Make CKAN and ODK add-ca-cert parametrizable
This commit is contained in:
parent
5f6a7a2517
commit
09a146b54c
2
apk/spoc
2
apk/spoc
@ -1 +1 @@
|
||||
Subproject commit b3f2a4be70309c51a3a119cc32bd01ec1a08d2de
|
||||
Subproject commit d70fe9756a978e231a504fdc740a829bf343ad55
|
@ -2,7 +2,10 @@
|
||||
|
||||
import ssl
|
||||
|
||||
cert = ssl.get_server_certificate(('host', 443))
|
||||
with open('/etc/ckan-datapusher/add-ca-cert.env') as f:
|
||||
env = dict(tuple(line.split('=')) for line in f.read().splitlines())
|
||||
|
||||
cert = ssl.get_server_certificate((env['DOMAIN'], env['PORT']))
|
||||
with open('/usr/lib/python2.7/site-packages/requests/cacert.pem', 'a') as f:
|
||||
f.write(cert)
|
||||
|
||||
|
@ -47,6 +47,7 @@ spoc-container start ckan-solr
|
||||
# Configure CKAN DataPusher
|
||||
install -o 100000 -g 108080 -m 750 -d ${DATAPUSHER_CONF}
|
||||
install -o 108080 -g 108080 -m 750 -d ${DATAPUSHER_DATA}
|
||||
install -o 100000 -g 108080 -m 640 datapusher_conf/add-ca-cert.env ${DATAPUSHER_CONF}/add-ca-cert.env
|
||||
install -o 100000 -g 108080 -m 640 datapusher_conf/datapusher.wsgi ${DATAPUSHER_CONF}/datapusher.wsgi
|
||||
install -o 100000 -g 108080 -m 640 datapusher_conf/datapusher_settings.py ${DATAPUSHER_CONF}/datapusher_settings.py
|
||||
|
||||
|
2
lxc-apps/ckan/install/datapusher_conf/add-ca-cert.env
Normal file
2
lxc-apps/ckan/install/datapusher_conf/add-ca-cert.env
Normal file
@ -0,0 +1,2 @@
|
||||
DOMAIN=ckan.spotter.vm
|
||||
PORT=443
|
@ -24,6 +24,7 @@
|
||||
"opendatakit-postgres"
|
||||
],
|
||||
"mounts": {
|
||||
"opendatakit/odkbuild_conf/add-ca-cert.env": "srv/opendatakit-build/add-ca-cert.env:file"
|
||||
"opendatakit/odkbuild_conf/config.yml": "srv/opendatakit-build/config.yml:file"
|
||||
}
|
||||
},
|
||||
|
@ -31,6 +31,7 @@ install -o 108080 -g 108080 -m 640 odk_conf/server.xml ${ODK_CONF}/server.xml
|
||||
# Configure OpenDataKit Build
|
||||
export OPENDATAKITBUILD_COOKIE_SECRET=$(head -c 8 /dev/urandom | hexdump -e '"%x"')
|
||||
install -o 108080 -g 108080 -m 750 -d ${ODKBUILD_CONF}
|
||||
install -o 108080 -g 108080 -m 640 odkbuild_conf/add-ca-cert.env ${ODKBUILD_CONF}/add-ca-cert.env
|
||||
envsubst <odkbuild_conf/config.yml | install -o 108080 -g 108080 -m 640 /dev/stdin ${ODKBUILD_CONF}/config.yml
|
||||
spoc-container exec opendatakit-build -- sh -c 'cd /srv/opendatakit-build; rake db:migrate'
|
||||
|
||||
|
@ -0,0 +1,2 @@
|
||||
DOMAIN=odk.spotter.vm
|
||||
PORT=443
|
@ -1,4 +1,6 @@
|
||||
#!/bin/sh
|
||||
|
||||
true | openssl s_client -connect host:443 | openssl x509 -out /usr/local/share/ca-certificates/host.crt
|
||||
. /srv/opendatakit-build/add-ca-cert.env
|
||||
|
||||
true | openssl s_client -connect ${DOMAIN}:${PORT} | openssl x509 -out /usr/local/share/ca-certificates/opendatakit.crt
|
||||
update-ca-certificates
|
||||
|
Loading…
Reference in New Issue
Block a user