Skip to content
This repository has been archived by the owner on Apr 23, 2019. It is now read-only.

Added SSL certificates uploading. #164

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Added SSL certificates uploading. #164

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
edc2990
Added SSL certificates uploading.
oiuzikov Jan 21, 2015
43e9580
Houndci fixes
oiuzikov Jan 22, 2015
988da51
Changed ssl config options
oiuzikov Jan 24, 2015
b662d03
Houndci fixes
oiuzikov Jan 24, 2015
cd36011
Houndci fixes
oiuzikov Jan 24, 2015
b522bf7
Updated method's docs
oiuzikov Jan 24, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 3 additions & 4 deletions nodes/sample_host.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,10 +39,9 @@
"domain_names": ["<domain name>", "<domain name>", "<...>"],
"redirect_domain_names": ["<domain name>", "<domain name>", "<...>"],
"ruby_version": "2.1.0",
"ssl_info": {
"key": "<ssl key>",
"crt": "<ssl crt>"
},
"ssl_enabled": true,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you think about adding this information back into a key value hash like this:

"ssl_info" : {
  "enabled": true
  "certificate": "The cert file",
  "certificate_key": "The key for the cert file"
}

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

"ssl_certificate": "<optional key file name: my_cert.crt>",
"ssl_certificate_key": "<optional crt file name: my_cert.key>",
"env_vars": {
"key_1": "val_1",
"key_2": "val_2"
Expand Down
Empty file added vendor/cookbooks/rails/files/default/certificates/.keep
View file
Open in desktop
Empty file.
22 changes: 22 additions & 0 deletions vendor/cookbooks/rails/libraries/default.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,5 +16,27 @@ def nginx_custom_configuration(app_info)

empty_conf.merge(app_info["nginx_custom"] || {})
end

# Returns a server path to certificate file
#
# applications_root = '/u/apps/'
# name = 'my_app'
# app_info['ssl_certificate'] = 'my_cert.crt'
# ssl_certificate(applications_root, name, app_info) # => /u/apps/my_app/shared/config/my_cert.crt'
#
# applications_root = '/u/apps/'
# name = 'my_app'
# app_info['ssl_certificate'] = nil
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Trailing whitespace detected.

# ssl_certificate(applications_root, name, app_info) # => /u/apps/my_app/shared/config/my_app.crt'
#
def ssl_certificate(applications_root, name, app_info)
Pathname.new(applications_root).join(name, 'shared', 'config', app_info["ssl_certificate"] || "#{name}.crt")
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.

end

# See #ssl_certificate
#
def ssl_certificate_key(applications_root, name, app_info)
Pathname.new(applications_root).join(name, 'shared', 'config', app_info["ssl_certificate_key"] || "#{name}.key")
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.

end
end
end
31 changes: 15 additions & 16 deletions vendor/cookbooks/rails/recipes/default.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@

# Include library helpers
::Chef::Resource.send(:include, Rails::Helpers)
::Chef::Recipe.send(:include, Rails::Helpers)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just for my curiosity: what does this do?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

without this line, the following wouldn't work, method missing:

98: ssl_certificate_path = ssl_certificate(applications_root, app, app_info)

since it's a level of recipe, not resource such as:

cookbook_file pathname.to_s do
  ssl_certificate_path = ssl_certificate(applications_root, app, app_info)
end


node[:active_applications].each do |app, app_info|
rails_env = app_info['rails_env'] || "production"
Expand Down Expand Up @@ -93,21 +94,17 @@

end

if app_info['ssl_info']
template "#{applications_root}/#{app}/shared/config/certificate.crt" do
owner "deploy"
group "deploy"
mode 0644
source "app_cert.crt.erb"
variables :app_crt=> app_info['ssl_info']['crt']
end

template "#{applications_root}/#{app}/shared/config/certificate.key" do
owner "deploy"
group "deploy"
mode 0644
source "app_cert.key.erb"
variables :app_key=> app_info['ssl_info']['key']
ssl_certificate_path = ssl_certificate(applications_root, app, app_info)
ssl_certificate_key_path = ssl_certificate_key(applications_root, app, app_info)

if app_info["ssl_enabled"]
[ssl_certificate_path, ssl_certificate_key_path].each do |pathname|
cookbook_file pathname.to_s do
source "certificates/#{pathname.basename.to_s}"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Redundant use of Object#to_s in interpolation.

