diff --git a/.gitignore b/.gitignore index dd78c12..55435c2 100644 --- a/.gitignore +++ b/.gitignore @@ -39,3 +39,4 @@ Scripts # LE HAProxy dev stuff working +.vagrant diff --git a/MANIFEST.in b/MANIFEST.in new file mode 100644 index 0000000..18f018c --- /dev/null +++ b/MANIFEST.in @@ -0,0 +1,3 @@ +include LICENSE.txt +include README.rst +recursive-include docs * diff --git a/README.rst b/README.rst index 0e79cc7..6d0f593 100644 --- a/README.rst +++ b/README.rst @@ -1,15 +1,12 @@ HAProxy plugin for Certbot ========================== +Getting started (development) +----------------------------- - -Contributing ------------- - -You need to create a virtual environment and start it, then install this plugin -as a editable package using Python setuptools. I abstracted this in the -`dev_vars` script, which you should source: - -``` -source dev_vars -``` +In order to run tests against the Let's Encrypt API we will run a Boulder +server, which is the exact same server Let's Encrypt is running. The server is +started in Virtual Box using Vagrant. To prevent the installation of any +components and dependencies from cluttering up your computer there is also a +client Virtual Box instance. Both of these machines can be setup and started by +running the `dev_start.sh` script. diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 0000000..21ba15e --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,62 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : +VAGRANTFILE_API_VERSION=2 +PROJECT_NAME = "lehaproxy" +CLIENT_MEMORY=1024 +CLIENT_CPU_COUNT = 2 +CLIENT_IOAPIC = "on" +CLIENT_NAT_DNS_HOSTRESOLVER="on" +SERVER_MEMORY=2048 +SERVER_CPU_COUNT = 2 +SERVER_IOAPIC = "on" +SERVER_NAT_DNS_HOSTRESOLVER="on" +ENVS = { + 'PROJECT_NAME' => PROJECT_NAME, + 'PROJECT_TZ' => "Europe/Amsterdam", + 'PROJECT_CLIENT_HOSTNAME' => PROJECT_NAME + ".local", + 'PROJECT_SERVER_HOSTNAME' => "boulder.local", + 'PROJECT_SERVER_IP' => "192.168.33.111", + 'PROJECT_CLIENT_IP' => "192.168.33.222" +} + +Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| + + config.hostmanager.enabled = true + config.hostmanager.manage_host = true + config.vbguest.auto_update = true + config.vbguest.no_remote = false + config.vm.synced_folder ".", "/vagrant/", disabled: true + config.vm.synced_folder ".", "/" + PROJECT_NAME + "/", type: "virtualbox" + + config.vm.define "boulder", autostart: true do |server| + server.vm.box = "debian/jessie64" + server.vm.hostname = "boulder.local" + server.vm.network :private_network, ip: ENVS['PROJECT_SERVER_IP'] + server.vm.provision "shell" do |s| + s.path = './provisioning_server.sh' + s.env = ENVS + end + server.vm.provider :virtualbox do |vb| + vb.customize ["modifyvm", :id, "--memory", SERVER_MEMORY] + vb.customize ["modifyvm", :id, "--cpus", SERVER_CPU_COUNT] + vb.customize ["modifyvm", :id, "--ioapic", SERVER_IOAPIC] + vb.customize ["modifyvm", :id, "--natdnshostresolver1", SERVER_NAT_DNS_HOSTRESOLVER] + end + end + + config.vm.define "lehaproxy", autostart: true do |client| + client.vm.box = "debian/jessie64" + client.vm.hostname = PROJECT_NAME + ".local" + client.vm.network :private_network, ip: ENVS['PROJECT_CLIENT_IP'] + client.vm.provision "shell" do |s| + s.path = './provisioning_client.sh' + s.env = ENVS + end + client.vm.provider :virtualbox do |vb| + vb.customize ["modifyvm", :id, "--memory", CLIENT_MEMORY] + vb.customize ["modifyvm", :id, "--cpus", CLIENT_CPU_COUNT] + vb.customize ["modifyvm", :id, "--ioapic", CLIENT_IOAPIC] + vb.customize ["modifyvm", :id, "--natdnshostresolver1", CLIENT_NAT_DNS_HOSTRESOLVER] + end + end +end diff --git a/certbot_haproxy/__init__.py b/certbot_haproxy/__init__.py new file mode 100644 index 0000000..c3f2497 --- /dev/null +++ b/certbot_haproxy/__init__.py @@ -0,0 +1 @@ +"""Certbot HAProxy plugin.""" diff --git a/certbot_haproxy/configurator.py b/certbot_haproxy/configurator.py new file mode 100644 index 0000000..d72097c --- /dev/null +++ b/certbot_haproxy/configurator.py @@ -0,0 +1,301 @@ +"""HAProxy Configuration.""" +import logging + +import zope.component +import zope.interface + +from acme import challenges + +from certbot import errors +from certbot import interfaces +from certbot import util +from certbot import reverter + +from certbot.plugins import common +# from certbot.plugins.util import path_surgery + +from certbot_haproxy import constants + +logger = logging.getLogger(__name__) # pylint:disable=invalid-name + + +@zope.interface.implementer(interfaces.IAuthenticator, interfaces.IInstaller) +@zope.interface.provider(interfaces.IPluginFactory) +class HAProxyConfigurator(common.Plugin): + """ + HAProxy configurator. + """ + + description = "HaProxy - Alpha" + + @classmethod + def add_parser_arguments(cls, add): + # TODO: This is how we add arguments, do we need any? + #add("enmod", default=constants.os_constant("enmod"), + # help="Path to the Apache 'a2enmod' binary.") + pass + + def __init__(self, *args, **kwargs): + """Initialize an Apache Configurator. + + :param tup version: version of Apache as a tuple (2, 4, 7) + (used mostly for unittesting) + + """ + version = kwargs.pop("version", None) + super(HAProxyConfigurator, self).__init__(*args, **kwargs) + + # Add name_server association dict + self.assoc = dict() + # Outstanding challenges + self._chall_out = set() + + # No additional capabilities + self._enhance_func = {} + + def prepare(self): + """Prepare the authenticator/installer. + """ + + # Verify Apache is installed + restart_cmd = constants.os_constant("restart_cmd")[0] + if not util.exe_exists(restart_cmd): + if not path_surgery(restart_cmd): + raise errors.NoInstallationError( + 'Cannot find HAProxy control command {0}'.format( + restart_cmd + ) + ) + + def deploy_cert(self, domain, cert_path, key_path, + chain_path=None, fullchain_path=None): + """ + Deploys certificate to HAProxy certificate store. + + :raises errors.PluginError: When unable to deploy certificate due to + a lack of directives + + """ + vhost = self.choose_vhost(domain) + self._clean_vhost(vhost) + + # This is done first so that ssl module is enabled and cert_path, + # cert_key... can all be parsed appropriately + self.prepare_server_https("443") + + path = {"cert_path": self.parser.find_dir("SSLCertificateFile", + None, vhost.path), + "cert_key": self.parser.find_dir("SSLCertificateKeyFile", + None, vhost.path)} + + # Only include if a certificate chain is specified + if chain_path is not None: + path["chain_path"] = self.parser.find_dir( + "SSLCertificateChainFile", None, vhost.path) + + if not path["cert_path"] or not path["cert_key"]: + # Throw some can't find all of the directives error" + logger.warn( + "Cannot find a cert or key directive in %s. " + "VirtualHost was not modified", vhost.path) + # Presumably break here so that the virtualhost is not modified + raise errors.PluginError( + "Unable to find cert and/or key directives") + + logger.info("Deploying Certificate to VirtualHost %s", vhost.filep) + logger.debug("Apache version is %s", + ".".join(str(i) for i in self.version)) + + if self.version < (2, 4, 8) or (chain_path and not fullchain_path): + # install SSLCertificateFile, SSLCertificateKeyFile, + # and SSLCertificateChainFile directives + set_cert_path = cert_path + self.aug.set(path["cert_path"][-1], cert_path) + self.aug.set(path["cert_key"][-1], key_path) + if chain_path is not None: + self.parser.add_dir(vhost.path, + "SSLCertificateChainFile", chain_path) + else: + raise errors.PluginError("--chain-path is required for your " + "version of Apache") + else: + if not fullchain_path: + raise errors.PluginError("Please provide the --fullchain-path " + "option pointing to your full chain f" + "ile") + set_cert_path = fullchain_path + self.aug.set(path["cert_path"][-1], fullchain_path) + self.aug.set(path["cert_key"][-1], key_path) + + # Save notes about the transaction that took place + self.save_notes += ("Changed vhost at %s with addresses of %s\n" + "\tSSLCertificateFile %s\n" + "\tSSLCertificateKeyFile %s\n" % + (vhost.filep, + ", ".join(str(addr) for addr in vhost.addrs), + set_cert_path, key_path)) + if chain_path is not None: + self.save_notes += "\tSSLCertificateChainFile %s\n" % chain_path + + # Make sure vhost is enabled if distro with enabled / available + if self.conf("handle-sites"): + if not vhost.enabled: + self.enable_site(vhost) + + ###################################################################### + # Enhancements + ###################################################################### + def supported_enhancements(self): # pylint: disable=no-self-use + """Returns currently supported enhancements.""" + return [] + + def enhance(self, domain, enhancement, options=None): + """Enhance configuration. + + :param str domain: domain to enhance + :param str enhancement: enhancement type defined in + :const:`~certbot.constants.ENHANCEMENTS` + :param options: options for the enhancement + See :const:`~certbot.constants.ENHANCEMENTS` + documentation for appropriate parameter. + + :raises .errors.PluginError: If Enhancement is not supported, or if + there is any other problem with the enhancement. + + """ + try: + func = self._enhance_func[enhancement] + except KeyError: + raise errors.PluginError( + "Unsupported enhancement: {0}".format(enhancement)) + try: + func(self.choose_vhost(domain), options) + except errors.PluginError: + logger.warn("Failed %s for %s", enhancement, domain) + raise + + def restart(self): + """Runs a config test and reloads the Apache server. + + :raises .errors.MisconfigurationError: If either the config test + or reload fails. + + """ + self.config_test() + try: + util.run_script(constants.os_constant("restart_cmd")) + except errors.SubprocessError as err: + raise errors.MisconfigurationError(str(err)) + + def config_test(self): # pylint: disable=no-self-use + """Check the configuration of HaProxy for errors. + + :raises .errors.MisconfigurationError: If config_test fails + + """ + try: + util.run_script(constants.os_constant("conftest_cmd")) + except errors.SubprocessError as err: + raise errors.MisconfigurationError(str(err)) + + def get_version(self): + """Return version of Apache Server. + + Version is returned as tuple. (ie. 2.4.7 = (2, 4, 7)) + + :returns: version + :rtype: tuple + + :raises .PluginError: if unable to find Apache version + + """ + try: + stdout, _ = util.run_script(constants.os_constant("version_cmd")) + except errors.SubprocessError: + raise errors.PluginError( + "Unable to run %s -v" % + constants.os_constant("version_cmd")) + + regex = re.compile(r"Apache/([0-9\.]*)", re.IGNORECASE) + matches = regex.findall(stdout) + + if len(matches) != 1: + raise errors.PluginError("Unable to find Apache version") + + return tuple([int(i) for i in matches[0].split(".")]) + + def more_info(self): + """Human-readable string to help understand the module""" + return ( + "Configures Apache to authenticate and install HTTPS.{0}" + "Server root: {root}{0}" + "Version: {version}".format( + os.linesep, root=self.parser.loc["root"], + version=".".join(str(i) for i in self.version)) + ) + + ########################################################################### + # Challenges Section + ########################################################################### + def get_chall_pref(self, unused_domain): # pylint: disable=no-self-use + """Return list of challenge preferences.""" + return [challenges.TLSSNI01] + + def perform(self, achalls): + """Perform the configuration related challenge. + + This function currently assumes all challenges will be fulfilled. + If this turns out not to be the case in the future. Cleanup and + outstanding challenges will have to be designed better. + + """ + self._chall_out.update(achalls) + responses = [None] * len(achalls) + chall_doer = tls_sni_01.ApacheTlsSni01(self) + + for i, achall in enumerate(achalls): + # Currently also have chall_doer hold associated index of the + # challenge. This helps to put all of the responses back together + # when they are all complete. + chall_doer.add_chall(achall, i) + + sni_response = chall_doer.perform() + if sni_response: + # Must reload in order to activate the challenges. + # Handled here because we may be able to load up other challenge + # types + self.restart() + + # TODO: Remove this dirty hack. We need to determine a