You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by lf...@apache.org on 2020/08/04 16:10:44 UTC
[incubator-dlab] branch DLAB-1594-2 updated (5f201e2 -> e612c47)
This is an automated email from the ASF dual-hosted git repository.
lfrolov pushed a change to branch DLAB-1594-2
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git.
from 5f201e2 [DLAB-1594]: removed unnecessary whitespace
new 2c3371a [DLAB-1594]: moved function to common_lib
new b39670c [DLAB-1594]: added letsencrypt certificates for edge
new e612c47 [DLAB-1594]: added variables to functions
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../src/general/lib/os/debian/common_lib.py | 61 ++++++++++++++++++++
.../src/general/lib/os/debian/edge_lib.py | 8 +++
.../src/general/lib/os/redhat/common_lib.py | 26 +++++++++
.../src/ssn/scripts/configure_ssn_node.py | 66 +---------------------
4 files changed, 98 insertions(+), 63 deletions(-)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org
[incubator-dlab] 02/03: [DLAB-1594]: added letsencrypt certificates
for edge
Posted by lf...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
lfrolov pushed a commit to branch DLAB-1594-2
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
commit b39670c64f8428db4e177b86bbcb3c8b10cbb2c4
Author: leonidfrolov <fr...@gmail.com>
AuthorDate: Tue Aug 4 19:09:41 2020 +0300
[DLAB-1594]: added letsencrypt certificates for edge
---
infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py b/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py
index 582d58e..0c62005 100644
--- a/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py
+++ b/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py
@@ -105,6 +105,14 @@ def install_nginx_lua(edge_ip, nginx_version, keycloak_auth_server_url, keycloak
use_sudo=True)
sudo('systemctl daemon-reload')
sudo('systemctl enable step-cert-manager.service')
+ elif os.environ['conf_letsencrypt_enabled'] == 'true':
+ print("Configuring letsencrypt certificates.")
+ install_certbot(os.environ['conf_os_family'])
+ if 'conf_letsencrypt_email' in os.environ:
+ run_certbot(os.environ['conf_letsencrypt_domain_name'], os.environ['"project_name"'], os.environ['conf_letsencrypt_email'])
+ else:
+ run_certbot(os.environ['conf_letsencrypt_domain_name'], os.environ['"project_name"'])
+ configure_nginx_LE(os.environ['conf_letsencrypt_domain_name'], os.environ['"project_name"'])
else:
sudo('openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/certs/dlab.key \
-out /etc/ssl/certs/dlab.crt -subj "/C=US/ST=US/L=US/O=dlab/CN={}"'.format(hostname))
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org
[incubator-dlab] 01/03: [DLAB-1594]: moved function to common_lib
Posted by lf...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
lfrolov pushed a commit to branch DLAB-1594-2
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
commit 2c3371a688bf3cd99223ea8f0d6f8701d09a5002
Author: leonidfrolov <fr...@gmail.com>
AuthorDate: Tue Aug 4 19:03:17 2020 +0300
[DLAB-1594]: moved function to common_lib
---
.../src/general/lib/os/debian/common_lib.py | 61 ++++++++++++++++++++++
.../src/general/lib/os/redhat/common_lib.py | 26 +++++++++
.../src/ssn/scripts/configure_ssn_node.py | 60 ---------------------
3 files changed, 87 insertions(+), 60 deletions(-)
diff --git a/infrastructure-provisioning/src/general/lib/os/debian/common_lib.py b/infrastructure-provisioning/src/general/lib/os/debian/common_lib.py
index c70e9a9..4c368eb 100644
--- a/infrastructure-provisioning/src/general/lib/os/debian/common_lib.py
+++ b/infrastructure-provisioning/src/general/lib/os/debian/common_lib.py