owner "deploy"
group "deploy"
mode 0644
end
end
end

Expand All @@ -117,7 +114,9 @@
name: app,
domain_names: app_info["domain_names"],
redirect_domain_names: app_info["redirect_domain_names"],
enable_ssl: File.exists?("#{applications_root}/#{app}/shared/config/certificate.crt"),
ssl_enabled: app_info["ssl_enabled"],
ssl_certificate: ssl_certificate_path,
ssl_certificate_key: ssl_certificate_key_path,
custom_configuration: nginx_custom_configuration(app_info))
notifies :reload, resources(service: "nginx")
end
Expand Down
33 changes: 15 additions & 18 deletions vendor/cookbooks/rails/recipes/passenger.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@

# Include library helpers
::Chef::Resource.send(:include, Rails::Helpers)
::Chef::Recipe.send(:include, Rails::Helpers)

node[:active_applications].each do |app, app_info|
rails_env = app_info['rails_env'] || "production"
Expand Down Expand Up @@ -98,32 +99,26 @@
end

if app_info['database_info']

template "#{applications_root}/#{app}/shared/config/database.yml" do
owner deploy_user
group deploy_user
mode 0600
source "app_database.yml.erb"
variables :database_info => app_info['database_info'], :rails_env => rails_env
end

end

if app_info['ssl_info']
template "#{applications_root}/#{app}/shared/config/certificate.crt" do
owner "deploy"
group "deploy"
mode 0644
source "app_cert.crt.erb"
variables :app_crt=> app_info['ssl_info']['crt']
end

template "#{applications_root}/#{app}/shared/config/certificate.key" do
owner "deploy"
group "deploy"
mode 0644
source "app_cert.key.erb"
variables :app_key=> app_info['ssl_info']['key']
ssl_certificate_path = ssl_certificate(applications_root, app, app_info)
ssl_certificate_key_path = ssl_certificate_key(applications_root, app, app_info)

if app_info["ssl_enabled"]
[ssl_certificate_path, ssl_certificate_key_path].each do |pathname|
cookbook_file pathname.to_s do
source "certificates/#{pathname.basename.to_s}"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Redundant use of Object#to_s in interpolation.

owner "deploy"
group "deploy"
mode 0644
end
end
end

Expand All @@ -133,7 +128,9 @@
name: app,
rails_env: rails_env,
domain_names: app_info["domain_names"],
enable_ssl: File.exists?("#{applications_root}/#{app}/shared/config/certificate.crt"),
ssl_enabled: app_info["ssl_enabled"],
ssl_certificate: ssl_certificate_path,
ssl_certificate_key: ssl_certificate_key_path,
custom_configuration: nginx_custom_configuration(app_info))
notifies :reload, resources(:service => "nginx")
end
Expand Down
1 change: 0 additions & 1 deletion vendor/cookbooks/rails/templates/default/app_cert.crt.erb
View file
Open in desktop

This file was deleted.

1 change: 0 additions & 1 deletion vendor/cookbooks/rails/templates/default/app_cert.key.erb
View file
Open in desktop

This file was deleted.

8 changes: 4 additions & 4 deletions vendor/cookbooks/rails/templates/default/app_nginx.conf.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<% if @redirect_domain_names && @redirect_domain_names.any? %>
server {
listen <%= node['nginx']['port'] || '80' %>;
<% if @enable_ssl %>
<% if @ssl_enabled %>
listen 443 ssl;
<% end %>
server_name <%= @redirect_domain_names.join(' ') %>;
Expand All @@ -29,13 +29,13 @@ server {
<%= @custom_configuration["server_main"] %>
}

<% if @enable_ssl %>
<% if @ssl_enabled %>

server {
listen 443 ssl;

ssl_certificate <%= node['rails']['applications_root'] %>/<%= @name %>/shared/config/certificate.crt;
ssl_certificate_key <%= node['rails']['applications_root'] %>/<%= @name %>/shared/config/certificate.key;
ssl_certificate <%= @ssl_certificate %>;
ssl_certificate_key <%= @ssl_certificate_key %>;

server_name <%= @domain_names.join(' ') %>;

Expand Down
6 changes: 3 additions & 3 deletions vendor/cookbooks/rails/templates/default/app_passenger_nginx.conf.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,13 @@ server {
<%= @custom_configuration["server_main"] %>
}

<% if @enable_ssl %>
<% if @ssl_enabled %>

server {
listen 443 ssl;

ssl_certificate <%= node['rails']['applications_root'] %>/<%= @name %>/shared/config/certificate.crt;
ssl_certificate_key <%= node['rails']['applications_root'] %>/<%= @name %>/shared/config/certificate.key;
ssl_certificate <%= @ssl_certificate %>;
ssl_certificate_key <%= @ssl_certificate_key %>;

passenger_enabled on;
passenger_app_env <%= @rails_env %>;
Expand Down