[incubator-dlab] branch DLAB-1594-2 updated: [DLAB-1594]: changed when certificate is obtained during ssn deployment

lfrolov Mon, 03 Aug 2020 09:18:28 -0700

This is an automated email from the ASF dual-hosted git repository.

lfrolov pushed a commit to branch DLAB-1594-2
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git



The following commit(s) were added to refs/heads/DLAB-1594-2 by this push:
     new 13c4a3f  [DLAB-1594]: changed when certificate is obtained during ssn 
deployment
13c4a3f is described below

commit 13c4a3f6aba3238f36fc0bfb13004bf6f588e228
Author: leonidfrolov <[email protected]>
AuthorDate: Mon Aug 3 19:14:29 2020 +0300

    [DLAB-1594]: changed when certificate is obtained during ssn deployment
---
 .../src/general/lib/os/debian/ssn_lib.py           | 63 ----------------------
 .../src/ssn/scripts/configure_ssn_node.py          | 62 ++++++++++++++++++++-
 2 files changed, 61 insertions(+), 64 deletions(-)

diff --git a/infrastructure-provisioning/src/general/lib/os/debian/ssn_lib.py 
b/infrastructure-provisioning/src/general/lib/os/debian/ssn_lib.py
index a24e50c..ff89fec 100644
--- a/infrastructure-provisioning/src/general/lib/os/debian/ssn_lib.py
+++ b/infrastructure-provisioning/src/general/lib/os/debian/ssn_lib.py
@@ -173,65 +173,6 @@ def ensure_mongo():
         print('Failed to install MongoDB: ', str(err))
         sys.exit(1)
 
-def install_certbot(os_family):
-    try:
-        print('Installing Certbot')
-        if os_family == 'debian':
-            sudo('apt-get -y update')
-            sudo('apt-get -y install software-properties-common')
-            sudo('add-apt-repository -y universe')
-            sudo('add-apt-repository -y ppa:certbot/certbot')
-            sudo('apt-get -y update')
-            sudo('apt-get -y install certbot python-certbot-nginx')
-        elif os_family == 'redhat':
-            print('This OS family is not supported yet')
-    except Exception as err:
-        print('Failed Certbot install: ' + str(err))
-        sys.exit(1)
-
-def run_certbot(domain_name, email):
-    try:
-        print('Running  Certbot')
-        sudo('service nginx stop')
-        if email != '':
-            sudo('certbot certonly --standalone -n -d ssn.{} -m 
{}'.format(domain_name, email))
-        else:
-            sudo('certbot certonly --standalone -n -d ssn.{} 
--register-unsafely-without-email --agree-tos'.format(domain_name))
-    except Exception as err:
-        print('Failed to run Certbot: ' + str(err))
-        sys.exit(1)
-
-def find_replace_line(file_path, searched_str, replacement_line):
-    try:
-        with open(file_path, 'r') as file:
-            lines = file.readlines()
-            for line in lines:
-                if searched_str in line:
-                    line = replacement_line
-            with open(file_path, 'w') as file:
-                file.writelines(lines)
-    except Exception as err:
-        print('Failed to replace string: ' + str(err))
-        sys.exit(1)
-
-def configure_nginx_LE(domain_name):
-    try:
-        server_name_line ='     server_name  ssn.{};'.format(domain_name)
-        cert_path_line = '    ssl_certificate  
/etc/letsencrypt/live/{}/fullchain.pem;'.format(domain_name)
-        cert_key_line = '    ssl_certificate_key 
/etc/letsencrypt/live/{}/privkey.pem;'.format(domain_name)
-        certbot_service = 'ExecStart = /usr/bin/certbot -q renew --pre-hook 
"service nginx stop" --post-hook "service nginx start"'
-        certbot_service_path = '/lib/systemd/system/certbot.service'
-        nginx_config_path = '/etc/nginx/conf.d/nginx_proxy.conf'
-        find_replace_line(nginx_config_path,'server_name' ,server_name_line)
-        find_replace_line(nginx_config_path,'ssl_certificate' ,cert_path_line)
-        find_replace_line(nginx_config_path,'ssl_certificate_key' 
,cert_key_line)
-        find_replace_line(certbot_service_path, 'ExecStart', certbot_service)
-        sudo('systemctl restart nginx')
-    except Exception as err:
-        print('Failed to run Certbot: ' + str(err))
-        sys.exit(1)
-
-
 def start_ss(keyfile, host_string, dlab_conf_dir, web_path,
              os_user, mongo_passwd, keystore_passwd, cloud_provider,
              service_base_name, tag_resource_id, billing_tag, account_id, 
billing_bucket,
@@ -400,10 +341,6 @@ def start_ss(keyfile, host_string, dlab_conf_dir, web_path,
                          '-noprompt -storepass changeit -keystore 
{1}/lib/security/cacerts'.format(os_user, java_path))
                     sudo('keytool -importcert -trustcacerts -alias ssn -file 
/etc/ssl/certs/dlab.crt -noprompt '
                          '-storepass changeit -keystore 
{0}/lib/security/cacerts'.format(java_path))
-                elif os.environ['conf_letsencrypt_enabled'] == 'true':
-                    install_certbot(os.environ['conf_os_family'])
-                    run_certbot(cloud_params['LETS_ENCRYPT_DOMAIN_NAME'], 
cloud_params['LETS_ENCRYPT_EMAIL'])
-                    
configure_nginx_LE(cloud_params['LETS_ENCRYPT_DOMAIN_NAME'])
                 else:
                     sudo('keytool -genkeypair -alias ssn -keyalg RSA -validity 
730 -storepass {1} -keypass {1} \
                          -keystore /home/{0}/keys/ssn.keystore.jks -keysize 
2048 -dname "CN=localhost"'.format(
diff --git a/infrastructure-provisioning/src/ssn/scripts/configure_ssn_node.py 
b/infrastructure-provisioning/src/ssn/scripts/configure_ssn_node.py
index 72fe329..3663b97 100644
--- a/infrastructure-provisioning/src/ssn/scripts/configure_ssn_node.py
+++ b/infrastructure-provisioning/src/ssn/scripts/configure_ssn_node.py
@@ -121,6 +121,63 @@ def creating_service_directories(dlab_path, os_user):
         print('Failed to create service directories: ', str(err))
         sys.exit(1)
 
