-
-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cert server container #778
Conversation
Fold the cert_server functionality into the letsencrypt mode so that there is not a race condition when renewing certificates if the cert_server is running in the same set of containers as the letsencrypt certmgr (expected deployment)
# Conflicts: # certmgr/scripts/entrypoint.py # certmgr/scripts/letsencryptcert.py
certmgr/scripts/aws.py, line 44 at r9 (raw file): Previously, jmgrady (Jim Grady) wrote…
The convention if it's a constant value would be something like at the top of a module:
And then other modules would import this constant:
It could also be declared as a constant associated with a class and used like:
just depending on where you think the information would best live. |
certmgr/scripts/letsencrypt_cert.py, line 32 at r11 (raw file):
Since this is always a constant value, it would be best to make it a "static" class attribute rather than an instance attribute. That way, you don't need a reference to You can do this by moving it outside the constructor:
Python allows you to access static class attributes with |
certmgr/scripts/cert_proxy_server.py, line 80 at r9 (raw file): Previously, jmgrady (Jim Grady) wrote…
I commented below, but yes ideally we should try to make things static when possible to limit their scope. Making a class attribute (as noted below) or a module attribute would be better for constants. It also uses a little bit less memory because each instance does't need to allocate a spot for the same constant. |
certmgr/scripts/cert_proxy_server.py, line 84 at r11 (raw file):
Replace with constant lookup (either static class attribute or module constant). |
certmgr/scripts/entrypoint.py, line 18 at r9 (raw file): Previously, jmgrady (Jim Grady) wrote…
The So |
certmgr/scripts/letsencrypt_cert.py, line 90 at r11 (raw file):
This can be removed if we make a constant static class attribute for |
certmgr/scripts/letsencrypt_cert.py, line 152 at r11 (raw file):
This can be made |
docker_deploy/roles/combine_backup/templates/combine-restore.j2, line 107 at r9 (raw file): Previously, jmgrady (Jim Grady) wrote…
Yeah, Rider syntax highlights them fine actually. It's more trying to understand the "inputs" and control flow that was a bit more difficult for me at first. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 6 of 8 files at r11.
Reviewable status: 34 of 36 files reviewed, 7 unresolved discussions (waiting on @jmgrady and @johnthagen)
certmgr/scripts/cert_proxy_server.py, line 84 at r11 (raw file): Previously, johnthagen wrote…
LGTM |
certmgr/scripts/entrypoint.py, line 18 at r9 (raw file): Previously, johnthagen wrote…
LGTM |
certmgr/scripts/letsencrypt_cert.py, line 32 at r11 (raw file): Previously, johnthagen wrote…
LGTM |
certmgr/scripts/letsencrypt_cert.py, line 90 at r11 (raw file): Previously, johnthagen wrote…
LGTM |
certmgr/scripts/letsencrypt_cert.py, line 152 at r11 (raw file): Previously, johnthagen wrote…
LGTM |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 1 of 8 files at r11, 1 of 5 files at r12, 6 of 8 files at r13, 2 of 2 files at r14.
Reviewable status: 36 of 37 files reviewed, all discussions resolved (waiting on @johnthagen)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: 36 of 37 files reviewed, all discussions resolved (waiting on @johnthagen)
certmgr/scripts/aws.py, line 44 at r9 (raw file):
Previously, johnthagen wrote…
The convention if it's a constant value would be something like at the top of a module:
LETSENCRYPT_CONFIG_DIR = Path("/etc/letsencrypt")
And then other modules would import this constant:
from letsencrypt_cert import LETSENCRYPT_CONFIG_DIR
It could also be declared as a constant associated with a class and used like:
LetsEncryptCert.LETSENCRYPT_CONFIG_DIR
just depending on where you think the information would best live.
Done.
I made it part of LetsEncryptCert.
certmgr/scripts/cert_proxy_server.py, line 80 at r9 (raw file):
Previously, johnthagen wrote…
I commented below, but yes ideally we should try to make things static when possible to limit their scope. Making a class attribute (as noted below) or a module attribute would be better for constants. It also uses a little bit less memory because each instance does't need to allocate a spot for the same constant.
Done.
certmgr/scripts/cert_proxy_server.py, line 84 at r11 (raw file):
Previously, johnthagen wrote…
Replace with constant lookup (either static class attribute or module constant).
Done.
certmgr/scripts/entrypoint.py, line 18 at r9 (raw file):
Previously, johnthagen wrote…
The
.get()
method ondict
s is what can returnNone
(or whatever default value you'd like.So
cert_obj
in the example above would beOptional
(since we are usingNone
as the default), butmode_choices
itself does not haveOptional
interior values.
That makes sense! Thank.
Done.
certmgr/scripts/letsencrypt_cert.py, line 32 at r11 (raw file):
Previously, johnthagen wrote…
Since this is always a constant value, it would be best to make it a "static" class attribute rather than an instance attribute. That way, you don't need a reference to
self
to access it (and it could even be accessed outside the class as well).You can do this by moving it outside the constructor:
class LetsEncryptCert(BaseCert): """SSL Certificate class to create and renew certs from Let's Encrypt.""" LE_DIR = Path("/etc/letsencrypt") def __init__ ...
Python allows you to access static class attributes with
self
for convenience if you are in a method, but this will allow this to be accessed from astaticmethod
or without an instance to this class. This allows usages of it without signaling the need for (potentially) mutable access to the instance. (Since Python doesn't have the equivalent of aconst
method from C++ or takingself
withoutmut
as in Rust).
Done.
certmgr/scripts/letsencrypt_cert.py, line 90 at r11 (raw file):
Previously, johnthagen wrote…
This can be removed if we make a constant static class attribute for
LE_DIR
.
I don't think that it can. when certbot
is run with the renew
command, it checks all of the Let's Encrypt certificates that were issued to this server. If any of them are expiring soon (i.e. if there are less than renew_before_expiry
days left before the certificates expire) then certbot
will request a new certificate from Let's Encrypt. LE_DIR is not used.
certmgr/scripts/letsencrypt_cert.py, line 152 at r11 (raw file):
Previously, johnthagen wrote…
This can be made
staticmethod
once we make a staticLE_DIR
.
It still references self.email and self.staging.
certmgr/scripts/letsencrypt_cert.py, line 90 at r11 (raw file): Previously, jmgrady (Jim Grady) wrote…
(Yeah I think this comment used to be for a now-deleted line of code. I didn't mean to suggest removing this |
certmgr/scripts/letsencrypt_cert.py, line 152 at r11 (raw file): Previously, jmgrady (Jim Grady) wrote…
Similar comment. You addressed the original comment, but now that code has been removed, the comment has been solved. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 1 of 1 files at r15.
Reviewable status: complete! all files reviewed, all discussions resolved
Implement the ability for the certmgr container to be able to create SSL certificates as a proxy for remote/offline servers:
certmgr/README.md
and docstringsfunc.py
toutils.py
nuc
group. These files will be used in a future PR.docker_install
role: make docker packages a list variable that can be overridden if needed.scripts/docker_setup.py
This change is