This is an automated email from the ASF dual-hosted git repository. lfrolov pushed a commit to branch DLAB-1594-2 in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
commit e5b99a15067ec38439edeab78c2d8dbbe035e67a Author: leonidfrolov <[email protected]> AuthorDate: Wed Aug 5 17:38:17 2020 +0300 [DLAB-1594]: fixed some errors, made some upgrades in code --- .../src/general/lib/os/debian/common_lib.py | 25 ++++++---------------- .../src/general/lib/os/debian/edge_lib.py | 15 +++++++------ .../src/general/scripts/gcp/edge_configure.py | 2 +- .../scripts/configure_nginx_reverse_proxy.py | 2 -- 4 files changed, 15 insertions(+), 29 deletions(-) diff --git a/infrastructure-provisioning/src/general/lib/os/debian/common_lib.py b/infrastructure-provisioning/src/general/lib/os/debian/common_lib.py index 87bcfb5..1ff61c6 100644 --- a/infrastructure-provisioning/src/general/lib/os/debian/common_lib.py +++ b/infrastructure-provisioning/src/general/lib/os/debian/common_lib.py @@ -198,34 +198,21 @@ def run_certbot(domain_name, node, email=''): print('Failed to run Certbot: ' + str(err)) sys.exit(1) -def find_replace_line(file_path, searched_str, replacement_line): - try: - lines = sudo('cat {}'.format(file_path)).split('\r\n') - sudo('rm {0}; touch {0}'.format(file_path)) - for n, line in enumerate(lines): - if searched_str in line: - lines[n] = replacement_line - sudo('echo \'{}\' >> {}'.format(lines[n], file_path), quiet=True) - except Exception as err: - traceback.print_exc() - print('Failed to replace string: ' + str(err)) - sys.exit(1) - def configure_nginx_LE(domain_name, node): try: - server_name_line =' server_name {}.{};'.format(node, domain_name) + server_name_line =' server_name {}.{};'.format(node, domain_name) cert_path_line = ' ssl_certificate /etc/letsencrypt/live/{}.{}/fullchain.pem;'.format(node, domain_name) cert_key_line = ' ssl_certificate_key /etc/letsencrypt/live/{}.{}/privkey.pem;'.format(node, domain_name) - certbot_service = 'ExecStart = /usr/bin/certbot -q renew --pre-hook "service nginx stop" --post-hook "service nginx start"' + certbot_service = 'ExecStart = /usr/bin/certbot -q renew --pre-hook \"service nginx stop\" --post-hook \"service nginx start\"' certbot_service_path = '/lib/systemd/system/certbot.service' if node == 'ssn': nginx_config_path = '/etc/nginx/conf.d/nginx_proxy.conf' else: nginx_config_path = '/etc/nginx/conf.d/proxy.conf' - find_replace_line(nginx_config_path,' server_name ' ,server_name_line) - find_replace_line(nginx_config_path,' ssl_certificate ' ,cert_path_line) - find_replace_line(nginx_config_path,' ssl_certificate_key ' ,cert_key_line) - find_replace_line(certbot_service_path, 'ExecStart', certbot_service) + sudo('sed -i "s|.* server_name .*|{}|" {}'.format(server_name_line, nginx_config_path)) + sudo('sed -i "s|.* ssl_certificate .*|{}|" {}'.format(cert_path_line, nginx_config_path)) + sudo('sed -i "s|.* ssl_certificate_key .*|{}|" {}'.format(cert_key_line, nginx_config_path)) + sudo('sed -i "s|.*ExecStart.*|{}|" {}'.format(certbot_service, certbot_service_path)) sudo('systemctl restart nginx') except Exception as err: traceback.print_exc() diff --git a/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py b/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py index dae8e07..57940db 100644 --- a/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py +++ b/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py @@ -108,13 +108,6 @@ def install_nginx_lua(edge_ip, nginx_version, keycloak_auth_server_url, keycloak use_sudo=True) sudo('systemctl daemon-reload') sudo('systemctl enable step-cert-manager.service') - elif os.environ['conf_letsencrypt_enabled'] == 'true': - print("Configuring letsencrypt certificates.") - install_certbot(os.environ['conf_os_family']) - if 'conf_letsencrypt_email' in os.environ: - run_certbot(os.environ['conf_letsencrypt_domain_name'], os.environ['project_name'], os.environ['conf_letsencrypt_email']) - else: - run_certbot(os.environ['conf_letsencrypt_domain_name'], os.environ['project_name']) else: sudo('openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/certs/dlab.key \ -out /etc/ssl/certs/dlab.crt -subj "/C=US/ST=US/L=US/O=dlab/CN={}"'.format(hostname)) @@ -200,6 +193,14 @@ def install_nginx_lua(edge_ip, nginx_version, keycloak_auth_server_url, keycloak sudo('systemctl enable nginx') sudo('/etc/init.d/nginx start') sudo('touch /tmp/nginx_installed') + if os.environ['conf_letsencrypt_enabled'] == 'true': + print("Configuring letsencrypt certificates.") + install_certbot(os.environ['conf_os_family']) + if 'conf_letsencrypt_email' in os.environ: + run_certbot(os.environ['conf_letsencrypt_domain_name'], os.environ['project_name'], os.environ['conf_letsencrypt_email']) + else: + run_certbot(os.environ['conf_letsencrypt_domain_name'], os.environ['project_name']) + configure_nginx_LE(os.environ['conf_letsencrypt_domain_name'], os.environ['project_name']) except Exception as err: print("Failed install nginx with ldap: " + str(err)) sys.exit(1) \ No newline at end of file diff --git a/infrastructure-provisioning/src/general/scripts/gcp/edge_configure.py b/infrastructure-provisioning/src/general/scripts/gcp/edge_configure.py index 110efb9..4cd1efb 100644 --- a/infrastructure-provisioning/src/general/scripts/gcp/edge_configure.py +++ b/infrastructure-provisioning/src/general/scripts/gcp/edge_configure.py @@ -263,7 +263,7 @@ if __name__ == "__main__": raise Exception except Exception as err: dlab.fab.append_result("Failed installing nginx reverse proxy. Excpeption: " + str(err)) - clear_resources() + #clear_resources() sys.exit(1) try: diff --git a/infrastructure-provisioning/src/project/scripts/configure_nginx_reverse_proxy.py b/infrastructure-provisioning/src/project/scripts/configure_nginx_reverse_proxy.py index 0d2c711..a4f0825 100644 --- a/infrastructure-provisioning/src/project/scripts/configure_nginx_reverse_proxy.py +++ b/infrastructure-provisioning/src/project/scripts/configure_nginx_reverse_proxy.py @@ -27,7 +27,6 @@ import argparse import sys import os from dlab.common_lib import ensure_step -from dlab.common_lib import configure_nginx_LE from dlab.edge_lib import install_nginx_lua parser = argparse.ArgumentParser() @@ -68,7 +67,6 @@ if __name__ == "__main__": os.environ['keycloak_auth_server_url'], os.environ['keycloak_realm_name'], args.keycloak_client_id, args.keycloak_client_secret, args.user, args.hostname, args.step_cert_sans) - configure_nginx_LE(os.environ['conf_letsencrypt_domain_name'], os.environ['project_name']) except Exception as err: print("Failed install nginx reverse proxy: " + str(err)) sys.exit(1) --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
