revcache

Merge ~pwlars/revcache/+git/revcache-charm:ssl-support into ~canonical-hw-cert/revcache/+git/revcache-charm:master

  1. Git
  2. lp:~pwlars/revcache/+git/revcache-charm
  3. ssl-support
  4. Merge into master
Proposed by Paul Larson
Status: Merged
Approved by: Paul Larson
Approved revision: a5135d1d62e911e0cce42886d87e09c7675cbac3
Merged at revision: 5d56cf80b1624c8027f3b92177160edf69dab9f7
Proposed branch: ~pwlars/revcache/+git/revcache-charm:ssl-support
Merge into: ~canonical-hw-cert/revcache/+git/revcache-charm:master
Diff against target: 111 lines (+73/-1)
3 files modified
metadata.yaml (+13/-0)
playbooks/revcache.yaml (+46/-1)
templates/revcache-vhost-https.conf (+14/-0)
Reviewer Review Type Date Requested Status
Paul Larson Approve
Review via email: mp+346656@code.launchpad.net

This proposal supersedes a proposal from 2018-05-17.

Description of the change

Just noticed I had submitted this against the revcache branch rather than the charm branch originally. Here's the right one.

This adds support for https to revcache, and works with or without chain certificates. It will only configure it for https if you have specified all of the necessary certificate/key files. Otherwise it will configure it for http.

I've tested this locally on my machine, and it does seem to work both with and without ssl certs specified.

To post a comment you must log in.
Revision history for this message
Paul Larson (pwlars) wrote :

I'd like to go ahead and land this and try deployment in production. Self-approving since it's not yet a production service, so if necessary, we can continue to fix/modify as needed with no ill effects

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/metadata.yaml b/metadata.yaml
index c84b059..5697c5f 100644
--- a/metadata.yaml
+++ b/metadata.yaml
@@ -8,3 +8,16 @@ tags:
8requires:8requires:
9 db:9 db:
10 interface: redis10 interface: redis
11resources:
12 ssl_certificate:
13 type: file
14 filename: revcache.crt
15 description: SSL Certificate File
16 ssl_chain:
17 type: file
18 filename: revcache-chain.crt
19 description: SSL Certificate Chain File
20 ssl_key:
21 type: file
22 filename: revcache.key
23 description: SSL Key File
diff --git a/playbooks/revcache.yaml b/playbooks/revcache.yaml
index 74066fe..c540ff3 100644
--- a/playbooks/revcache.yaml
+++ b/playbooks/revcache.yaml
@@ -2,6 +2,8 @@
2- hosts: all2- hosts: all
3 vars:3 vars:
4 - service_dir: "/srv/revcache"4 - service_dir: "/srv/revcache"
5 - ssl_cert_location: ""
6 - ssl_key_location: ""
5 tasks:7 tasks:
6 - name: set final status8 - name: set final status
7 shell: status-set active ready9 shell: status-set active ready
@@ -83,12 +85,55 @@
83 tags:85 tags:
84 - install86 - install
8587
88 - name: Get SSL Certificate File
89 shell: resource-get ssl_certificate || echo -n ""
90 register: ssl_certificate
91 tags:
92 - config-changed
93
94 - name: Get SSL Certificate Chain File
95 shell: resource-get ssl_chain || echo -n ""
96 register: ssl_chain
97 tags:
98 - config-changed
99
100 - name: Get SSL Certificate File
101 shell: resource-get ssl_key || echo -n ""
102 register: ssl_key
103 tags:
104 - config-changed
105
106 - name: Copy SSL Key
107 when: ssl_key.stdout != ""
108 copy:
109 src={{ ssl_key.stdout }}
110 dest=/etc/ssl/private/revcache.key
111 tags:
112 - config-changed
113
114 - name: Copy SSL certificate
115 when: ssl_certificate.stdout != ""
116 shell: cat {{ ssl_certificate.stdout }} {{ ssl_chain.stdout }} > /etc/ssl/certs/revcache.crt
117 tags:
118 - config-changed
119
86 - name: Copy nginx site config file120 - name: Copy nginx site config file
121 when: ssl_key.stdout == "" and
122 ssl_certificate.stdout == ""
87 copy:123 copy:
88 src: "{{ charm_dir }}/templates/revcache-vhost.conf"124 src: "{{ charm_dir }}/templates/revcache-vhost.conf"
89 dest: "/etc/nginx/sites-enabled/revcache"125 dest: "/etc/nginx/sites-enabled/revcache"
90 tags:126 tags:
91 - install127 - config-changed
128
129 - name: Copy nginx site config file
130 when: ssl_key.stdout != "" and
131 ssl_certificate.stdout != ""
132 copy:
133 src: "{{ charm_dir }}/templates/revcache-vhost-https.conf"
134 dest: "/etc/nginx/sites-enabled/revcache"
135 tags:
136 - config-changed
92137
93 - name: Start revcache138 - name: Start revcache
94 service:139 service:
diff --git a/templates/revcache-vhost-https.conf b/templates/revcache-vhost-https.conf
95new file mode 100644140new file mode 100644
index 0000000..9bb269b
--- /dev/null
+++ b/templates/revcache-vhost-https.conf
@@ -0,0 +1,14 @@
1server {
2 listen 443 ssl;
3 server_name localhost;
4 ssl_certificate /etc/ssl/certs/revcache.crt;
5 ssl_certificate_key /etc/ssl/private/revcache.key;
6 location / {
7 include proxy_params;
8 proxy_pass http://localhost:8000;
9 }
10 location /basic_status {
11 stub_status;
12 }
13 error_log /var/log/revcache-nginx-error.log warn;
14}

Subscribers

People subscribed via source and target branches