reliable way + # of identifying when the new configuration is being used. + time.sleep(3) + + # Go through all of the challenges and assign them to the proper + # place in the responses return value. All responses must be in the + # same order as the original challenges. + for i, resp in enumerate(sni_response): + responses[chall_doer.indices[i]] = resp + + return responses + + def cleanup(self, achalls): + """Revert all challenges.""" + self._chall_out.difference_update(achalls) + + # If all of the challenges have been finished, clean up everything + if not self._chall_out: + self.revert_challenge_config() + self.restart() + self.parser.init_modules() + + def revert_challenge_config(self): + """Used to cleanup challenge configurations. + + :raises .errors.PluginError: If unable to revert the challenge config. + + """ + try: + self.reverter.revert_temporary_config() + except errors.ReverterError as err: + raise errors.PluginError(str(err)) + self.parser.load() diff --git a/certbot_haproxy/constants.py b/certbot_haproxy/constants.py new file mode 100644 index 0000000..da61103 --- /dev/null +++ b/certbot_haproxy/constants.py @@ -0,0 +1,36 @@ +"""HAProxy plugin constants.""" +from certbot import util + +CLI_DEFAULTS_DEBIAN_JESSIE = dict( + server_root="/etc/haproxy", + version_cmd=['haproxy', '-v'], + restart_cmd=['systemctl', 'restart', 'haproxy'], + conftest_cmd=['haproxy' '-c' '-f'], # Need the config file as an argument. +) + +CLI_DEFAULTS_DEBIAN_WHEEZY = dict( + server_root="/etc/haproxy", + version_cmd=['haproxy', '-v'], + restart_cmd=['service', 'haproxy', 'restart'], + conftest_cmd=['haproxy' '-c' '-f'], # Need the config file as an argument. +) + +CLI_DEFAULTS = { + "debian": CLI_DEFAULTS_DEBIAN_JESSIE, + "debian:jessie": CLI_DEFAULTS_DEBIAN_JESSIE, + "debian:wheezy": CLI_DEFAULTS_DEBIAN_WHEEZY, + "ubuntu": CLI_DEFAULTS_DEBIAN_WHEEZY +} + + +def os_constant(key): + """Get a constant value for operating system + :param key: name of cli constant + :return: value of constant for active os + """ + os_info = util.get_os_info() + try: + constants = CLI_DEFAULTS[os_info[0].lower()] + except KeyError: + constants = CLI_DEFAULTS["debian"] + return constants[key] diff --git a/certbot_haproxy/tests/__init__.py b/certbot_haproxy/tests/__init__.py new file mode 100644 index 0000000..9613c87 --- /dev/null +++ b/certbot_haproxy/tests/__init__.py @@ -0,0 +1 @@ +"""Certbot HAProxy Tests""" diff --git a/dev_start.sh b/dev_start.sh new file mode 100755 index 0000000..c909bbe --- /dev/null +++ b/dev_start.sh @@ -0,0 +1,96 @@ +#!/bin/bash + +CMDS="vagrant" +DEPS="vagrant" + +VERBOSE=0 +for arg in "$@"; do + if [ "${arg}" = "-v" -o "${arg}" = "--verbose" ]; then + VERBOSE=1 + echo "Verbose mode enabled" + fi +done + +commands_exist () { + DEPS_MISSING=0 + for cmd in $1; do + if ! type "${cmd}" &> /dev/null; then + DEPS_MISSING=1 + echo "Dependency '${cmd}' is not installed." + fi + done + return $DEPS_MISSING +} + +function_defined() { + type "$1" &> /dev/null; +} + +please_install () { + if [ -f /etc/redhat-release ] ; then + PKMGR=$(which yum) + elif [ -f /etc/debian_version ] ; then + PKMGR=$(which apt-get) + fi + echo + echo "Before running this script, please run:" + echo "${PKMGR} install $1" +} + +log () { + if [ $VERBOSE -eq 1 ]; then + echo "$1" + fi +} + +SUDO=0 +do_sudo () { + if [ $SUDO -eq 0 ]; then + echo "Your hosts file does not contain the required entries, will need" + echo "root privileges to set them.." + sudo ls &> /dev/null + SUDO=1 + fi +} + +if ! commands_exist "${CMDS}"; then + log "Missing one or more dependencies." + please_install "${DEPS}" + exit 1 +fi + +#log "Checking for vagrant plugins.." +#vagrant plugin install vagrant-hostmanager +#vagrant plugin install vagrant-vbguest + +log "Checking hosts file for required entries.." +for hostname in "le.wtf le1.wtf le2.wtf le3.wtf nginx.wtf"; do + if ! grep "${hostname}" /etc/hosts &> /dev/null; then + do_sudo + sudo cat <> /etc/hosts + 127.0.0.1 ${hostname} +EOF + fi +done + +if ! grep "lehaproxy.local" /etc/hosts &> /dev/null; then + do_sudo + sudo cat <> /etc/hosts + 127.0.0.1 lehaproxy.lan +EOF +fi +if ! grep "boulder.local" /etc/hosts &> /dev/null; then + do_sudo + sudo cat <> /etc/hosts + 127.0.0.1 boulder.lan +EOF +fi +log "Starting LE HAProxy client and server instance.." +vagrant up + +echo "You can now connect to the Vagrant instance:" +echo "vagrant ssh lehaproxy" +echo "After connecting please run:" +echo "sudo -s; cd /lehaproxy/; source /lehaproxy_venv/" + + diff --git a/dev_vars b/dev_vars deleted file mode 100755 index 9e4687a..0000000 --- a/dev_vars +++ /dev/null @@ -1,71 +0,0 @@ -#!/bin/bash -if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then - echo "ERROR: You need to source this script, not run it." - echo "Please run like this: \`source $0\`" - exit 255 -fi - -VERBOSE=0 -for arg in "$@"; do - if [ "${arg}" = "-v" -o "${arg}" = "--verbose" ]; then - VERBOSE=1 - echo "Verbose mode enabled" - fi -done - -commands_exist () { - DEPS_MISSING=0 - for cmd in $1; do - if ! type "${cmd}" &> /dev/null; then - DEPS_MISSING=1 - echo "Dependency '${cmd}' is not installed." - fi - done - return $DEPS_MISSING -} - -function_defined() { - type "$1" &> /dev/null; -} - -please_install () { - if [ -f /etc/redhat-release ] ; then - PKMGR=$(which yum) - elif [ -f /etc/debian_version ] ; then - PKMGR=$(which apt-get) - fi - echo - echo "Before running this script, please run:" - echo "${PKMGR} install $1" -} - -log () { - if [ $VERBOSE -eq 1 ]; then - echo "$1" - fi -} - -CMDS="virtualenv python2.7 pip" -DEPS="virtualenv python2.7 python-setuptools" - -if [ ! -d "${PWD}/venv/" ]; then - log "Virtual environment is not present." - log "Checking for dependencies." - if ! commands_exist "${CMDS}"; then - log "Missing one or more dependencies." - please_install "${DEPS}" - exit 1 - fi - log "Creating virtual environment." - virtualenv "${PWD}/venv" -fi - -if function_defined deactivate; then - log "Deactivating activated virtual environment." - deactivate -fi - -log "Checking for dependencies." -source "$PWD/venv/bin/activate" - -pip install -e . diff --git a/docs/.gitignore b/docs/.gitignore new file mode 100644 index 0000000..ba65b13 --- /dev/null +++ b/docs/.gitignore @@ -0,0 +1 @@ +/_build/ diff --git a/docs/Makefile b/docs/Makefile new file mode 100644 index 0000000..8ae0aab --- /dev/null +++ b/docs/Makefile @@ -0,0 +1,192 @@ +# Makefile for Sphinx documentation +# + +# You can set these variables from the command line. +SPHINXOPTS = +SPHINXBUILD = sphinx-build +PAPER = +BUILDDIR = _build + +# User-friendly check for sphinx-build +ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1) +$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/) +endif + +# Internal variables. +PAPEROPT_a4 = -D latex_paper_size=a4 +PAPEROPT_letter = -D latex_paper_size=letter +ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . +# the i18n builder cannot share the environment and doctrees with the others +I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . + +.