You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficcontrol.apache.org by de...@apache.org on 2018/05/24 20:34:45 UTC
[incubator-trafficcontrol] branch master updated: just check the
cdn.conf rather than overwriting it
This is an automated email from the ASF dual-hosted git repository.
dewrich pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-trafficcontrol.git
The following commit(s) were added to refs/heads/master by this push:
new d42dadc just check the cdn.conf rather than overwriting it
d42dadc is described below
commit d42dadc78a35d3eddf30d309951d08529460603b
Author: Dan Kirkwood <da...@gmail.com>
AuthorDate: Thu May 24 18:33:19 2018 +0000
just check the cdn.conf rather than overwriting it
---
traffic_ops/install/bin/generateCert | 86 ++++++++++++++----------------------
1 file changed, 33 insertions(+), 53 deletions(-)
diff --git a/traffic_ops/install/bin/generateCert b/traffic_ops/install/bin/generateCert
index 713288f..eafce34 100755
--- a/traffic_ops/install/bin/generateCert
+++ b/traffic_ops/install/bin/generateCert
@@ -21,9 +21,7 @@ use lib qw(/opt/traffic_ops/install/lib /opt/traffic_ops/app/local/lib/perl5 /op
use JSON;
use InstallUtils;
-use File::Temp;
use Data::Dumper;
-use File::Copy;
my $ca = "/etc/pki/tls/certs/localhost.ca";
my $csr = "/etc/pki/tls/certs/localhost.csr";
@@ -43,62 +41,40 @@ my $msg = << 'EOF';
EOF
-sub writeCdn_conf {
+# Check the cdn.conf for the cert and key file references -- abort if they don't match what's defined here
+# This normally wouldn't happen unless the user modified the cdn.conf to reference different file names, and in that
+# case, they're probably generating certs outside of this anyway: this check is just here for safety..
+sub checkCdnConf {
my $cdn_conf = shift;
+ my $conf;
+ # load cdn.conf
+ {
+ local $/; # slurp mode
+ open my $fh, '<', $cdn_conf or die "Cannot load $cdn_conf\n";
+ $conf = decode_json(scalar <$fh>);
+ }
+ my $listen = $conf->{hypnotoad}{listen}[0];
+ my $msg;
- # load as perl hash to find string to be replaced
- my $cdnh = do $cdn_conf;
-
- # get existing port, if any
- my $listen = $cdnh->{hypnotoad}{listen}[0];
- my ($port) = $listen =~ /:(\d+)/;
- if (!defined($port)) {
- $port = 60443;
+ if (!defined $listen) {
+ my $msg = <<"EOF";
+ The "listen" portion of $cdn_conf is missing from $cdn_conf.
+ Please ensure it contains the same structure as the one originally installed.
+EOF
}
- # listen param to be inserted
- my $listen_str = "https://[::]:${port}?cert=${cert}&key=${key}&ca=${ca}&verify=0x00&ciphers=AES128-GCM-SHA256:HIGH:!RC4:!MD5:!aNULL:!EDH:!ED";
- if ( exists $cdnh->{hypnotoad} ) {
- $cdnh->{hypnotoad}{listen} = [$listen_str];
- }
- else {
-
- # add the whole hypnotoad config without affecting anything else in the config
- $cdnh->{hypnotoad} = {
- listen => [$listen_str],
- user => 'trafops',
- group => 'trafops',
- pid_file => '/var/run/traffic_ops.pid',
- workers => 48,
- };
+ if ($listen !~ m@cert=$cert@ || $listen !~ m@key=$key@) {
+ $msg = << "EOF";
+ The "listen" portion of $cdn_conf is:
+ $listen
+ and does not reference the same "cert=" and "key=" values as are created here.
+ Please modify $cdn_conf to add the following as parameters:
+ ?cert=$cert&key=$key
+EOF
}
- # dump conf data in compact but readable form
- my $dumper = Data::Dumper->new( [$cdnh] );
- $dumper->Indent(1)->Terse(1)->Quotekeys(0);
-
- # write whole config to temp file in pwd (keeps in same filesystem)
- my $tmpfile = File::Temp->new(DIR => '.');
- print $tmpfile $dumper->Dump();
- close $tmpfile;
-
- # make backup of current file
- my $backup_num = 0;
- my $backup_name;
- do {
- $backup_num++;
- $backup_name = "$cdn_conf.backup$backup_num";
- } while ( -e $backup_name );
- rename( $cdn_conf, $backup_name ) or die("rename(): $!");
-
- # rename temp file to cdn.conf and set ownership/permissions same as backup
- my @stats = stat($backup_name);
- my ( $uid, $gid, $perm ) = @stats[ 4, 5, 2 ];
- move( "$tmpfile", $cdn_conf ) or die("move(): $!");
-
- chown $uid, $gid, $cdn_conf;
- chmod $perm, $cdn_conf;
+ return $msg;
}
InstallUtils::execCommand( "/usr/bin/tput", "clear" );
@@ -195,8 +171,6 @@ if ( $result != 0 ) {
$result = InstallUtils::execCommand( "/bin/chmod", "664", "$csr" );
$result = InstallUtils::execCommand( "/bin/chown", "trafops:trafops", "$csr" );
-writeCdn_conf($cdn_conf);
-
my $msg = << 'EOF';
The self signed certificate has now been installed.
@@ -210,4 +184,10 @@ EOF
print $msg, "\n";
+my $error = checkCdnConf($cdn_conf);
+if ($error) {
+ print $error;
+ exit 1;
+}
+
exit 0;
--
To stop receiving notification emails like this one, please contact
dewrich@apache.org.