-
Notifications
You must be signed in to change notification settings - Fork 82
Added SSL certificates uploading. #164
base: master
Are you sure you want to change the base?
Changes from 3 commits
edc2990
43e9580
988da51
b662d03
cd36011
b522bf7
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -16,5 +16,45 @@ def nginx_custom_configuration(app_info) | |
|
||
empty_conf.merge(app_info["nginx_custom"] || {}) | ||
end | ||
|
||
# Returns a server path to certificate file | ||
# | ||
# applications_root = '/u/apps/' | ||
# name = 'my_app' | ||
# app_info['ssl_certificate'] = 'my_cert.crt' | ||
# ssl_certificate(applications_root, name, app_info) # => /u/apps/my_app/shared/config/my_cert.crt' | ||
# | ||
# applications_root = '/u/apps/' | ||
# name = 'my_app' | ||
# app_info['ssl_certificate'] = nil | ||
# ssl_certificate(applications_root, name, app_info) # => /u/apps/my_app/shared/config/my_app.crt' | ||
# | ||
def ssl_certificate(applications_root, name, app_info) | ||
raise "Invalid application config given, no `ssl_info` present" unless ssl_info?(app_info) | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Trailing whitespace detected. |
||
Pathname.new(applications_root).join(name, "shared", "config", | ||
app_info["ssl_info"]["certificate"] || "#{name}.crt") | ||
end | ||
|
||
# See #ssl_certificate | ||
# | ||
def ssl_certificate_key(applications_root, name, app_info) | ||
raise "Invalid application config given, no `ssl_info` present" unless ssl_info?(app_info) | ||
|
||
Pathname.new(applications_root).join(name, "shared", "config", | ||
app_info["ssl_info"]["certificate_key"] || "#{name}.key") | ||
end | ||
|
||
# Check if the app config has ssl_info section | ||
# | ||
def ssl_info?(app_info) | ||
app_info.key?('ssl_info') | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping. |
||
end | ||
|
||
# Checks if the app config has ssl enabled | ||
# | ||
def ssl_enabled?(app_info) | ||
ssl_info?(app_info) && app_info['ssl_info']['enabled'] | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping. |
||
end | ||
end | ||
end |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -33,6 +33,7 @@ | |
|
||
# Include library helpers | ||
::Chef::Resource.send(:include, Rails::Helpers) | ||
::Chef::Recipe.send(:include, Rails::Helpers) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Just for my curiosity: what does this do? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. without this line, the following wouldn't work, method missing:
since it's a level of recipe, not resource such as:
|
||
|
||
node[:active_applications].each do |app, app_info| | ||
rails_env = app_info['rails_env'] || "production" | ||
|
@@ -93,33 +94,42 @@ | |
|
||
end | ||
|
||
if app_info['ssl_info'] | ||
template "#{applications_root}/#{app}/shared/config/certificate.crt" do | ||
owner "deploy" | ||
group "deploy" | ||
mode 0644 | ||
source "app_cert.crt.erb" | ||
variables :app_crt=> app_info['ssl_info']['crt'] | ||
if ssl_enabled?(app_info) | ||
ssl_certificate_path = ssl_certificate(applications_root, app, app_info) | ||
ssl_certificate_key_path = ssl_certificate_key(applications_root, app, app_info) | ||
|
||
[ssl_certificate_path, ssl_certificate_key_path].each do |pathname| | ||
cookbook_file pathname.to_s do | ||
source "certificates/#{pathname.basename}" | ||
owner "deploy" | ||
group "deploy" | ||
mode 0644 | ||
end | ||
end | ||
|
||
template "#{applications_root}/#{app}/shared/config/certificate.key" do | ||
owner "deploy" | ||
group "deploy" | ||
mode 0644 | ||
source "app_cert.key.erb" | ||
variables :app_key=> app_info['ssl_info']['key'] | ||
template "/etc/nginx/sites-available/#{app}.conf" do | ||
source "app_nginx.conf.erb" | ||
variables( | ||
name: app, | ||
domain_names: app_info["domain_names"], | ||
redirect_domain_names: app_info["redirect_domain_names"], | ||
ssl_enabled: true, | ||
ssl_certificate: ssl_certificate_path, | ||
ssl_certificate_key: ssl_certificate_key_path, | ||
custom_configuration: nginx_custom_configuration(app_info)) | ||
notifies :reload, resources(service: "nginx") | ||
end | ||
else | ||
template "/etc/nginx/sites-available/#{app}.conf" do | ||
source "app_nginx.conf.erb" | ||
variables( | ||
name: app, | ||
domain_names: app_info["domain_names"], | ||
redirect_domain_names: app_info["redirect_domain_names"], | ||
ssl_enabled: false, | ||
custom_configuration: nginx_custom_configuration(app_info)) | ||
notifies :reload, resources(service: "nginx") | ||
end | ||
end | ||
|
||
template "/etc/nginx/sites-available/#{app}.conf" do | ||
source "app_nginx.conf.erb" | ||
variables( | ||
name: app, | ||
domain_names: app_info["domain_names"], | ||