@@ -167,3 +167,64 @@ def ensure_step(user):
sudo('touch /home/{}/.ensure_dir/step_ensured'.format(user))
except:
sys.exit(1)
+
+def install_certbot(os_family):
+ try:
+ print('Installing Certbot')
+ if os_family == 'debian':
+ sudo('apt-get -y update')
+ sudo('apt-get -y install software-properties-common')
+ sudo('add-apt-repository -y universe')
+ sudo('add-apt-repository -y ppa:certbot/certbot')
+ sudo('apt-get -y update')
+ sudo('apt-get -y install certbot python-certbot-nginx')
+ elif os_family == 'redhat':
+ print('This OS family is not supported yet')
+ except Exception as err:
+ traceback.print_exc()
+ print('Failed Certbot install: ' + str(err))
+ sys.exit(1)
+
+def run_certbot(domain_name, email=''):
+ try:
+ print('Running Certbot')
+ sudo('service nginx stop')
+ if email != '':
+ sudo('certbot certonly --standalone -n -d ssn.{} -m {}'.format(domain_name, email))
+ else:
+ sudo('certbot certonly --standalone -n -d ssn.{} --register-unsafely-without-email --agree-tos'.format(domain_name))
+ except Exception as err:
+ traceback.print_exc()
+ print('Failed to run Certbot: ' + str(err))
+ sys.exit(1)
+
+def find_replace_line(file_path, searched_str, replacement_line):
+ try:
+ lines = sudo('cat {}'.format(file_path)).split('\r\n')
+ sudo('echo "" > {}'.format(file_path))
+ for n, line in enumerate(lines):
+ if searched_str in line:
+ lines[n] = replacement_line
+ sudo('echo \'{}\' >> {}'.format(lines[n], file_path))
+ except Exception as err:
+ traceback.print_exc()
+ print('Failed to replace string: ' + str(err))
+ sys.exit(1)
+
+def configure_nginx_LE(domain_name):
+ try:
+ server_name_line =' server_name ssn.{};'.format(domain_name)
+ cert_path_line = ' ssl_certificate /etc/letsencrypt/live/ssn.{}/fullchain.pem;'.format(domain_name)
+ cert_key_line = ' ssl_certificate_key /etc/letsencrypt/live/ssn.{}/privkey.pem;'.format(domain_name)
+ certbot_service = 'ExecStart = /usr/bin/certbot -q renew --pre-hook "service nginx stop" --post-hook "service nginx start"'
+ certbot_service_path = '/lib/systemd/system/certbot.service'
+ nginx_config_path = '/etc/nginx/conf.d/nginx_proxy.conf'
+ find_replace_line(nginx_config_path,' server_name ' ,server_name_line)
+ find_replace_line(nginx_config_path,' ssl_certificate ' ,cert_path_line)
+ find_replace_line(nginx_config_path,' ssl_certificate_key ' ,cert_key_line)
+ find_replace_line(certbot_service_path, 'ExecStart', certbot_service)
+ sudo('systemctl restart nginx')
+ except Exception as err:
+ traceback.print_exc()
+ print('Failed to run Certbot: ' + str(err))
+ sys.exit(1)
diff --git a/infrastructure-provisioning/src/general/lib/os/redhat/common_lib.py b/infrastructure-provisioning/src/general/lib/os/redhat/common_lib.py
index ea5d4f2..7047633 100644
--- a/infrastructure-provisioning/src/general/lib/os/redhat/common_lib.py
+++ b/infrastructure-provisioning/src/general/lib/os/redhat/common_lib.py
@@ -140,3 +140,29 @@ def ensure_step(user):
sudo('touch /home/{}/.ensure_dir/step_ensured'.format(user))
except:
sys.exit(1)
+
+def install_certbot(os_family):
+ try:
+ print('Installing Certbot')
+ print('Redhat is not supported yet. Skipping....')
+ except Exception as err:
+ traceback.print_exc()
+ print('Failed Certbot install: ' + str(err))
+ sys.exit(1)
+
+def run_certbot(domain_name, email=''):
+ try:
+ print('Running Certbot')
+ print('Redhat is not supported yet. Skipping....')
+ except Exception as err:
+ traceback.print_exc()
+ print('Failed to run Certbot: ' + str(err))
+ sys.exit(1)
+
+def configure_nginx_LE(domain_name):
+ try:
+ print('Redhat is not supported yet. Skipping....')
