-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #23 from whole-tale/master
Porting fixes from master to stable
- Loading branch information
Showing
9 changed files
with
173 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,45 +1,55 @@ | ||
graceTimeOut = "10s" | ||
debug = false | ||
checkNewVersion = false | ||
logLevel = "WARN" | ||
logLevel = "INFO" | ||
|
||
# If set to true invalid SSL certificates are accepted for backends. | ||
# Note: This disables detection of man-in-the-middle attacks so should only be used on secure backend networks. | ||
# Optional | ||
# Default: false | ||
# | ||
# | ||
# InsecureSkipVerify = true | ||
|
||
defaultEntryPoints = ["http", "https"] | ||
|
||
[entryPoints] | ||
[entryPoints.http] | ||
address = ":80" | ||
[entryPoints.http.redirect] | ||
entryPoint = "https" | ||
[entryPoints.https] | ||
address = ":443" | ||
[entryPoints.https.tls] | ||
[entryPoints.https.tls] | ||
#MinVersion = "VersionTLS12" | ||
#CipherSuites = ["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305"] | ||
MinVersion = "VersionTLS10" | ||
CipherSuites = ["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA"] | ||
|
||
[acme] | ||
email = "[email protected]" # FIXME | ||
storage = "/acme/acme.json" | ||
entryPoint = "https" | ||
acmeLogging = true | ||
onDemand = true | ||
# Enable certificate generation on frontends Host rules. This will request a certificate from Let's Encrypt for each frontend with a Host rule. | ||
# For example, a rule Host:test1.traefik.io,test2.traefik.io will request a certificate with main domain test1.traefik.io and SAN test2.traefik.io. | ||
# | ||
# Optional | ||
# | ||
# OnHostRule = true | ||
# caServer = "https://acme-staging.api.letsencrypt.org/directory" | ||
|
||
[acme.httpChallenge] | ||
entryPoint = "http" | ||
|
||
[acme.dnsChallenge] | ||
provider = "godaddy" | ||
delayBeforeCheck = 0 | ||
|
||
[[acme.domains]] | ||
main = "*.${subdomain}.${domain}" | ||
|
||
[[acme.domains]] | ||
main = "dashboard-${subdomain}.${domain}" | ||
|
||
[web] | ||
address = ":8080" | ||
|
||
|
||
[docker] | ||
endpoint = "unix:///var/run/docker.sock" | ||
domain = "${domain}" | ||
domain = "${subdomain}.${domain}" | ||
watch = true | ||
exposedbydefault = true | ||
swarmmode = true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
resource "null_resource" "update_dns" { | ||
depends_on = ["openstack_compute_floatingip_associate_v2.fip_master"] | ||
|
||
provisioner "local-exec" { | ||
command = "docker run -v `pwd`/scripts:/scripts jfloff/alpine-python:2.7-slim -p requests -- python scripts/godaddy-update-dns.py -k ${var.godaddy_api_key} -s ${var.godaddy_api_secret} -d ${var.domain} -n ${var.subdomain} -a ${openstack_networking_floatingip_v2.swarm_master_ip.address}" | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
#!/bin/python | ||
import argparse | ||
import json | ||
import requests | ||
|
||
# | ||
# Simple CLI to create/update DNS A record in GoDaddy | ||
# | ||
|
||
parser = argparse.ArgumentParser() | ||
|
||
parser.add_argument("-k", "--key", required=True, help="Godaddy API key") | ||
parser.add_argument("-s", "--secret", required=True, help="Godaddy API secret") | ||
parser.add_argument("-d", "--domain", required=True, help="Domain name") | ||
parser.add_argument("-n", "--name", required=True, help="DNS A record entry name") | ||
parser.add_argument("-a", "--address", required=True, help="DNS A record ip address value") | ||
|
||
|
||
args = parser.parse_args() | ||
|
||
# Uses the records and A record enpoints | ||
baseUrl = "https://api.godaddy.com/v1" | ||
recordsUrl = "%s/domains/%s/records" % (baseUrl, args.domain) | ||
recordUrl = "%s/A/*.%s" % (recordsUrl, args.name) | ||
|
||
# Authentication requires GoDaddy API key and secret | ||
authHeader = "sso-key %s:%s" % (args.key, args.secret) | ||
|
||
# DNS A record | ||
wildcard_record = [{ | ||
'data': args.address, | ||
'name': "*." + args.name, | ||
'ttl': 600, | ||
'type': 'A' | ||
}] | ||
|
||
try: | ||
|
||
# Get the record for this name | ||
r = requests.get(recordUrl, headers={'Authorization': authHeader}) | ||
|
||
# Endpoint should return 200 whether record exists or not | ||
if r.status_code == requests.codes.ok: | ||
|
||
body = r.json() | ||
|
||
if not body: | ||
# If body is empty, no existing A record exists so created it using the PATCH method | ||
print("No record found for *.%s, creating" % args.name) | ||
|
||
r = requests.patch(recordsUrl, json=wildcard_record, headers={'Authorization': authHeader, 'accept': 'application/json'}) | ||
if r.status_code == requests.codes.ok: | ||
print("Record successfully created") | ||
else: | ||
print("Error: Failed to create record: %s" % r.status_code) | ||
|
||
else: | ||
# If body is not empty, confirm that it differs from the specified information and update if needed | ||
if body == wildcard_record: | ||
print("Record found, but configuration unchanged") | ||
else: | ||
print("Record found for %s, updating" % args.name) | ||
r = requests.put(recordUrl, json=wildcard_record, headers={'Authorization': authHeader, 'accept': 'application/json'}) | ||
|
||
if r.status_code == requests.codes.ok: | ||
print("Record successfully updated") | ||
else: | ||
print("Error: Failed to create: %s" % r.status_code) | ||
|
||
# Get the final record and con firm it matches what was supplied | ||
r = requests.get(recordUrl, headers={'Authorization': authHeader}) | ||
|
||
print(json.dumps(r.json(), indent=4, sort_keys=True)) | ||
|
||
else: | ||
r.raise_for_status() | ||
|
||
except requests.exceptions.RequestException as e: | ||
print(e) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters