Description:
Setup encrypted conn. to the API environment
Pass the same certificate and private key used by nginx to the
API environment, so that the websocket connection can use WSS.
This sets the code up, but HTTPS is still disabled, and WSS too.
To test this you need to enable HTTPS in config/nginx.conf.template,
WSS in config/config.js.template, and expose the 443 port in
hooks/start.
Also, this is not yet working while deploying manually, and needs
further testing. Do not land without checking first.
Affected files:
M HACKING.md
A [revision details]
M config.yaml
M config/juju-api-agent.conf.template
M config/juju-api-improv.conf.template
M config/nginx.conf.template
M hooks/start
M hooks/utils.py
M revision
M tests/test_utils.py
Index: HACKING.md
=== modified file 'HACKING.md'
--- HACKING.md 2012-12-19 15:27:53 +0000
+++ HACKING.md 2012-12-21 18:06:41 +0000
@@ -114,7 +114,7 @@
this (again, assuming you have set up your repo the way the functional
tests
need them, as described above).
Reviewers: mp+141107_ code.launchpad. net,
Message:
Please take a look.
Description:
Setup encrypted conn. to the API environment
Pass the same certificate and private key used by nginx to the
API environment, so that the websocket connection can use WSS.
This sets the code up, but HTTPS is still disabled, and WSS too. nginx.conf. template, config. js.template, and expose the 443 port in
To test this you need to enable HTTPS in config/
WSS in config/
hooks/start.
Also, this is not yet working while deploying manually, and needs
further testing. Do not land without checking first.
https:/ /code.launchpad .net/~teknico/ charms/ precise/ juju-gui/ encrypt- api-env- connection/ +merge/ 141107
(do not edit description out of merge proposal)
Please review this at https:/ /codereview. appspot. com/7007045/
Affected files: juju-api- agent.conf. template juju-api- improv. conf.template nginx.conf. template
M HACKING.md
A [revision details]
M config.yaml
M config/
M config/
M config/
M hooks/start
M hooks/utils.py
M revision
M tests/test_utils.py
Index: HACKING.md
=== modified file 'HACKING.md'
--- HACKING.md 2012-12-19 15:27:53 +0000
+++ HACKING.md 2012-12-21 18:06:41 +0000
@@ -114,7 +114,7 @@
this (again, assuming you have set up your repo the way the functional
tests
need them, as described above).
- juju deploy --repository= /path/to/ charm/repo local:precise/ juju-gui /path/to/ charm/repo --upgrade juju-gui
+ juju deploy --repository=
local:precise/
juju expose juju-gui
Now you are working with a test run, as described in
Index: [revision details]
=== added file '[revision details]'
--- [revision details] 2012-01-01 00:00:00 +0000
+++ [revision details] 2012-01-01 00:00:00 +0000
@@ -0,0 +1,2 @@
+Old revision:
<email address hidden>
+New revision: <email address hidden>
Index: config.yaml private/ juju-gui private/ juju-gui/
=== modified file 'config.yaml'
--- config.yaml 2012-12-20 14:56:29 +0000
+++ config.yaml 2012-12-21 18:06:41 +0000
@@ -50,4 +50,4 @@
description: |
The path to the directory where the SSL certificates are stored.
type: string
- default: /etc/ssl/
+ default: /etc/ssl/
Index: config/ juju-api- agent.conf. template juju-api- agent.conf. template' juju-api- agent.conf. template 2012-11-29 13:23:28 +0000 juju-api- agent.conf. template 2012-12-21 15:12:03 +0000 juju/api- agent.log \ juju/api- agent.zksession juju/api- agent.zksession \
=== modified file 'config/
--- config/
+++ config/
@@ -10,4 +10,5 @@
# Use --nodaemon so that upstart can correctly retrieve the process ID.
exec /usr/bin/python -m juju.agents.api --nodaemon --port %(port)s \
--logfile /var/log/
- --session-file /var/run/
+ --session-file /var/run/
+ --keys %(keys)s
Index: config/ juju-api- improv. conf.template juju-api- improv. conf.template' juju-api- improv. conf.template 2012-12-03 10:02:45 +0000 juju-api- improv. conf.template 2012-12-21 15:12:03 +0000 %(juju_ dir)s:$ PYTHONPATH
=== modified file 'config/
--- config/
+++ config/
@@ -8,4 +8,5 @@
env PYTHONPATH=
exec /usr/bin/python %(juju_ dir)s/improv. py --port %(port)s \ dir)s/% (staging_ env)s.json dir)s/% (staging_ env)s.json \
- -f %(juju_
+ -f %(juju_
+ --keys %(keys)s
Index: config/ nginx.conf. template nginx.conf. template' nginx.conf. template 2012-12-20 18:02:44 +0000 nginx.conf. template 2012-12-21 15:12:03 +0000 private/ juju-gui/ server. pem; private/ juju-gui/ server. key; private/ juju-gui/ juju.crt; private/ juju-gui/ juju.key;
=== modified file 'config/
--- config/
+++ config/
@@ -13,8 +13,8 @@
root %(server_root)s;
index index.html;
# Uncomment to switch back to TLS connections.
- # ssl_certificate /etc/ssl/
- # ssl_certificate_key /etc/ssl/
+ # ssl_certificate /etc/ssl/
+ # ssl_certificate_key /etc/ssl/
# Serve static assets.
location ^~ /juju-ui/ {
Index: revision
=== modified file 'revision'
--- revision 2012-12-20 10:52:39 +0000
+++ revision 2012-12-21 18:06:41 +0000
@@ -1,1 +1,1 @@
-17
+18
Index: hooks/start get('staging' ) gui(juju_ api_port, config[ 'juju-gui- console- enabled' ], staging) juju_api_ port, config[ 'staging- environment' ]) juju_api_ port, ssl_cert_ path=config[ 'ssl-cert- path'], path=config[ 'staging- environment' ]) juju_api_ port) juju_api_ port, ssl_cert_ path=config[ 'ssl-cert- path']) ports(juju_ api_port)
=== modified file 'hooks/start'
--- hooks/start 2012-12-20 18:02:44 +0000
+++ hooks/start 2012-12-21 15:12:03 +0000
@@ -33,9 +33,10 @@
staging = config.