+ except Exception as err:
+ traceback.print_exc()
+ print('Failed to run Certbot: ' + str(err))
+ sys.exit(1)
\ No newline at end of file
diff --git a/infrastructure-provisioning/src/ssn/scripts/configure_ssn_node.py b/infrastructure-provisioning/src/ssn/scripts/configure_ssn_node.py
index af6d5a3..6341e0e 100644
--- a/infrastructure-provisioning/src/ssn/scripts/configure_ssn_node.py
+++ b/infrastructure-provisioning/src/ssn/scripts/configure_ssn_node.py
@@ -121,66 +121,6 @@ def creating_service_directories(dlab_path, os_user):
print('Failed to create service directories: ', str(err))
sys.exit(1)
-def install_certbot(os_family):
- try:
- print('Installing Certbot')
- if os_family == 'debian':
- sudo('apt-get -y update')
- sudo('apt-get -y install software-properties-common')
- sudo('add-apt-repository -y universe')
- sudo('add-apt-repository -y ppa:certbot/certbot')
- sudo('apt-get -y update')
- sudo('apt-get -y install certbot python-certbot-nginx')
- elif os_family == 'redhat':
- print('This OS family is not supported yet')
- except Exception as err:
- traceback.print_exc()
- print('Failed Certbot install: ' + str(err))
- sys.exit(1)
-
-def run_certbot(domain_name, email=''):
- try:
- print('Running Certbot')
- sudo('service nginx stop')
- if email != '':
- sudo('certbot certonly --standalone -n -d ssn.{} -m {}'.format(domain_name, email))
- else:
- sudo('certbot certonly --standalone -n -d ssn.{} --register-unsafely-without-email --agree-tos'.format(domain_name))
- except Exception as err:
- traceback.print_exc()
- print('Failed to run Certbot: ' + str(err))
- sys.exit(1)
-
-def find_replace_line(file_path, searched_str, replacement_line):
- try:
- lines = sudo('cat {}'.format(file_path)).split('\r\n')
- sudo('echo "" > {}'.format(file_path))
- for n, line in enumerate(lines):
- if searched_str in line:
- lines[n] = replacement_line
- sudo('echo \'{}\' >> {}'.format(lines[n], file_path))
- except Exception as err:
- traceback.print_exc()
- print('Failed to replace string: ' + str(err))
- sys.exit(1)
-
-def configure_nginx_LE(domain_name):
- try:
- server_name_line =' server_name ssn.{};'.format(domain_name)
- cert_path_line = ' ssl_certificate /etc/letsencrypt/live/ssn.{}/fullchain.pem;'.format(domain_name)
- cert_key_line = ' ssl_certificate_key /etc/letsencrypt/live/ssn.{}/privkey.pem;'.format(domain_name)
- certbot_service = 'ExecStart = /usr/bin/certbot -q renew --pre-hook "service nginx stop" --post-hook "service nginx start"'
- certbot_service_path = '/lib/systemd/system/certbot.service'
- nginx_config_path = '/etc/nginx/conf.d/nginx_proxy.conf'
- find_replace_line(nginx_config_path,' server_name ' ,server_name_line)
- find_replace_line(nginx_config_path,' ssl_certificate ' ,cert_path_line)
- find_replace_line(nginx_config_path,' ssl_certificate_key ' ,cert_key_line)
- find_replace_line(certbot_service_path, 'ExecStart', certbot_service)
- sudo('systemctl restart nginx')
- except Exception as err:
- traceback.print_exc()
- print('Failed to run Certbot: ' + str(err))
- sys.exit(1)
def configure_ssl_certs(hostname, custom_ssl_cert):
try:
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org
[incubator-dlab] 03/03: [DLAB-1594]: added variables to functions
Posted by lf...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
lfrolov pushed a commit to branch DLAB-1594-2
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
commit e612c47c3b71cce2fe50ecb7972292424686258f
Author: leonidfrolov <fr...@gmail.com>
