[Python-apps-commits] r6987 - in packages/slapos.tool.grid/trunk/debian (6 files)

arnau at users.alioth.debian.org arnau at users.alioth.debian.org
Wed Apr 27 08:42:50 UTC 2011 

    Date: Wednesday, April 27, 2011 @ 08:42:42
  Author: arnau
Revision: 6987

Manage HTTPS configuration as well

Modified:
  packages/slapos.tool.grid/trunk/debian/config
  packages/slapos.tool.grid/trunk/debian/dirs
  packages/slapos.tool.grid/trunk/debian/po/templates.pot
  packages/slapos.tool.grid/trunk/debian/postinst
  packages/slapos.tool.grid/trunk/debian/postrm
  packages/slapos.tool.grid/trunk/debian/templates

Modified: packages/slapos.tool.grid/trunk/debian/config
===================================================================
--- packages/slapos.tool.grid/trunk/debian/config	2011-04-27 08:41:46 UTC (rev 6986)
+++ packages/slapos.tool.grid/trunk/debian/config	2011-04-27 08:42:42 UTC (rev 6987)
@@ -21,6 +21,10 @@
     db_input high slapgrid/master_url || true
 fi
 
+db_go || true
+db_get slapgrid/master_url
+( echo "$RET" | grep -q "^https://" ) && db_input high slapgrid/master_url_with_ssl_note || true
+
 if [ -n "$COMPUTER_ID" ]; then
     db_set slapgrid/computer_id "$COMPUTER_ID"
     db_input medium slapgrid/computer_id || true

Modified: packages/slapos.tool.grid/trunk/debian/dirs
===================================================================
--- packages/slapos.tool.grid/trunk/debian/dirs	2011-04-27 08:41:46 UTC (rev 6986)
+++ packages/slapos.tool.grid/trunk/debian/dirs	2011-04-27 08:42:42 UTC (rev 6987)
@@ -1,2 +1,4 @@
 etc/slapos/
+etc/slapos/ssl/
 var/log/slapos/
+var/cache/slapos/certificates/

Modified: packages/slapos.tool.grid/trunk/debian/po/templates.pot
===================================================================
--- packages/slapos.tool.grid/trunk/debian/po/templates.pot	2011-04-27 08:41:46 UTC (rev 6986)
+++ packages/slapos.tool.grid/trunk/debian/po/templates.pot	2011-04-27 08:42:42 UTC (rev 6987)
@@ -8,7 +8,7 @@
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: slapos.tool.grid at packages.debian.org\n"
-"POT-Creation-Date: 2011-04-26 20:44+0900\n"
+"POT-Creation-Date: 2011-04-27 17:15+0900\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL at ADDRESS>\n"
 "Language-Team: LANGUAGE <LL at li.org>\n"
@@ -20,11 +20,32 @@
 #. Type: string
 #. Description
 #: ../templates:1001
-msgid "The HTTP URL where the master node can be reached:"
+msgid "The HTTP or HTTPS URL where the master node can be reached:"
 msgstr ""
 
+#. Type: note
+#. Description
+#: ../templates:2001
+msgid "Note about HTTPS master URL"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../templates:2001
+msgid ""
+"As you entered an HTTPS URL for the master node, you *must* put the "
+"corresponding key and certificate respectively in /etc/slapos/ssl/slapgrid."
+"key and /etc/slapos/ssl/slapgrid.crt."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../templates:2001
+msgid "Also, make sure that the key is only readable by root user!"
+msgstr ""
+
 #. Type: string
 #. Description
-#: ../templates:2001
+#: ../templates:3001
 msgid "ID to uniquely identifies this computer on the master:"
 msgstr ""

Modified: packages/slapos.tool.grid/trunk/debian/postinst
===================================================================
--- packages/slapos.tool.grid/trunk/debian/postinst	2011-04-27 08:41:46 UTC (rev 6986)
+++ packages/slapos.tool.grid/trunk/debian/postinst	2011-04-27 08:42:42 UTC (rev 6987)
@@ -12,12 +12,11 @@
 
 db_get slapgrid/master_url
 MASTER_URL="$RET"
+WITH_HTTPS=$(echo "$MASTER_URL" | grep -q "^https://" && echo true || echo false)
 
 db_get slapgrid/computer_id
 COMPUTER_ID="$RET"
 
