL_CA_FILE (TROVE_SSL_CA_FILE) doesn't exist."
+        exit 1
+    fi
+fi
diff --git a/extensions/trove.configure.help b/extensions/trove.configure.help
index c96bdf74..2669f693 100644
--- a/extensions/trove.configure.help
+++ b/extensions/trove.configure.help
@@ -15,6 +15,8 @@ help: |
     * `LORRY_CONTROLLER_MINIONS` (optional, defaults to 4)
     * `TROVE_BACKUP_KEYS` - a space-separated list of paths to SSH keys.
       (optional)
+    * `TROVE_SSL_PEMFILE` (optional)
+    * `TROVE_SSL_CA_FILE` (optional)
 
     The variables are described in more detail below.
 
@@ -105,6 +107,12 @@ help: |
       If this is set, the Trove will have a backup user that can be accessed
       with rsync using the SSH keys provided.
 
+    * `TROVE_SSL_PEMFILE` -- SSL certificate to use in lighttpd SSL
+      configuration.
+
+    * `TROVE_SSL_CA_FILE` -- CA chain certificate to use in lighttpd SSL
+      configuration.
+
     Example
     -------
 
-- 
cgit v1.2.1