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest coverage gettext + +help: + @echo "Please use \`make ' where is one of" + @echo " html to make standalone HTML files" + @echo " dirhtml to make HTML files named index.html in directories" + @echo " singlehtml to make a single large HTML file" + @echo " pickle to make pickle files" + @echo " json to make JSON files" + @echo " htmlhelp to make HTML files and a HTML help project" + @echo " qthelp to make HTML files and a qthelp project" + @echo " applehelp to make an Apple Help Book" + @echo " devhelp to make HTML files and a Devhelp project" + @echo " epub to make an epub" + @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" + @echo " latexpdf to make LaTeX files and run them through pdflatex" + @echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx" + @echo " text to make text files" + @echo " man to make manual pages" + @echo " texinfo to make Texinfo files" + @echo " info to make Texinfo files and run them through makeinfo" + @echo " gettext to make PO message catalogs" + @echo " changes to make an overview of all changed/added/deprecated items" + @echo " xml to make Docutils-native XML files" + @echo " pseudoxml to make pseudoxml-XML files for display purposes" + @echo " linkcheck to check all external links for integrity" + @echo " doctest to run all doctests embedded in the documentation (if enabled)" + @echo " coverage to run coverage check of the documentation (if enabled)" + +clean: + rm -rf $(BUILDDIR)/* + +html: + $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." + +dirhtml: + $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." + +singlehtml: + $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml + @echo + @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." + +pickle: + $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle + @echo + @echo "Build finished; now you can process the pickle files." + +json: + $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json + @echo + @echo "Build finished; now you can process the JSON files." + +htmlhelp: + $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp + @echo + @echo "Build finished; now you can run HTML Help Workshop with the" \ + ".hhp project file in $(BUILDDIR)/htmlhelp." + +qthelp: + $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp + @echo + @echo "Build finished; now you can run "qcollectiongenerator" with the" \ + ".qhcp project file in $(BUILDDIR)/qthelp, like this:" + @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/certbot-haproxy.qhcp" + @echo "To view the help file:" + @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/certbot-haproxy.qhc" + +applehelp: + $(SPHINXBUILD) -b applehelp $(ALLSPHINXOPTS) $(BUILDDIR)/applehelp + @echo + @echo "Build finished. The help book is in $(BUILDDIR)/applehelp." + @echo "N.B. You won't be able to view it unless you put it in" \ + "~/Library/Documentation/Help or install it in your application" \ + "bundle." + +devhelp: + $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp + @echo + @echo "Build finished." + @echo "To view the help file:" + @echo "# mkdir -p $$HOME/.local/share/devhelp/certbot-haproxy" + @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/certbot-haproxy" + @echo "# devhelp" + +epub: + $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub + @echo + @echo "Build finished. The epub file is in $(BUILDDIR)/epub." + +latex: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo + @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." + @echo "Run \`make' in that directory to run these through (pdf)latex" \ + "(use \`make latexpdf' here to do that automatically)." + +latexpdf: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through pdflatex..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +latexpdfja: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through platex and dvipdfmx..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf-ja + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +text: + $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text + @echo + @echo "Build finished. The text files are in $(BUILDDIR)/text." + +man: + $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man + @echo + @echo "Build finished. The manual pages are in $(BUILDDIR)/man." + +texinfo: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo + @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." + @echo "Run \`make' in that directory to run these through makeinfo" \ + "(use \`make info' here to do that automatically)." + +info: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo "Running Texinfo files through makeinfo..." + make -C $(BUILDDIR)/texinfo info + @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." + +gettext: + $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale + @echo + @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." + +changes: + $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes + @echo + @echo "The overview file is in $(BUILDDIR)/changes." + +linkcheck: + $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck + @echo + @echo "Link check complete; look for any errors in the above output " \ + "or in $(BUILDDIR)/linkcheck/output.txt." + +doctest: + $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest + @echo "Testing of doctests in the sources finished, look at the " \ + "results in $(BUILDDIR)/doctest/output.txt." + +coverage: + $(SPHINXBUILD) -b coverage $(ALLSPHINXOPTS) $(BUILDDIR)/coverage + @echo "Testing of coverage in the sources finished, look at the " \ + "results in $(BUILDDIR)/coverage/python.txt." + +xml: + $(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml + @echo + @echo "Build finished. The XML files are in $(BUILDDIR)/xml." + +pseudoxml: + $(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml + @echo + @echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml." diff --git a/docs/_static/.gitignore b/docs/_static/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/docs/_templates/.gitignore b/docs/_templates/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/docs/api.rst b/docs/api.rst new file mode 100644 index 0000000..8668ec5 --- /dev/null +++ b/docs/api.rst @@ -0,0 +1,8 @@ +================= +API Documentation +================= + +.. toctree:: + :glob: + + api/** diff --git a/docs/api/configurator.rst b/docs/api/configurator.rst new file mode 100644 index 0000000..8d322dc --- /dev/null +++ b/docs/api/configurator.rst @@ -0,0 +1,5 @@ +:mod:`certbot_haproxy.configurator` +-------------------------------------- + +.. automodule:: certbot_haproxy.configurator + :members: diff --git a/docs/conf.py b/docs/conf.py new file mode 100644 index 0000000..7e72737 --- /dev/null +++ b/docs/conf.py @@ -0,0 +1,313 @@ +# -*- coding: utf-8 -*- +# +# certbot-haproxy documentation build configuration file, created by +# sphinx-quickstart on Sun Oct 18 13:39:26 2015. +# +# This file is execfile()d with the current directory set to its +# containing dir. +# +# Note that not all possible configuration values are present in this +# autogenerated file. +# +# All configuration values have a default; values that are commented out +# serve to show the default. + +import sys +import os +import shlex + +import mock + + +here = os.path.abspath(os.path.dirname(__file__)) + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +sys.path.insert(0, os.path.abspath(os.path.join(here, '..'))) + +# -- General configuration ------------------------------------------------ + +# If your documentation needs a minimal Sphinx version, state it here. +needs_sphinx = '1.0' + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [ + 'sphinx.ext.autodoc', + 'sphinx.ext.intersphinx', + 'sphinx.ext.todo', + 'sphinx.ext.coverage', + 'sphinx.ext.viewcode', +] + +autodoc_member_order = 'bysource' +autodoc_default_flags = ['show-inheritance', 'private-members'] + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# The suffix(es) of source filenames. +# You can specify multiple suffix as a list of string: +# source_suffix = ['.rst', '.md'] +source_suffix = '.rst' + +# The encoding of source files. +#source_encoding = 'utf-8-sig' + +# The master toctree document. +master_doc = 'index' + +# General information about the project. +project = u'certbot-haproxy' +copyright = u'2014-2015, Let\'s Encrypt Project' +author = u'Certbot Project' + +# The version info for the project you're documenting, acts as replacement for +# |version| and |release|, also used in various other places throughout the +# built documents. +# +# The short X.Y version. +version = '0' +# The full version, including alpha/beta/rc tags. +release = '0' + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +# +# This is also used if you do content translation via gettext catalogs. +# Usually you set "language" from the command line for these cases. +language = 'en' + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +#today = '' +# Else, today_fmt is used as the format for a strftime call. +#today_fmt = '%B %d, %Y' + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +exclude_patterns = ['_build'] + +# The reST default role (used for this markup: `text`) to use for all +# documents. +default_role = 'py:obj' + +# If true, '()' will be appended to :func: etc. cross-reference text. +#add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +#add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +#show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + +# A list of ignored prefixes for module index sorting. +#modindex_common_prefix = [] + +# If true, keep warnings as "system message" paragraphs in the built documents. +#keep_warnings = False + +# If true, `todo` and `todoList` produce output, else they produce nothing. +todo_include_todos = True + + +# -- Options for HTML output ---------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. + +# http://docs.readthedocs.org/en/latest/theme.html#how-do-i-use-this-locally-and-on-read-the-docs +# on_rtd is whether we are on readthedocs.org +on_rtd = os.environ.get('READTHEDOCS', None) == 'True' +if not on_rtd: # only import and set the theme if we're building docs locally + import sphinx_rtd_theme + html_theme = 'sphinx_rtd_theme' + html_theme_path = [sphinx_rtd_theme.get_html_theme_path()] +# otherwise, readthedocs.org uses their theme by default, so no need to specify it + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +#html_theme_options = {} + +# Add any paths that contain custom themes here, relative to this directory. +#html_theme_path = [] + +# The name for this set of Sphinx documents. If None, it defaults to +# " v documentation". +#html_title = None + +# A shorter title for the navigation bar. Default is the same as html_title. +#html_short_title = None + +# The name of an image file (relative to this directory) to place at the top +# of the sidebar. +#html_logo = None + +# The name of an image file (within the static path) to use as favicon of the +# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 +# pixels large. +#html_favicon = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['_static'] + +# Add any extra paths that contain custom files (such as robots.txt or +# .htaccess) here, relative to this directory. These files are copied +# directly to the root of the documentation. +#html_extra_path = [] + +# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, +# using the given strftime format. +#html_last_updated_fmt = '%b %d, %Y' + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +#html_use_smartypants = True + +# Custom sidebar templates, maps document names to template names. +#html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +#html_additional_pages = {} + +# If false, no module index is generated. +#html_domain_indices = True + +# If false, no index is generated. +#html_use_index = True + +# If true, the index is split into individual pages for each letter. +#html_split_index = False + +# If true, links to the reST sources are added to the pages. +#html_show_sourcelink = True + +# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. +#html_show_sphinx = True + +# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. +#html_show_copyright = True + +# If true, an OpenSearch description file will be output, and all pages will +# contain a tag referring to it. The value of this option must be the +# base URL from which the finished HTML is served. +#html_use_opensearch = '' + +# This is the file name suffix for HTML files (e.g. ".xhtml"). +#html_file_suffix = None + +# Language to be used for generating the HTML full-text search index. +# Sphinx supports the following languages: +# 'da', 'de', 'en', 'es', 'fi', 'fr', 'hu', 'it', 'ja' +# 'nl', 'no', 'pt', 'ro', 'ru', 'sv', 'tr' +#html_search_language = 'en' + +# A dictionary with options for the search language support, empty by default. +# Now only 'ja' uses this config value +#html_search_options = {'type': 'default'} + +# The name of a javascript file (relative to the configuration directory) that +# implements a search results scorer. If empty, the default will be used. +#html_search_scorer = 'scorer.js' + +# Output file base name for HTML help builder. +htmlhelp_basename = 'certbot-haproxydoc' + +# -- Options for LaTeX output --------------------------------------------- + +latex_elements = { + # The paper size ('letterpaper' or 'a4paper'). + #'papersize': 'letterpaper', + + # The font size ('10pt', '11pt' or '12pt'). + #'pointsize': '10pt', + + # Additional stuff for the LaTeX preamble. + #'preamble': '', + + # Latex figure (float) alignment + #'figure_align': 'htbp', +} + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, +# author, documentclass [howto, manual, or own class]). +latex_documents = [ + (master_doc, 'certbot-haproxy.tex', u'certbot-haproxy Documentation', + u'Certbot Project', 'manual'), +] + +# The name of an image file (relative to this directory) to place at the top of +# the title page. +#latex_logo = None + +# For "manual" documents, if this is true, then toplevel headings are parts, +# not chapters. +#latex_use_parts = False + +# If true, show page references after internal links. +#latex_show_pagerefs = False + +# If true, show URL addresses after external links. +#latex_show_urls = False + +# Documents to append as an appendix to all manuals. +#latex_appendices = [] + +# If false, no module index is generated. +#latex_domain_indices = True + + +# -- Options for manual page output --------------------------------------- + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [ + (master_doc, 'certbot-haproxy', u'certbot-haproxy Documentation', + [author], 1) +] + +# If true, show URL addresses after external links. +#man_show_urls = False + + +# -- Options for Texinfo output ------------------------------------------- + +# Grouping the document tree into Texinfo files. List of tuples +# (source start file, target name, title, author, +# dir menu entry, description, category) +texinfo_documents = [ + (master_doc, 'certbot-haproxy', u'certbot-haproxy Documentation', + author, 'certbot-haproxy', 'One line description of project.', + 'Miscellaneous'), +] + +# Documents to append as an appendix to all manuals. +#texinfo_appendices = [] + +# If false, no module index is generated. +#texinfo_domain_indices = True + +# How to display URL addresses: 'footnote', 'no', or 'inline'. +#texinfo_show_urls = 'footnote' + +# If true, do not generate a @detailmenu in the "Top" node's menu. +#texinfo_no_detailmenu = False + + +intersphinx_mapping = { + 'python': ('https://docs.python.org/', None), + 'acme': ('https://acme-python.readthedocs.org/en/latest/', None), + 'certbot': ('https://certbot.eff.org/docs/', None), +} diff --git a/docs/index.rst b/docs/index.rst new file mode 100644 index 0000000..1371725 --- /dev/null +++ b/docs/index.rst @@ -0,0 +1,31 @@ +.. certbot-haproxy documentation master file, created by + sphinx-quickstart on Sun Oct 18 13:39:26 2015. + You can adapt this file completely to your liking, but it should at least + contain the root `toctree` directive. + +Welcome to certbot-haproxy's documentation! +============================================== + +Contents: + +.. toctree:: + :maxdepth: 2 + + +.. toctree:: + :maxdepth: 1 + + api + + +.. automodule:: certbot_haproxy + :members: + + +Indices and tables +================== + +* :ref:`genindex` +* :ref:`modindex` +* :ref:`search` + diff --git a/docs/make.bat b/docs/make.bat new file mode 100644 index 0000000..1d045d9 --- /dev/null +++ b/docs/make.bat @@ -0,0 +1,263 @@ +@ECHO OFF + +REM Command file for Sphinx documentation + +if "%SPHINXBUILD%" == "" ( + set SPHINXBUILD=sphinx-build +) +set BUILDDIR=_build +set ALLSPHINXOPTS=-d %BUILDDIR%/doctrees %SPHINXOPTS% . +set I18NSPHINXOPTS=%SPHINXOPTS% . +if NOT "%PAPER%" == "" ( + set ALLSPHINXOPTS=-D latex_paper_size=%PAPER% %ALLSPHINXOPTS% + set I18NSPHINXOPTS=-D latex_paper_size=%PAPER% %I18NSPHINXOPTS% +) + +if "%1" == "" goto help + +if "%1" == "help" ( + :help + echo.Please use `make ^` where ^ is one of + echo. html to make standalone HTML files + echo. dirhtml to make HTML files named index.html in directories + echo. singlehtml to make a single large HTML file + echo. pickle to make pickle files + echo. json to make JSON files + echo. htmlhelp to make HTML files and a HTML help project + echo. qthelp to make HTML files and a qthelp project + echo. devhelp to make HTML files and a Devhelp project + echo. epub to make an epub + echo. latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter + echo. text to make text files + echo. man to make manual pages + echo. texinfo to make Texinfo files + echo. gettext to make PO message catalogs + echo. changes to make an overview over all changed/added/deprecated items + echo. xml to make Docutils-native XML files + echo. pseudoxml to make pseudoxml-XML files for display purposes + echo. linkcheck to check all external links for integrity + echo. doctest to run all doctests embedded in the documentation if enabled + echo. coverage to run coverage check of the documentation if enabled + goto end +) + +if "%1" == "clean" ( + for /d %%i in (%BUILDDIR%\*) do rmdir /q /s %%i + del /q /s %BUILDDIR%\* + goto end +) + + +REM Check if sphinx-build is available and fallback to Python version if any +%SPHINXBUILD% 2> nul +if errorlevel 9009 goto sphinx_python +goto sphinx_ok + +:sphinx_python + +set SPHINXBUILD=python -m sphinx.