Class: Porkadot::Assets::EtcdNode

Inherits:
Object
  • Object
show all
Includes:
Porkadot::Assets
Defined in:
lib/porkadot/assets/etcd.rb

Constant Summary collapse

TEMPLATE_DIR = 
File.join(File.dirname(__FILE__), "etcd")

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Porkadot::Assets

#render_erb, #render_secrets_erb

Constructor Details

#initialize(config) ⇒ EtcdNode

Returns a new instance of EtcdNode.



41
42
43
44
45
46
 
# File 'lib/porkadot/assets/etcd.rb', line 41

def initialize config
  @config = config
  @logger = config.logger
  @global_config = config.config
  @certs = Porkadot::Assets::Certs::Etcd.new(global_config)
end

Instance Attribute Details

#certsObject (readonly)

Returns the value of attribute certs.



39
40
41
 
# File 'lib/porkadot/assets/etcd.rb', line 39

def certs
  @certs
end

#configObject (readonly)

Returns the value of attribute config.



37
38
39
 
# File 'lib/porkadot/assets/etcd.rb', line 37

def config
  @config
end

#global_configObject (readonly)

Returns the value of attribute global_config.



36
37
38
 
# File 'lib/porkadot/assets/etcd.rb', line 36

def global_config
  @global_config
end

#loggerObject (readonly)

Returns the value of attribute logger.



38
39
40
 
# File 'lib/porkadot/assets/etcd.rb', line 38

def logger
  @logger
end

Instance Method Details

#etcd_cert(refresh = false) ⇒ Object 



81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
 
# File 'lib/porkadot/assets/etcd.rb', line 81

def etcd_cert(refresh=false)
  return @etcd_cert if defined?(@etcd_cert)
  if File.file?(config.etcd_crt_path) and !refresh
    self.logger.debug("--> Etcd cert already exists, skipping: #{config.etcd_cert_path}")
    @etcd_cert = OpenSSL::X509::Certificate.new(File.read(config.etcd_cert_path))
  else
    ca_key = self.certs.ca_key
    ca_cert = self.certs.ca_cert(false)
    @etcd_cert = certs.unsigned_cert(
      "/O=porkadot:etcd-servers/CN=#{config.member_name}",
      self.etcd_key, ca_cert,
      1 * 365 * 24 * 60 * 60
    )

    ef = OpenSSL::X509::ExtensionFactory.new
    ef.subject_certificate = @etcd_cert
    ef.issuer_certificate = ca_cert
    @etcd_cert.add_extension(ef.create_extension("basicConstraints","CA:FALSE",true))
    @etcd_cert.add_extension(ef.create_extension("keyUsage","nonRepudiation, digitalSignature, keyEncipherment", true))
    @etcd_cert.add_extension(ef.create_extension("extendedKeyUsage","clientAuth, serverAuth",true))

    @etcd_cert.add_extension(ef.create_extension("subjectAltName", self.config.additional_sans.join(','), true))
    @etcd_cert.sign(ca_key, OpenSSL::Digest::SHA256.new)

    File.open config.etcd_crt_path, 'wb' do |f|
      f.write @etcd_cert.to_pem
    end
  end
  return @etcd_cert
end

#etcd_keyObject 



76
77
78
79
 
# File 'lib/porkadot/assets/etcd.rb', line 76

def etcd_key
  @etcd_key ||= certs.private_key(config.etcd_key_path)
  return @etcd_key
end

#renderObject 



48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
# File 'lib/porkadot/assets/etcd.rb', line 48

def render
  logger.info "--> Rendering #{config.name} node"
  unless File.directory?(config.target_path)
    FileUtils.mkdir_p(config.target_path)
  end
  unless File.directory?(config.target_secrets_path)
    FileUtils.mkdir_p(config.target_secrets_path)
  end
  render_ca_crt
  render_etcd_crt
  render_erb 'etcd-server.yaml', etcd: global_config.etcd
  render_erb 'etcd.env', etcd: global_config.etcd
  render_erb 'install.sh', etcd: global_config.etcd
end

#render_ca_crtObject 



63
64
65
66
67
68
 
# File 'lib/porkadot/assets/etcd.rb', line 63

def render_ca_crt
  logger.info "----> ca.crt"
  open(config.ca_crt_path, 'w') do |out|
    out.write self.certs.ca_cert(false).to_pem
  end
end

#render_etcd_crtObject 



70
71
72
73
74
 
# File 'lib/porkadot/assets/etcd.rb', line 70

def render_etcd_crt
  logger.info "----> etcd.crt"
  self.etcd_key
  self.etcd_cert(true)
end