-cp -a -f $CONFIG_FILE $CONFIG_FILE.tmp
-
 # If the admin deleted or commented some variables but then set them
 # via debconf, (re-)add them to the conffile.
 test -z "$MASTER_URL" || grep -Eq '^\s*master_url\s*=' $CONFIG_FILE || \
@@ -25,10 +24,44 @@
 test -z "$COMPUTER_ID" || grep -Eq '^\s*computer_id\s*=' $CONFIG_FILE || \
     echo "computer_id =" >> $CONFIG_FILE
 
-sed -e "s#^\s*master_url\s*=.*#master_url = $MASTER_URL#" \
-    -e "s#^\s*computer_id\s*=.*#computer_id = $COMPUTER_ID#" \
-    < $CONFIG_FILE > $CONFIG_FILE.tmp
+sed -i "s#^\s*master_url\s*=.*#master_url = $MASTER_URL#;s#^\s*computer_id\s*=.*#computer_id = $COMPUTER_ID#" \
+    $CONFIG_FILE
 
-mv -f $CONFIG_FILE.tmp $CONFIG_FILE
+# And now handle HTTPS URLs
+HAS_KEY_FILE=$(grep -Eq '^\s*key_file\s*=' $CONFIG_FILE && \
+    echo true || echo false)
 
+HAS_CERT_FILE=$(grep -Eq '^\s*cert_file\s*=' $CONFIG_FILE && \
+    echo true || echo false)
+
+HAS_CERTIFICATE_REPOSITORY_PATH=$(grep -Eq '^\s*certificate_repository_path\s*=' $CONFIG_FILE && \
+    echo true || echo false)
+
+if $WITH_HTTPS; then
+    if ! $HAS_KEY_FILE; then
+	echo "key_file = /etc/slapos/ssl/slapgrid.key" >> $CONFIG_FILE
+    fi
+
+    if ! $HAS_CERT_FILE; then
+	echo "cert_file = /etc/slapos/ssl/slapgrid.crt" >> $CONFIG_FILE
+    fi
+
+    if ! $HAS_CERTIFICATE_REPOSITORY_PATH; then
+	echo "certificate_repository_path = /var/cache/slapos/certificates/" >> \
+	    $CONFIG_FILE
+    fi
+else
+    if $HAS_KEY_FILE; then
+	sed -i "/^[^#]*key_file/d" $CONFIG_FILE
+    fi
+
+    if $HAS_CERT_FILE; then
+	sed -i "/^[^#]*cert_file/d" $CONFIG_FILE
+    fi
+
+    if $HAS_CERTIFICATE_REPOSITORY_PATH; then
+	sed -i "/^[^#]*certificate_repository_path/d" $CONFIG_FILE
+    fi
+fi
+
 exit 0

Modified: packages/slapos.tool.grid/trunk/debian/postrm
===================================================================
--- packages/slapos.tool.grid/trunk/debian/postrm	2011-04-27 08:41:46 UTC (rev 6986)
+++ packages/slapos.tool.grid/trunk/debian/postrm	2011-04-27 08:42:42 UTC (rev 6987)
@@ -8,7 +8,13 @@
 	if [ -d "$CONFIG_DIR" ]; then
 	    rm -f "$CONFIG_DIR"/slapgrid.cfg
 	    [ $(ls "$CONFIG_DIR" | wc -l) -eq 0 ] && rmdir "$CONFIG_DIR"
+	    test -d /etc/slapos/ssl/ && rm -rf /etc/slapos/ssl/
 	fi
+
+	test -d /var/cache/slapos/certificates/ && \
+	    rm -rf /var/cache/slapos/certificates
+
+	test -d /var/log/slapos/ && rm -rf /var/log/slapos/
 	;;
 esac
 

Modified: packages/slapos.tool.grid/trunk/debian/templates
===================================================================
--- packages/slapos.tool.grid/trunk/debian/templates	2011-04-27 08:41:46 UTC (rev 6986)
+++ packages/slapos.tool.grid/trunk/debian/templates	2011-04-27 08:42:42 UTC (rev 6987)
@@ -1,7 +1,16 @@
 Template: slapgrid/master_url
 Type: string
-_Description: The HTTP URL where the master node can be reached:
+_Description: The HTTP or HTTPS URL where the master node can be reached:
 
+Template: slapgrid/master_url_with_ssl_note
+Type: note
+_Description: Note about HTTPS master URL
+ As you entered an HTTPS URL for the master node, you *must* put the
+ corresponding key and certificate respectively in
+ /etc/slapos/ssl/slapgrid.key and /etc/slapos/ssl/slapgrid.crt.
+ .
+ Also, make sure that the key is only readable by root user!
+
 Template: slapgrid/computer_id
 Type: string
 _Description: ID to uniquely identifies this computer on the master:

More information about the Python-apps-commits mailing list