__init__ +%SPHINXBUILD% 2> nul +if errorlevel 9009 ( + echo. + echo.The 'sphinx-build' command was not found. Make sure you have Sphinx + echo.installed, then set the SPHINXBUILD environment variable to point + echo.to the full path of the 'sphinx-build' executable. Alternatively you + echo.may add the Sphinx directory to PATH. + echo. + echo.If you don't have Sphinx installed, grab it from + echo.http://sphinx-doc.org/ + exit /b 1 +) + +:sphinx_ok + + +if "%1" == "html" ( + %SPHINXBUILD% -b html %ALLSPHINXOPTS% %BUILDDIR%/html + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The HTML pages are in %BUILDDIR%/html. + goto end +) + +if "%1" == "dirhtml" ( + %SPHINXBUILD% -b dirhtml %ALLSPHINXOPTS% %BUILDDIR%/dirhtml + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The HTML pages are in %BUILDDIR%/dirhtml. + goto end +) + +if "%1" == "singlehtml" ( + %SPHINXBUILD% -b singlehtml %ALLSPHINXOPTS% %BUILDDIR%/singlehtml + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The HTML pages are in %BUILDDIR%/singlehtml. + goto end +) + +if "%1" == "pickle" ( + %SPHINXBUILD% -b pickle %ALLSPHINXOPTS% %BUILDDIR%/pickle + if errorlevel 1 exit /b 1 + echo. + echo.Build finished; now you can process the pickle files. + goto end +) + +if "%1" == "json" ( + %SPHINXBUILD% -b json %ALLSPHINXOPTS% %BUILDDIR%/json + if errorlevel 1 exit /b 1 + echo. + echo.Build finished; now you can process the JSON files. + goto end +) + +if "%1" == "htmlhelp" ( + %SPHINXBUILD% -b htmlhelp %ALLSPHINXOPTS% %BUILDDIR%/htmlhelp + if errorlevel 1 exit /b 1 + echo. + echo.Build finished; now you can run HTML Help Workshop with the ^ +.hhp project file in %BUILDDIR%/htmlhelp. + goto end +) + +if "%1" == "qthelp" ( + %SPHINXBUILD% -b qthelp %ALLSPHINXOPTS% %BUILDDIR%/qthelp + if errorlevel 1 exit /b 1 + echo. + echo.Build finished; now you can run "qcollectiongenerator" with the ^ +.qhcp project file in %BUILDDIR%/qthelp, like this: + echo.^> qcollectiongenerator %BUILDDIR%\qthelp\certbot-haproxy.qhcp + echo.To view the help file: + echo.^> assistant -collectionFile %BUILDDIR%\qthelp\certbot-haproxy.ghc + goto end +) + +if "%1" == "devhelp" ( + %SPHINXBUILD% -b devhelp %ALLSPHINXOPTS% %BUILDDIR%/devhelp + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. + goto end +) + +if "%1" == "epub" ( + %SPHINXBUILD% -b epub %ALLSPHINXOPTS% %BUILDDIR%/epub + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The epub file is in %BUILDDIR%/epub. + goto end +) + +if "%1" == "latex" ( + %SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex + if errorlevel 1 exit /b 1 + echo. + echo.Build finished; the LaTeX files are in %BUILDDIR%/latex. + goto end +) + +if "%1" == "latexpdf" ( + %SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex + cd %BUILDDIR%/latex + make all-pdf + cd %~dp0 + echo. + echo.Build finished; the PDF files are in %BUILDDIR%/latex. + goto end +) + +if "%1" == "latexpdfja" ( + %SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex + cd %BUILDDIR%/latex + make all-pdf-ja + cd %~dp0 + echo. + echo.Build finished; the PDF files are in %BUILDDIR%/latex. + goto end +) + +if "%1" == "text" ( + %SPHINXBUILD% -b text %ALLSPHINXOPTS% %BUILDDIR%/text + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The text files are in %BUILDDIR%/text. + goto end +) + +if "%1" == "man" ( + %SPHINXBUILD% -b man %ALLSPHINXOPTS% %BUILDDIR%/man + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The manual pages are in %BUILDDIR%/man. + goto end +) + +if "%1" == "texinfo" ( + %SPHINXBUILD% -b texinfo %ALLSPHINXOPTS% %BUILDDIR%/texinfo + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The Texinfo files are in %BUILDDIR%/texinfo. + goto end +) + +if "%1" == "gettext" ( + %SPHINXBUILD% -b gettext %I18NSPHINXOPTS% %BUILDDIR%/locale + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The message catalogs are in %BUILDDIR%/locale. + goto end +) + +if "%1" == "changes" ( + %SPHINXBUILD% -b changes %ALLSPHINXOPTS% %BUILDDIR%/changes + if errorlevel 1 exit /b 1 + echo. + echo.The overview file is in %BUILDDIR%/changes. + goto end +) + +if "%1" == "linkcheck" ( + %SPHINXBUILD% -b linkcheck %ALLSPHINXOPTS% %BUILDDIR%/linkcheck + if errorlevel 1 exit /b 1 + echo. + echo.Link check complete; look for any errors in the above output ^ +or in %BUILDDIR%/linkcheck/output.txt. + goto end +) + +if "%1" == "doctest" ( + %SPHINXBUILD% -b doctest %ALLSPHINXOPTS% %BUILDDIR%/doctest + if errorlevel 1 exit /b 1 + echo. + echo.Testing of doctests in the sources finished, look at the ^ +results in %BUILDDIR%/doctest/output.txt. + goto end +) + +if "%1" == "coverage" ( + %SPHINXBUILD% -b coverage %ALLSPHINXOPTS% %BUILDDIR%/coverage + if errorlevel 1 exit /b 1 + echo. + echo.Testing of coverage in the sources finished, look at the ^ +results in %BUILDDIR%/coverage/python.txt. + goto end +) + +if "%1" == "xml" ( + %SPHINXBUILD% -b xml %ALLSPHINXOPTS% %BUILDDIR%/xml + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The XML files are in %BUILDDIR%/xml. + goto end +) + +if "%1" == "pseudoxml" ( + %SPHINXBUILD% -b pseudoxml %ALLSPHINXOPTS% %BUILDDIR%/pseudoxml + if errorlevel 1 exit /b 1 + echo. + echo.Build finished. The pseudo-XML files are in %BUILDDIR%/pseudoxml. + goto end +) + +:end diff --git a/provisioning_client.sh b/provisioning_client.sh new file mode 100644 index 0000000..abef41f --- /dev/null +++ b/provisioning_client.sh @@ -0,0 +1,70 @@ +#!