revcache

Merge ~pwlars/revcache/+git/revcache-charm:juju1-support into ~canonical-hw-cert/revcache/+git/revcache-charm:master

  1. Git
  2. lp:~pwlars/revcache/+git/revcache-charm
  3. juju1-support
  4. Merge into master
Proposed by Paul Larson
Status: Merged
Approved by: Paul Larson
Approved revision: fff4d98edf52afaf94ff3d9b66d765ef667e2535
Merged at revision: 7cd5a3bbeda700aad6f99c58bfa2e1b8512920e9
Proposed branch: ~pwlars/revcache/+git/revcache-charm:juju1-support
Merge into: ~canonical-hw-cert/revcache/+git/revcache-charm:master
Diff against target: 72 lines (+35/-4)
2 files modified
config.yaml (+12/-0)
playbooks/revcache.yaml (+23/-4)
Reviewer Review Type Date Requested Status
Paul Larson Approve
Review via email: mp+348270@code.launchpad.net

This proposal supersedes a proposal from 2018-06-18.

Description of the change

I think this finally does what I want. I've tested it locally with some fake keys, and confirmed that it puts the files in the right location and uses the correct vhost template with ssl support for nginx *only* when specifying the certificates and ssl key in either the config or in an artifact. This allows us to support both juju1 and juju2 in the same charm!

To post a comment you must log in.
Revision history for this message
Paul Larson (pwlars) wrote :

Wrong target, that should look a little more sane now :)

review: Needs Resubmitting
Revision history for this message
Paul Larson (pwlars) wrote :

I've tried this locally, but would like to try deploying it in the production environment. It's not actually going to affect any production runs right now, so self-approving since it won't break anything (yet) :)

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/config.yaml b/config.yaml
2index ad24364..1e4601f 100644
3--- a/config.yaml
4+++ b/config.yaml
5@@ -7,3 +7,15 @@ options:
6 type: string
7 description: git branch for revcache
8 default: "start"
9+ config-ssl-certificate:
10+ type: string
11+ description: base64 encoded ssl certificate file
12+ default: ""
13+ config-ssl-chain:
14+ type: string
15+ description: base64 encoded ssl chain file
16+ default: ""
17+ config-ssl-key:
18+ type: string
19+ description: base64 encoded ssl key file
20+ default: ""
21diff --git a/playbooks/revcache.yaml b/playbooks/revcache.yaml
22index c540ff3..3ec76fe 100644
23--- a/playbooks/revcache.yaml
24+++ b/playbooks/revcache.yaml
25@@ -85,6 +85,25 @@
26 tags:
27 - install
28
29+ - name: Get SSL Certificate File (from config for juju1)
30+ shell: echo -n "{{ config_ssl_certificate | b64decode }}" > /etc/ssl/certs/revcache.crt
31+ when: config_ssl_certificate != ""
32+ tags:
33+ - config-changed
34+
35+ - name: Get SSL Chain File (from config for juju1)
36+ shell: echo -n "{{ config_ssl_chain | b64decode }}" >> /etc/ssl/certs/revcache.crt
37+ when: config_ssl_chain != ""
38+ tags:
39+ - config-changed
40+
41+ - name: Get SSL Key File (from config for juju1)
42+ shell: echo -n "{{ config_ssl_key | b64decode }}" >> /etc/ssl/private/revcache.key
43+ when: config_ssl_key != ""
44+ tags:
45+ - config-changed
46+
47+
48 - name: Get SSL Certificate File
49 shell: resource-get ssl_certificate || echo -n ""
50 register: ssl_certificate
51@@ -118,8 +137,8 @@
52 - config-changed
53
54 - name: Copy nginx site config file
55- when: ssl_key.stdout == "" and
56- ssl_certificate.stdout == ""
57+ when: (ssl_key.stdout == "" and ssl_certificate.stdout == "") and
58+ ("{{ config_ssl_key }}" == "" and "{{ config_ssl_certificate }}" == "")
59 copy:
60 src: "{{ charm_dir }}/templates/revcache-vhost.conf"
61 dest: "/etc/nginx/sites-enabled/revcache"
62@@ -127,8 +146,8 @@
63 - config-changed
64
65 - name: Copy nginx site config file
66- when: ssl_key.stdout != "" and
67- ssl_certificate.stdout != ""
68+ when: (ssl_key.stdout != "" and ssl_certificate.stdout != "") or
69+ ("{{ config_ssl_key }}" != "" and "{{ config_ssl_certificate }}" != "")
70 copy:
71 src: "{{ charm_dir }}/templates/revcache-vhost-https.conf"
72 dest: "/etc/nginx/sites-enabled/revcache"

Subscribers

People subscribed via source and target branches