[doc] openxpi handler #1363
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Asynchronous enrollment and certificate re-usage | |
on: | |
push: | |
pull_request: | |
branches: [ devel ] | |
schedule: | |
# * is a special character in YAML so you have to quote this string | |
- cron: '0 2 * * 6' | |
jobs: | |
async_enrollment_cert_reusage: | |
name: async_enrollment_cert_reusage | |
runs-on: ubuntu-latest | |
strategy: | |
# max-parallel: 1 | |
fail-fast: false | |
matrix: | |
websrv: ['apache2', 'nginx'] | |
dbhandler: ['wsgi', 'django'] | |
steps: | |
- name: "checkout GIT" | |
uses: actions/checkout@v4 | |
- name: "create folders" | |
run: | | |
mkdir lego | |
mkdir acme-sh | |
mkdir certbot | |
- name: "Build container" | |
uses: ./.github/actions/container_prep | |
with: | |
DB_HANDLER: ${{ matrix.dbhandler }} | |
WEB_SRV: ${{ matrix.websrv }} | |
DJANGO_DB: psql | |
- name: "Setup openssl ca_handler" | |
run: | | |
sudo mkdir -p examples/Docker/data/acme_ca/certs | |
sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem examples/Docker/data/acme_ca/ | |
sudo cp examples/ca_handler/openssl_ca_handler.py examples/Docker/data/ca_handler.py | |
sudo chmod 777 examples/Docker/data/ca_handler.py | |
sudo sed -i "s/import uuid/import uuid\\nimport time/g" examples/Docker/data/ca_handler.py | |
sudo sed -i "s/ cert_raw = None/ cert_raw = None\\n time.sleep(30)/g" examples/Docker/data/ca_handler.py | |
sudo cp .github/openssl_ca_handler.py_acme_srv_default_handler.cfg examples/Docker/data/acme_srv.cfg | |
sudo chmod 777 examples/Docker/data/acme_srv.cfg | |
sudo sed -i "s/revocation_reason_check_disable: False/revocation_reason_check_disable: False\\ncert_reusage_timeframe: 300/g" examples/Docker/data/acme_srv.cfg | |
cd examples/Docker/ | |
docker-compose restart | |
- name: "Enrollment" | |
uses: ./.github/actions/wf_specific/enrollment_timeout/enroll | |
- name: "[ * ] collecting test data" | |
if: ${{ failure() }} | |
run: | | |
mkdir -p ${{ github.workspace }}/artifact/upload | |
sudo cp -rp examples/Docker/data/ ${{ github.workspace }}/artifact/data/ | |
sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/ | |
cd examples/Docker | |
docker-compose logs > ${{ github.workspace }}/artifact/docker-compose.log | |
sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz docker-compose.log data acme-sh | |
- name: "[ * ] uploading artifacts" | |
uses: actions/upload-artifact@v4 | |
if: ${{ failure() }} | |
with: | |
name: async_enrollment_cert_reusage-${{ matrix.websrv }}-${{ matrix.dbhandler }}.tar.gz | |
path: ${{ github.workspace }}/artifact/upload/ | |
rpm_wsgi_async_enrollment_cert_reusage: | |
name: "rpm_wsgi_async_enrollment_cert_reusage" | |
runs-on: ubuntu-latest | |
strategy: | |
# max-parallel: 1 | |
fail-fast: false | |
matrix: | |
rhversion: [8, 9] | |
steps: | |
- name: "checkout GIT" | |
uses: actions/checkout@v4 | |
- name: "Prepare Alma environment" | |
uses: ./.github/actions/rpm_prep | |
with: | |
GH_SBOM_USER: ${{ secrets.GH_SBOM_USER }} | |
GH_SBOM_TOKEN: ${{ secrets.GH_SBOM_TOKEN }} | |
RH_VERSION: ${{ matrix.rhversion }} | |
- name: "Setup openssl ca_handler" | |
run: | | |
sudo mkdir -p data/acme_ca/certs | |
sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem data/acme_ca/ | |
sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg data/acme_srv.cfg | |
sudo cp examples/ca_handler/openssl_ca_handler.py data/acme_ca/ca_handler.py | |
sudo chmod 777 data/acme_ca/ca_handler.py | |
sudo sed -i "s/import uuid/import uuid\\nimport time/g" data/acme_ca/ca_handler.py | |
sudo sed -i "s/ cert_raw = None/ cert_raw = None\\n time.sleep(22)\\n self.logger.debug('CAhandler.enroll(): timeout done')/g" data/acme_ca/ca_handler.py | |
sudo chmod 777 data/acme_srv.cfg | |
sudo sed -i "s/revocation_reason_check_disable: False/revocation_reason_check_disable: False\\ncert_reusage_timeframe: 1800\\nenrollment_timeout: 15/g" data/acme_srv.cfg | |
# sudo sed -i "s/retry_after_timeout: 15/retry_after_timeout: 30\\nenrollment_timeout: 15/g" data/acme_srv.cfg | |
sudo sed -i "s/handler_file: examples\/ca_handler\/openssl_ca_handler.py/handler_file: \/opt\/acme2certifier\/volume\/acme_ca\/ca_handler.py/g" data/acme_srv.cfg | |
- name: "Execute install scipt" | |
run: | | |
docker exec acme-srv sh /tmp/acme2certifier/rpm_tester.sh | |
- name: "Enrollment" | |