+def install_certbot(os_family):
+    try:
+        print('Installing Certbot')
+        if os_family == 'debian':
+            sudo('apt-get -y update')
+            sudo('apt-get -y install software-properties-common')
+            sudo('add-apt-repository -y universe')
+            sudo('add-apt-repository -y ppa:certbot/certbot')
+            sudo('apt-get -y update')
+            sudo('apt-get -y install certbot python-certbot-nginx')
+        elif os_family == 'redhat':
+            print('This OS family is not supported yet')
+    except Exception as err:
+        print('Failed Certbot install: ' + str(err))
+        sys.exit(1)
+
+def run_certbot(domain_name, email):
+    try:
+        print('Running  Certbot')
+        sudo('service nginx stop')
+        if email != '':
+            sudo('certbot certonly --standalone -n -d ssn.{} -m 
{}'.format(domain_name, email))
+        else:
+            sudo('certbot certonly --standalone -n -d ssn.{} 
--register-unsafely-without-email --agree-tos'.format(domain_name))
+    except Exception as err:
+        print('Failed to run Certbot: ' + str(err))
+        sys.exit(1)
+
+def find_replace_line(file_path, searched_str, replacement_line):
+    try:
+        with open(file_path, 'r') as file:
+            lines = file.readlines()
+            for line in lines:
+                if searched_str in line:
+                    line = replacement_line
+            with open(file_path, 'w') as file:
+                file.writelines(lines)
+    except Exception as err:
+        print('Failed to replace string: ' + str(err))
+        sys.exit(1)
+
+def configure_nginx_LE(domain_name):
+    try:
+        server_name_line ='     server_name  ssn.{};'.format(domain_name)
+        cert_path_line = '    ssl_certificate  
/etc/letsencrypt/live/{}/fullchain.pem;'.format(domain_name)
+        cert_key_line = '    ssl_certificate_key 
/etc/letsencrypt/live/{}/privkey.pem;'.format(domain_name)
+        certbot_service = 'ExecStart = /usr/bin/certbot -q renew --pre-hook 
"service nginx stop" --post-hook "service nginx start"'
+        certbot_service_path = '/lib/systemd/system/certbot.service'
+        nginx_config_path = '/etc/nginx/conf.d/nginx_proxy.conf'
+        find_replace_line(nginx_config_path,'server_name' ,server_name_line)
+        find_replace_line(nginx_config_path,'ssl_certificate' ,cert_path_line)
+        find_replace_line(nginx_config_path,'ssl_certificate_key' 
,cert_key_line)
+        find_replace_line(certbot_service_path, 'ExecStart', certbot_service)
+        sudo('systemctl restart nginx')
+    except Exception as err:
+        print('Failed to run Certbot: ' + str(err))
+        sys.exit(1)
 
 def configure_ssl_certs(hostname, custom_ssl_cert):
     try:
@@ -179,7 +236,10 @@ def configure_ssl_certs(hostname, custom_ssl_cert):
                     use_sudo=True)
                 sudo('systemctl daemon-reload')
                 sudo('systemctl enable step-cert-manager.service')
-
+            elif os.environ['conf_letsencrypt_enabled'] == 'true':
+                install_certbot(os.environ['conf_os_family'])
+                run_certbot(cloud_params['LETS_ENCRYPT_DOMAIN_NAME'], 
cloud_params['LETS_ENCRYPT_EMAIL'])
+                configure_nginx_LE(cloud_params['LETS_ENCRYPT_DOMAIN_NAME'])
             else:
                 sudo('openssl req -x509 -nodes -days 3650 -newkey rsa:2048 
-keyout /etc/ssl/certs/dlab.key \
                      -out /etc/ssl/certs/dlab.crt -subj 
"/C=US/ST=US/L=US/O=dlab/CN={}"'.format(hostname))


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[incubator-dlab] branch DLAB-1594-2 updated: [DLAB-1594]: changed when certificate is obtained during ssn deployment

Reply via email to