AuthorDate: Tue Aug 4 19:10:00 2020 +0300
[DLAB-1594]: added variables to functions
---
.../src/general/lib/os/debian/common_lib.py | 14 +++++++-------
.../src/ssn/scripts/configure_ssn_node.py | 6 +++---
2 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/infrastructure-provisioning/src/general/lib/os/debian/common_lib.py b/infrastructure-provisioning/src/general/lib/os/debian/common_lib.py
index 4c368eb..ee36762 100644
--- a/infrastructure-provisioning/src/general/lib/os/debian/common_lib.py
+++ b/infrastructure-provisioning/src/general/lib/os/debian/common_lib.py
@@ -185,14 +185,14 @@ def install_certbot(os_family):
print('Failed Certbot install: ' + str(err))
sys.exit(1)
-def run_certbot(domain_name, email=''):
+def run_certbot(domain_name, node, email=''):
try:
print('Running Certbot')
sudo('service nginx stop')
if email != '':
- sudo('certbot certonly --standalone -n -d ssn.{} -m {}'.format(domain_name, email))
+ sudo('certbot certonly --standalone -n -d {}.{} -m {}'.format(node, domain_name, email))
else:
- sudo('certbot certonly --standalone -n -d ssn.{} --register-unsafely-without-email --agree-tos'.format(domain_name))
+ sudo('certbot certonly --standalone -n -d {}.{} --register-unsafely-without-email --agree-tos'.format(node, domain_name))
except Exception as err:
traceback.print_exc()
print('Failed to run Certbot: ' + str(err))
@@ -211,11 +211,11 @@ def find_replace_line(file_path, searched_str, replacement_line):
print('Failed to replace string: ' + str(err))
sys.exit(1)
-def configure_nginx_LE(domain_name):
+def configure_nginx_LE(domain_name, node):
try:
- server_name_line =' server_name ssn.{};'.format(domain_name)
- cert_path_line = ' ssl_certificate /etc/letsencrypt/live/ssn.{}/fullchain.pem;'.format(domain_name)
- cert_key_line = ' ssl_certificate_key /etc/letsencrypt/live/ssn.{}/privkey.pem;'.format(domain_name)
+ server_name_line =' server_name {}.{};'.format(node, domain_name)
+ cert_path_line = ' ssl_certificate /etc/letsencrypt/live/{}.{}/fullchain.pem;'.format(node, domain_name)
+ cert_key_line = ' ssl_certificate_key /etc/letsencrypt/live/{}.{}/privkey.pem;'.format(node, domain_name)
certbot_service = 'ExecStart = /usr/bin/certbot -q renew --pre-hook "service nginx stop" --post-hook "service nginx start"'
certbot_service_path = '/lib/systemd/system/certbot.service'
nginx_config_path = '/etc/nginx/conf.d/nginx_proxy.conf'
diff --git a/infrastructure-provisioning/src/ssn/scripts/configure_ssn_node.py b/infrastructure-provisioning/src/ssn/scripts/configure_ssn_node.py
index 6341e0e..0bb30b2 100644
--- a/infrastructure-provisioning/src/ssn/scripts/configure_ssn_node.py
+++ b/infrastructure-provisioning/src/ssn/scripts/configure_ssn_node.py
@@ -244,11 +244,11 @@ if __name__ == "__main__":
if os.environ['conf_letsencrypt_enabled'] == 'true':
print("Configuring letsencrypt certificates.")
- install_certbot(os.environ['conf_os_family'])
+ install_certbot(os.environ['conf_os_family'], 'ssn')
if 'conf_letsencrypt_email' in os.environ:
- run_certbot(os.environ['conf_letsencrypt_domain_name'], os.environ['conf_letsencrypt_email'])
+ run_certbot(os.environ['conf_letsencrypt_domain_name'], 'ssn', os.environ['conf_letsencrypt_email'])
else:
- run_certbot(os.environ['conf_letsencrypt_domain_name'])
+ run_certbot(os.environ['conf_letsencrypt_domain_name'], 'ssn')
configure_nginx_LE(os.environ['conf_letsencrypt_domain_name'])
#print("Installing jenkins.")
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org