uses: ./.github/actions/wf_specific/enrollment_timeout/enroll | |
with: | |
DEPLOYMENT_TYPE: "rpm" | |
- name: "[ * ] collecting test logs" | |
if: ${{ failure() }} | |
run: | | |
mkdir -p ${{ github.workspace }}/artifact/upload | |
docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /opt/acme2certifier | |
sudo cp -rp data/ ${{ github.workspace }}/artifact/data/ | |
sudo rm ${{ github.workspace }}/artifact/data/*.rpm | |
docker exec acme-srv cat /etc/nginx/nginx.conf.orig > ${{ github.workspace }}/artifact/data/nginx.conf.orig | |
docker exec acme-srv cat /etc/nginx/nginx.conf > ${{ github.workspace }}/artifact/data/nginx.conf | |
docker exec acme-srv cat /var/log/messages > ${{ github.workspace }}/artifact/acme-srv.log | |
sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-srv.log | |
- name: "[ * ] uploading artificates" | |
uses: actions/upload-artifact@v4 | |
if: ${{ failure() }} | |
with: | |
name: rpm_wsgi_async_enrollment_cert_reusage-rh${{ matrix.rhversion }}.tar.gz | |
path: ${{ github.workspace }}/artifact/upload/ | |
rpm_django_async_enrollment_cert_reusage: | |
name: "rpm_django_async_enrollment_cert_reusage" | |
runs-on: ubuntu-latest | |
strategy: | |
# max-parallel: 1 | |
fail-fast: false | |
matrix: | |
rhversion: [8, 9] | |
steps: | |
- name: "checkout GIT" | |
uses: actions/checkout@v4 | |
- name: "Prepare Alma environment" | |
uses: ./.github/actions/rpm_prep | |
with: | |
GH_SBOM_USER: ${{ secrets.GH_SBOM_USER }} | |
GH_SBOM_TOKEN: ${{ secrets.GH_SBOM_TOKEN }} | |
RH_VERSION: ${{ matrix.rhversion }} | |
DJANGO_DB: psql | |
- name: "Setup openssl ca_handler" | |
run: | | |
mkdir -p data/volume/acme_ca/certs | |
sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem data/volume/acme_ca/ | |
sudo cp examples/ca_handler/openssl_ca_handler.py data/volume/acme_ca/ca_handler.py | |
sudo chmod 777 data/volume/acme_ca/ca_handler.py | |
sudo sed -i "s/import uuid/import uuid\\nimport time/g" data/volume/acme_ca/ca_handler.py | |
# sudo sed -i "s/ cert_raw = None/ cert_raw = None\\n time.sleep(15)/g" data/volume/acme_ca/ca_handler.py | |
sudo sed -i "s/ cert_raw = None/ cert_raw = None\\n self.logger.debug('CAhandler.enroll(): timeout start')\\n time.sleep(30)\\n self.logger.debug('CAhandler.enroll(): timeout done')/g" data/volume/acme_ca/ca_handler.py | |
sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg data/volume/acme_srv.cfg | |
sudo chmod 777 data/volume/acme_srv.cfg | |
sudo sed -i "s/revocation_reason_check_disable: False/revocation_reason_check_disable: False\\ncert_reusage_timeframe: 1800\\nenrollment_timeout: 15/g" data/volume/acme_srv.cfg | |
# sudo sed -i "s/retry_after_timeout: 15/retry_after_timeout: 30\\nenrollment_timeout: 15/g" data/volume/acme_srv.cfg | |
sudo sed -i "s/handler_file: examples\/ca_handler\/openssl_ca_handler.py/handler_file: \/opt\/acme2certifier\/volume\/acme_ca\/ca_handler.py/g" data/volume/acme_srv.cfg | |
- name: "Execute install scipt" | |
run: | | |
docker exec acme-srv sh /tmp/acme2certifier/django_tester.sh | |
- name: "Enrollment" | |
uses: ./.github/actions/wf_specific/enrollment_timeout/enroll | |
with: | |
DEPLOYMENT_TYPE: "rpm" | |
- name: "[ * ] collecting test logs" | |
if: ${{ failure() }} | |
run: | | |
mkdir -p ${{ github.workspace }}/artifact/upload | |
docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /opt/acme2certifier | |
docker exec acme-srv tar cvfz /tmp/acme2certifier/nginx.tgz /etc/nginx | |
sudo cp -rp data/ ${{ github.workspace }}/artifact/data/ | |
sudo rm ${{ github.workspace }}/artifact/data/*.rpm | |
docker exec postgresdbsrv pg_dump -U postgres acme2certifier > data/acme2certifier.sql | |
docker exec acme-srv cat /etc/nginx/nginx.conf.orig > ${{ github.workspace }}/artifact/data/nginx.conf.orig | |
docker exec acme-srv cat /etc/nginx/nginx.conf > ${{ github.workspace }}/artifact/data/nginx.conf | |
docker exec acme-srv rpm -qa > ${{ github.workspace }}/artifact/data/packages.txt | |
docker exec acme-srv cat /var/log/messages > ${{ github.workspace }}/artifact/acme-srv.log | |
sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-srv.log | |
- name: "[ * ] uploading artificates" | |
uses: actions/upload-artifact@v4 | |
if: ${{ failure() }} | |
with: | |
name: rpm_django_async_enrollment_cert_reusage-rh${{ matrix.rhversion }}.tar.gz | |
path: ${{ github.workspace }}/artifact/upload/ |