start_
if staging:
- start_improv(
+ start_improv(
+ config_
else:
- start_agent(
+ start_agent(
open_
Index: hooks/utils.py
=== modified file 'hooks/utils.py'
--- hooks/utils.py 2012-12-20 14:56:29 +0000
+++ hooks/utils.py 2012-12-21 15:12:03 +0000
@@ -27,7 +27,6 @@
import json
import os
import logging
-import shutil
import tempfile
from launchpadlib. launchpad import Launchpad
@@ -178,6 +177,7 @@
def start_improv( juju_api_ port, staging_env, path='/ etc/ssl/ private/ juju-gui/ ',
config_ path='/ etc/init/ juju-api- improv. conf'):
'juju_ dir': JUJU_DIR,
'staging_ env': staging_env, to_file( 'juju-api- improv. conf.template' , context, config_path)
service_ control( IMPROV, START)
+ ssl_cert_
"""Start a simulated juju environment using ``improv.py``."""
log('Setting up staging start up script.')
@@ -185,6 +185,7 @@
'port': juju_api_port,
+ 'keys': ssl_cert_path,
}
render_
log('Starting the staging backend.')
@@ -192,7 +193,8 @@
-def start_agent( juju_api_ port, path='/ etc/init/ juju-api- agent.conf' ): juju_api_ port, ssl_cert_ path='/ etc/ssl/ private/ juju-gui/ ', path='/ etc/init/ juju-api- agent.conf' ): realpath( os.path. join(CURRENT_ DIR, '..'))
'juju_ dir': JUJU_DIR,
'zookeeper' : zookeeper, to_file( 'juju-api- agent.conf. template' , context, config_path)
run('ln' , '-s', juju_gui_site,
'/etc/ nginx/sites- enabled/ juju-gui' )) join(ssl_ cert_path, 'server.pem') join(ssl_ cert_path, 'server.key') exists( pem_path) and os.path. exists( key_path) ): join(ssl_ cert_path, 'juju.crt') join(ssl_ cert_path, 'juju.key') exists( crt_path) and os.path. exists( key_path) ): exists( ssl_cert_ path):
os.makedirs( ssl_cert_ path) superuser. com/questions/ 226192/ openssl- without- prompt
'-days' , '365', '-nodes', '-x509', '-subj',
'/C=GB/ ST=Juju/ L=GUI/O= Ubuntu/ CN=juju. ubuntu. com',
config_
+def start_agent(
+ config_
"""Start the Juju agent and connect to the current environment."""
# Retrieve the Zookeeper address from the start up script.
unit_dir = os.path.
@@ -203,6 +205,7 @@
'port': juju_api_port,
+ 'keys': ssl_cert_path,
}
render_
log('Starting API agent.')
@@ -321,9 +324,9 @@
# Generate the nginx SSL certificates, if needed.
- pem_path = os.path.
- key_path = os.path.
- if not (os.path.
+ crt_path = os.path.
+ key_path = os.path.
+ if not (os.path.
if not os.path.
# See http://
@@ -332,4 +335,4 @@
# These are arbitrary test values for the certificate.
- '-keyout', key_path, '-out', pem_path))
+ '-keyout', key_path, '-out', crt_path))
Index: tests/test_utils.py test_utils. py'
=== modified file 'tests/
--- tests/test_utils.py 2012-12-20 13:27:30 +0000
+++ tests/test_utils.py 2012-12-21 15:12:03 +0000
@@ -348,6 +348,7 @@
+ self.ssl_cert_path = 'ssl/cert/path'
def tearDown(self): improv( self):
staging_ env = 'large' n_file. name) n_file. name) n_file. read()
self. assertTrue( '--port %s' % port in conf)
self. assertTrue( staging_ env + '.json' in conf) (self.ssl_ cert_path in conf)
self. assertEqual( self.svc_ ctl_call_ count, 1)
self. assertEqual( self.service_ names, ['juju- api-improv' ])
self. assertEqual( self.actions, [charmhelpers. START])
# Undo all of the monkey patching.
@@ -358,20 +359,23 @@
def test_start_
port = '1234'
- start_improv(port, staging_env, self.destinatio
+ start_improv(port, staging_env, self.ssl_cert_path,
+ self.destinatio
conf = self.destinatio
+ self.assertTrue
def test_start_ agent(self) : n_file. name) n_file. name) n_file. read()
self. assertTrue( '--port %s' % port in conf)
self. assertTrue( 'JUJU_ZOOKEEPER =%s' % self.fake_ zk_address in conf) (self.ssl_ cert_path in conf)
self. assertEqual( self.svc_ ctl_call_ count, 1)
self. assertEqual( self.service_ names, ['juju-api-agent'])
self. assertEqual( self.actions, [charmhelpers. START])
port = '1234'
- start_agent(port, self.destinatio
+ start_agent(port, self.ssl_cert_path, self.destinatio
conf = self.destinatio
+ self.assertTrue