/bin/bash -x +echo "$PROJECT_TZ" > /etc/timezone +dpkg-reconfigure -f noninteractive tzdata +export DEBIAN_FRONTEND="noninteractive" +echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list +apt-get update +apt-get upgrade -y +apt-get install -y \ + sudo htop net-tools tcpdump ufw git haproxy \ + openssl ca-certificates \ + python python-setuptools python-dev libssl-dev +apt-get install -y -t jessie-backports certbot + +easy_install pip +pip install virtualenv + +ufw allow ssh +ufw allow http +ufw allow https +ufw default deny incoming +ufw --force enable + +virtualenv "/${PROJECT_NAME}_venv" -p /usr/bin/python +source "/${PROJECT_NAME}_venv/bin/activate" +cd "/${PROJECT_NAME}" +pip install --editable . + +echo "${PROJECT_CLIENT_HOSTNAME}" > /etc/hostname +hostname -F /etc/hostname + +cat <> /etc/letsencrypt/cli.ini +server http://le.wtf +EOF + +cat <> /etc/hosts +${PROJECT_SERVER_IP} le.wtf +${PROJECT_SERVER_IP} le1.wtf +${PROJECT_SERVER_IP} le2.wtf +${PROJECT_SERVER_IP} le3.wtf +${PROJECT_SERVER_IP} nginx.wtf +EOF + +cat < /etc/systemd/system/letsencrypt.timer +[Unit] +Description=Run Let's Encrypt every 12 hours + +[Timer] +# Time to wait after booting before we run first time +OnBootSec=2min +# Time between running each consecutive time +OnUnitActiveSec=12h +Unit=letsencrypt.service + +[Install] +WantedBy=timers.target +EOF + +cat < /etc/systemd/system/letsencrypt.service +[Unit] +Description=Renew Let's Encrypt Certificates + +[Service] +Type=simple +ExecStart=/usr/bin/certbot renew -q +EOF + +systemctl enable letsencrypt.timer +systemctl start letsencrypt.timer + +echo "Provisioning completed." diff --git a/provisioning_script.sh b/provisioning_script.sh deleted file mode 100644 index e9703b2..0000000 --- a/provisioning_script.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/bash -x -echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list -apt-get update -apt-get upgrade -y -apt-get install -y \ - sudo htop net-tools tcpdump ufw git haproxy\ - openssl ca-certificates \ - python python-setuptools virtualenv -apt-get install -y -t jessie-backports certbot - -ufw allow ssh -ufw allow http -ufw allow https -ufw default deny incoming - -# echo HOSTNAME > /etc/hostname -# hostname -F /etc/hostname - -cat < /etc/systemd/system/letsencrypt.timer -[Unit] -Description=Run Let's Encrypt every 12 hours - -[Timer] -# Time to wait after booting before we run first time -OnBootSec=2min -# Time between running each consecutive time -OnUnitActiveSec=12h -Unit=letsencrypt.service - -[Install] -WantedBy=timers.target -EOF - -cat < /etc/systemd/system/letsencrypt.service -[Unit] -Description=Renew Let's Encrypt Certificate - -[Service] -Type=simple -ExecStart=certbot renew q -EOF - -systemctl start letsencrypt.timer -systemctl enable letsencrypt.timer diff --git a/provisioning_server.sh b/provisioning_server.sh new file mode 100644 index 0000000..414299c --- /dev/null +++ b/provisioning_server.sh @@ -0,0 +1,108 @@ +#!/bin/bash -x +echo "$PROJECT_TZ" > /etc/timezone +dpkg-reconfigure -f noninteractive tzdata +export DEBIAN_FRONTEND="noninteractive" +echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list +apt-get update +apt-get upgrade -y +apt-get install -y \ + sudo htop net-tools tcpdump ufw git curl \ + openssl ca-certificates golang \ + python2.7 python-setuptools python-virtualenv \ + rabbitmq-server make libltdl-dev mariadb-server nginx-light + +apt-get install -y -t jessie-backports \ + protobuf-compiler golang-goprotobuf-dev libprotobuf-dev \ + python-protobuf protobuf-c-compiler golang-protobuf-extensions-dev + +echo boulder.local > /etc/hostname +hostname -F /etc/hostname + +ufw allow ssh +ufw allow 4000 +ufw allow 8000 +ufw allow 8001 +ufw allow 8002 +ufw allow 8003 +ufw allow 8004 +ufw allow 8005 +ufw default deny incoming +ufw --force enable + +if ! grep -Fxq "export GOROOT=/usr/local/go" ~/.bashrc; then + echo "export GOROOT=/usr/local/go" >> ~/.bashrc +fi +if ! grep -Fxq "export GOPATH=/boulder" /root/.bashrc; then + echo "export GOPATH=/boulder" >> /root/.bashrc +fi +if ! grep -Fxq "export PATH=\$GOROOT/bin:\$PATH" ~/.bashrc; then + echo "export PATH=\$GOROOT/bin:\$PATH" >> ~/.bashrc +fi +if ! grep -Fxq "export PATH=\$PATH:\$GOPATH" /root/.bashrc; then + echo "export PATH=\$PATH:\$GOPATH" >> /root/.bashrc +fi +if ! grep -Fxq "127.0.0.1 boulder boulder-rabbitmq boulder-mysql" /etc/hosts; then + echo '127.0.0.1 boulder boulder-rabbitmq boulder-mysql' >> /etc/hosts +fi + +source ~/.bashrc + +# wget -q https://storage.googleapis.com/golang/go1.5.3.linux-amd64.tar.gz -P /tmp/ +# sudo tar -C /usr/local -xzf /tmp/go1.5.3.linux-amd64.tar.gz +# if ! grep -Fxq "export GOROOT=/usr/local/go" ~/.profile ; then echo "export GOROOT=/usr/local/go" >> ~/.profile; fi +# if ! grep -Fxq "export PATH=\\$GOROOT/bin:\\$PATH" ~/.profile ; then echo "export PATH=\\$GOROOT/bin:\\$PATH" >> ~/.profile; fi + +cd /vagrant +./letsencrypt-auto-source/letsencrypt-auto --os-packages-only +./tools/venv.sh +./tests/boulder-start.sh + +virtualenv /boulder_venv -p /usr/bin/python2 +source /boulder_venv/bin/activate + +git clone https://github.com/letsencrypt/boulder.git /boulder +cd /boulder +mkdir /boulder/bin +mkdir /boulder/src + +curl https://glide.sh/get | sh + +glide create --non-interactive +glide install + +#go get \ +# bitbucket.org/liamstask/goose/cmd/goose \ +# github.com/golang/lint/golint \ +# github.com/golang/mock/mockgen \ +# github.com/golang/protobuf/proto \ +# github.com/golang/protobuf/protoc-gen-go \ +# github.com/jsha/listenbuddy \ +# github.com/kisielk/errcheck \ +# github.com/mattn/goveralls \ +# github.com/modocache/gover \ +# github.com/tools/godep \ +# golang.org/x/tools/cover \ +# github.com/letsencrypt/boulder/cmd \ +# github.com/streadway/amqp + +./test/create_db.sh +go run cmd/rabbitmq-setup/main.go -server amqp://boulder-rabbitmq + +cat > "/lib/systemd/system/boulder.service" <={0}'.format(certbot_version), + 'certbot>={0}'.format(certbot_version), # For pkg_resources. >=1.0 so pip resolves it to a version cryptography # will tolerate; see #2599: 'setuptools>=1.0',