Elabore/elabore-charms
8
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

new: [zato] auto schedule crt renew from letsencrypt certs

Browse Source
This commit is contained in:
Boris Gallet
2025-02-06 11:53:41 +01:00
parent 30ff0a39b6
commit 1048cb4ba6
4 changed files with 34 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
zato/actions/renew_crt Executable file
View File

@@ -0,0 +1,11 @@
#!/bin/bash
# compose: no-hooks
## Merged letsencrypt certificate for load_balancer in zato
. $CHARM_PATH/lib/common
DOMAIN=$(relation:get "$SERVICE_NAME":web-proxy domain)
merge_crt_letsencrypt "$DOMAIN" || exit 1

9
zato/hooks/web_proxy-relation-joined
View File

@@ -1,14 +1,13 @@
#!/bin/bash #!/bin/bash
. lib/common
DOMAIN=$(relation-get domain) || exit 1 DOMAIN=$(relation-get domain) || exit 1
DEST_LETSENCRYPT_FULLCHAIN="$SERVICE_DATASTORE/opt/zato/letsencrypt-fullchain.pem"
CUSTOM_CREATE_LB_PATH="/opt/zato/3.2.0/code/zato-cli/src/zato/cli/create_lb.py" CUSTOM_CREATE_LB_PATH="/opt/zato/3.2.0/code/zato-cli/src/zato/cli/create_lb.py"
set -e set -e
mkdir -p "${DEST_LETSENCRYPT_FULLCHAIN%/*}" merge_crt_letsencrypt "$DOMAIN"
cat $DATASTORE/letsencrypt/etc/letsencrypt/live/$DOMAIN/{fullchain,privkey}.pem > "$DEST_LETSENCRYPT_FULLCHAIN" || exit 1
# adding custom config file to handle https in load_balancer with letsencrypt-fullchain certificate # adding custom config file to handle https in load_balancer with letsencrypt-fullchain certificate
@@ -20,4 +19,4 @@ services:
- $DEST_LETSENCRYPT_FULLCHAIN:/opt/zato/letsencrypt-fullchain.pem - $DEST_LETSENCRYPT_FULLCHAIN:/opt/zato/letsencrypt-fullchain.pem
" "
info "Configured $SERVICE_NAME load_balancer with HTTPS support." info "Configured $SERVICE_NAME load_balancer with HTTPS support."

12
zato/lib/common
View File

@@ -37,3 +37,15 @@ exec_as_zato_in_container() {
return 1 return 1
fi fi
} }
## merge certificate for zato HapProxy to handle https API calls
merge_crt_letsencrypt(){
local DOMAIN="$1"
DEST_LETSENCRYPT_FULLCHAIN="$SERVICE_DATASTORE/opt/zato/letsencrypt-fullchain.pem"
mkdir -p "${DEST_LETSENCRYPT_FULLCHAIN%/*}"
cat $DATASTORE/letsencrypt/etc/letsencrypt/live/$DOMAIN/{fullchain,privkey}.pem > "$DEST_LETSENCRYPT_FULLCHAIN" || return 1
info "Letsencrypt {fullchain,privkey}.pem have been concat to /opt/zato/letsencrypt-fullchain.pem for zato hapProxy conf"
}

7
zato/metadata.yml
View File

@@ -20,6 +20,13 @@ uses:
auto: summon auto: summon
solves: solves:
database: "main storage" database: "main storage"
schedule-command:
constraint: required
auto: pair
solves:
maintenance: "Auto renew crt for hapProxy in zato"
default-options: !var-expand
(35 3 * * 7) {-D -p 10} compose renew_crt "$BASE_SERVICE_NAME"
backup: backup:
constraint: recommended constraint: recommended
auto: pair auto: pair