redirect_domain_names: app_info["redirect_domain_names"], | ||
enable_ssl: File.exists?("#{applications_root}/#{app}/shared/config/certificate.crt"), | ||
custom_configuration: nginx_custom_configuration(app_info)) | ||
notifies :reload, resources(service: "nginx") | ||
end | ||
|
||
template "#{applications_root}/#{app}/shared/config/unicorn.rb" do | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -50,6 +50,7 @@ | |
|
||
# Include library helpers | ||
::Chef::Resource.send(:include, Rails::Helpers) | ||
::Chef::Recipe.send(:include, Rails::Helpers) | ||
|
||
node[:active_applications].each do |app, app_info| | ||
rails_env = app_info['rails_env'] || "production" | ||
|
@@ -98,45 +99,53 @@ | |
end | ||
|
||
if app_info['database_info'] | ||
|
||
template "#{applications_root}/#{app}/shared/config/database.yml" do | ||
owner deploy_user | ||
group deploy_user | ||
mode 0600 | ||
source "app_database.yml.erb" | ||
variables :database_info => app_info['database_info'], :rails_env => rails_env | ||
end | ||
|
||
end | ||
|
||
if app_info['ssl_info'] | ||
template "#{applications_root}/#{app}/shared/config/certificate.crt" do | ||
owner "deploy" | ||
group "deploy" | ||
mode 0644 | ||
source "app_cert.crt.erb" | ||
variables :app_crt=> app_info['ssl_info']['crt'] | ||
if ssl_enabled?(app_info) | ||
ssl_certificate_path = ssl_certificate(applications_root, app, app_info) | ||
ssl_certificate_key_path = ssl_certificate_key(applications_root, app, app_info) | ||
|
||
[ssl_certificate_path, ssl_certificate_key_path].each do |pathname| | ||
cookbook_file pathname.to_s do | ||
source "certificates/#{pathname.basename}" | ||
owner "deploy" | ||
group "deploy" | ||
mode 0644 | ||
end | ||
end | ||
|
||
template "#{applications_root}/#{app}/shared/config/certificate.key" do | ||
owner "deploy" | ||
group "deploy" | ||
mode 0644 | ||
source "app_cert.key.erb" | ||
variables :app_key=> app_info['ssl_info']['key'] | ||
template "/etc/nginx/sites-available/#{app}.conf" do | ||
source "app_passenger_nginx.conf.erb" | ||
variables( | ||
name: app, | ||
rails_env: rails_env, | ||
domain_names: app_info["domain_names"], | ||
ssl_enabled: true, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Trailing whitespace detected. |
||
ssl_certificate: ssl_certificate_path, | ||
ssl_certificate_key: ssl_certificate_key_path, | ||
custom_configuration: nginx_custom_configuration(app_info)) | ||
notifies :reload, resources(:service => "nginx") | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Use the new Ruby 1.9 hash syntax. |
||
end | ||
else | ||
template "/etc/nginx/sites-available/#{app}.conf" do | ||
source "app_passenger_nginx.conf.erb" | ||
variables( | ||
name: app, | ||
rails_env: rails_env, | ||
domain_names: app_info["domain_names"], | ||
ssl_enabled: false, | ||
custom_configuration: nginx_custom_configuration(app_info)) | ||
notifies :reload, resources(:service => "nginx") | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Use the new Ruby 1.9 hash syntax. |
||
end | ||
end | ||
|
||
template "/etc/nginx/sites-available/#{app}.conf" do | ||
source "app_passenger_nginx.conf.erb" | ||
variables( | ||
name: app, | ||
rails_env: rails_env, | ||
domain_names: app_info["domain_names"], | ||
enable_ssl: File.exists?("#{applications_root}/#{app}/shared/config/certificate.crt"), | ||
custom_configuration: nginx_custom_configuration(app_info)) | ||
notifies :reload, resources(:service => "nginx") | ||
end | ||
|
||
nginx_site "#{app}.conf" do | ||
action :enable | ||
|
This file was deleted.
This file was deleted.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe communicate more clearly that it should be a path for a file (and not the content):
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
agree, but this is not the full path to cert files but a cert file name only. These files should be copied to
vendor/cookbook/rails/files/default/certificates
before uploading. For example:There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah. In that case I'd communicate that, indeed.
Unfortunately one cannot add comments to a JSON file...
(After all, even when reading the code I was confused as how to use it. But that might just say about my Monday State Of Mind too :))
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What exactly were you confused with?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry; I was merely a bit confused as to what I should have to place in the value of "certificate" and "certificate_key". I assumed it had to the abslute path on my local machine.
I was merely thinking out loud how we could improve the wording so it becomes immediate apparent what we are expecting as values there.