def request_certificate(self):
logger.debug('[certificate][%s] Requesting new keys for %s ' % (self.service.name, self.domains))
if not self.lock():
logger.debug('[certificate][%s] failed to acquire lock for keys generation' % self.service.name)
return False
try:
data = certificate_provider.get_certificate(self.service.id, self.domains)
with open(data['private_key'], 'r') as f:
self.private_key = f.read()
f.close()
consul.kv.put('vergilius/certificates/%s/private_key' % self.service.id, self.private_key)
with open(data['public_key'], 'r') as f:
self.public_key = f.read()
f.close()
consul.kv.put('vergilius/certificates/%s/public_key' % self.service.id, self.public_key)
self.expires = data['expires']
self.key_domains = self.serialize_domains()
consul.kv.put('vergilius/certificates/%s/expires' % self.service.id, str(self.expires))
consul.kv.put('vergilius/certificates/%s/key_domains' % self.service.id, self.serialize_domains())
logger.info('[certificate][%s]: got new keys for %s ' % (self.service.name, self.domains))
self.write_certificate_files()
except Exception as e:
logger.error(e)
raise e
finally:
self.unlock()
def load_keys_from_consul(self, data=None):
if data:
for item in data:
key = item['Key'].replace('vergilius/certificates/%s/' % self.service.id, '')
if hasattr(self, key):
setattr(self, key, item['Value'])
if not self.validate():
logger.warn('[certificate][%s]: cant validate existing keys' % self.service.id)
return False
else:
logger.debug('[certificate][%s]: using existing keys' % self.service.id)
else:
logger.warn('[certificate][%s]: cant find certificate in consul' % self.service.id)
return False
self.write_certificate_files()
return True
def load_keys_from_consul(self, data=None):
if data:
for item in data:
key = item['Key'].replace('vergilius/certificates/%s/' % self.service.id, '')
if hasattr(self, key):
setattr(self, key, item['Value'])
if not self.validate():
logger.warn('[certificate][%s]: cant validate existing keys' % self.service.id)
self.discard_certificate()
if not self.request_certificate():
return False
else:
logger.debug('[certificate][%s]: using existing keys' % self.service.id)
else:
if not self.request_certificate():
return False
self.write_certificate_files()
return True
def allocate(service):
get_ports_from_consul()
if allocated.get(service.id):
return allocated[service.id]
min_port = PROXY_PORTS[0]
max_port = PROXY_PORTS[1]
port = False
while min_port < max_port:
if min_port not in allocated.values():
port = allocated[service.id] = min_port
min_port += 1
break
min_port += 1
if port:
consul.kv.put(consul_port_key(service), str(port))
logger.debug('[service][%s]: got allocated port %s' % (service.name, port))
return port
raise Exception('Failed to allocate port')
