Commit ece0461c authored by Rye Terrell's avatar Rye Terrell

use port configuration

parent a3ff0eaf
...@@ -29,6 +29,7 @@ from charms.layer import nginx ...@@ -29,6 +29,7 @@ from charms.layer import nginx
from subprocess import Popen from subprocess import Popen
from subprocess import PIPE from subprocess import PIPE
from subprocess import STDOUT from subprocess import STDOUT
from subprocess import CalledProcessError
@when('certificates.available') @when('certificates.available')
...@@ -49,6 +50,16 @@ def request_server_certificates(tls): ...@@ -49,6 +50,16 @@ def request_server_certificates(tls):
tls.request_server_cert(common_name, sans, certificate_name) tls.request_server_cert(common_name, sans, certificate_name)
@when('config.changed.port')
def close_old_port():
config = hookenv.config()
old_port = config.previous('port')
try:
hookenv.close_port(old_port)
except CalledProcessError:
hookenv.log('Port %d already closed, skipping.' % old_port)
@when('nginx.available', 'apiserver.available', @when('nginx.available', 'apiserver.available',
'certificates.server.cert.available') 'certificates.server.cert.available')
def install_load_balancer(apiserver, tls): def install_load_balancer(apiserver, tls):
...@@ -63,20 +74,23 @@ def install_load_balancer(apiserver, tls): ...@@ -63,20 +74,23 @@ def install_load_balancer(apiserver, tls):
if cert_exists and key_exists: if cert_exists and key_exists:
# At this point the cert and key exist, and they are owned by root. # At this point the cert and key exist, and they are owned by root.
chown = ['chown', 'www-data:www-data', server_cert_path] chown = ['chown', 'www-data:www-data', server_cert_path]
# Change the owner to www-data so the nginx process can read the cert. # Change the owner to www-data so the nginx process can read the cert.
subprocess.call(chown) subprocess.call(chown)
chown = ['chown', 'www-data:www-data', server_key_path] chown = ['chown', 'www-data:www-data', server_key_path]
# Change the owner to www-data so the nginx process can read the key. # Change the owner to www-data so the nginx process can read the key.
subprocess.call(chown) subprocess.call(chown)
hookenv.open_port(hookenv.config('port')) port = hookenv.config('port')
hookenv.open_port(port)
services = apiserver.services() services = apiserver.services()
nginx.configure_site( nginx.configure_site(
'apilb', 'apilb',
'apilb.conf', 'apilb.conf',
server_name='_', server_name='_',
services=services, services=services,
port=hookenv.config('port'), port=port,
server_certificate=server_cert_path, server_certificate=server_cert_path,
server_key=server_key_path, server_key=server_key_path,
) )
......
...@@ -8,7 +8,7 @@ upstream target_service { ...@@ -8,7 +8,7 @@ upstream target_service {
server { server {
listen 443 ssl http2; listen {{ port }} ssl http2;
server_name {{ server_name }}; server_name {{ server_name }};
access_log /var/log/nginx.access.log; access_log /var/log/nginx.access.log;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment