Merge pull request #817 from untergeek/fix/810

Ensure cacerts.pem from certifi is in RPM/DEB
elastic · Nov 21, 2016 · a3b13e5 · a3b13e5
2 parents d979fb5 + a64135d
commit a3b13e5
Show file tree

Hide file tree

Showing 6 changed files with 188 additions and 17 deletions.
diff --git a/curator/_version.py b/curator/_version.py
@@ -1 +1 @@
-__version__ = '4.2.1'
+__version__ = '4.3.0.dev0'
diff --git a/curator/utils.py b/curator/utils.py
@@ -174,13 +174,6 @@ def get_datetime(index_timestamp, timestring):
         if not '%d' in timestring:
             timestring += '%d'
             index_timestamp += '1'
-    # logger.debug(
-    #     'index_timestamp: {0}, timestring: {1}, return value: '
-    #     '{2}'.format(
-    #         index_timestamp, timestring,
-    #         datetime.strptime(index_timestamp, timestring)
-    #     )
-    # )
     return datetime.strptime(index_timestamp, timestring)
 
 def fix_epoch(epoch):
@@ -532,13 +525,20 @@ def get_client(**kwargs):
             if kwargs['certificate']:
                 kwargs['verify_certs'] = True
                 kwargs['ca_certs'] = kwargs['certificate']
-            else: # Try to use certifi certificates:
-                try:
-                    import certifi
+            else: # Try to use bundled certifi certificates
+                bundled_path = (
+                    '/opt/elasticsearch-curator/lib/certifi/cacert.pem'
+                )
+                if os.path.isfile(bundled_path):
                     kwargs['verify_certs'] = True
-                    kwargs['ca_certs'] = certifi.where()
-                except ImportError:
-                    logger.warn('Unable to verify SSL certificate.')
+                    kwargs['ca_certs'] = bundled_path
+                else:
+                    try: # Try to use certifi certificates via certifi.where():
+                        import certifi
+                        kwargs['verify_certs'] = True
+                        kwargs['ca_certs'] = certifi.where()
+                    except ImportError:
+                        logger.warn('Unable to verify SSL certificate.')
     try:
         from requests_aws4auth import AWS4Auth
         kwargs['aws_key'] = False if not 'aws_key' in kwargs \

diff --git a/docs/Changelog.rst b/docs/Changelog.rst
@@ -6,10 +6,15 @@ Changelog
 4.2.2 (? ? ?)
 -------------
 
+**Bug Fixes**
+
+  * The certifi-provided certificates were not propagating to the compiled
+    RPM/DEB packages.  This has been corrected.  Reported in #810 (untergeek)
+
 **General**
 
-  * Added ``--ignore_empty_list`` option to singleton actions. Requested in
-    #812 (untergeek)
+  * Added missing ``--ignore_empty_list`` option to singleton actions. Requested
+    in #812 (untergeek)
 
 **Documentation**
 

diff --git a/docs/asciidoc/index.asciidoc b/docs/asciidoc/index.asciidoc
@@ -1,4 +1,4 @@
-:curator_version: 4.2.1
+:curator_version: 4.3.0
 :curator_major: 4
 :es_py_version: 2.4.0
 :ref:  http://www.elastic.co/guide/en/elasticsearch/reference/current

diff --git a/unix_packages/build_binary_package.sh → unix_packages/build_official_package.sh b/unix_packages/build_binary_package.sh → unix_packages/build_official_package.sh
@@ -128,6 +128,11 @@ ${PIPBIN} install -U --user certifi
 ${PIPBIN} install -U --user -r requirements.txt
 ${PYBIN} setup.py build_exe
 sudo mv build/exe.linux-x86_64-${PYVER} /opt/elasticsearch-curator
+
+# Put a copy of the up-to-date certifi cacert.pem into a reachable place for the binary
+sudo mkdir -p /opt/elasticsearch-curator/lib/certifi
+sudo cp /home/vagrant/.local/lib/python3.5/site-packages/certifi/cacert.pem /opt/elasticsearch-curator/lib/certifi
+
 sudo chown -R root:root /opt/elasticsearch-curator
 cd ..
 fpm \

diff --git a/unix_packages/build_package_from_source.sh b/unix_packages/build_package_from_source.sh
@@ -0,0 +1,161 @@
+#!/bin/bash
+
+BASEPATH=$(pwd)
+PKG_TARGET=/curator_packages
+WORKDIR=/tmp/curator
+CX_VER="5.0"
+CX_FILE="/curator_source/unix_packages/cx_freeze-${CX_VER}.dev.tar.gz"
+CX_PATH="anthony_tuininga-cx_freeze-71554144c9cc"
+INPUT_TYPE=python
+CATEGORY=python
+VENDOR=Elastic
+MAINTAINER="'Elastic Developers <info@elastic.co>'"
+C_POST_INSTALL=${WORKDIR}/es_curator_after_install.sh
+C_PRE_REMOVE=${WORKDIR}/es_curator_before_removal.sh
+C_POST_REMOVE=${WORKDIR}/es_curator_after_removal.sh
+C_PRE_UPGRADE=${WORKDIR}/es_curator_before_upgrade.sh
+C_POST_UPGRADE=${WORKDIR}/es_curator_after_upgrade.sh
+
+# Build our own package pre/post scripts
+sudo rm -rf ${WORKDIR} /opt/elasticsearch-curator
+mkdir -p ${WORKDIR}
+
+for file in ${C_POST_INSTALL} ${C_PRE_REMOVE} ${C_POST_REMOVE}; do
+  echo '#!/bin/bash' > ${file}
+  echo >> ${file}
+  chmod +x ${file}
+done
+
+echo "ln -s /opt/elasticsearch-curator/curator /usr/bin/curator" >> ${C_POST_INSTALL}
+echo "ln -s /opt/elasticsearch-curator/curator_cli /usr/bin/curator_cli" >> ${C_POST_INSTALL}
+echo "ln -s /opt/elasticsearch-curator/es_repo_mgr /usr/bin/es_repo_mgr" >> ${C_POST_INSTALL}
+echo "ln -s /opt/elasticsearch-curator/curator /usr/bin/curator" >> ${C_POST_UPGRADE}
+echo "ln -s /opt/elasticsearch-curator/curator_cli /usr/bin/curator_cli" >> ${C_POST_UPGRADE}
+echo "ln -s /opt/elasticsearch-curator/es_repo_mgr /usr/bin/es_repo_mgr" >> ${C_POST_UPGRADE}
+echo "rm -f /usr/bin/curator" >> ${C_PRE_REMOVE}
+echo "rm -f /usr/bin/curator_cli" >> ${C_PRE_REMOVE}
+echo "rm -f /usr/bin/es_repo_mgr" >> ${C_PRE_REMOVE}
+echo "rm -f /usr/bin/curator" >> ${C_PRE_UPGRADE}
+echo "rm -f /usr/bin/curator_cli" >> ${C_PRE_UPGRADE}
+echo "rm -f /usr/bin/es_repo_mgr" >> ${C_PRE_UPGRADE}
+echo 'if [ -d "/opt/elasticsearch-curator" ]; then' >> ${C_POST_REMOVE}
+echo '  rm -rf /opt/elasticsearch-curator' >> ${C_POST_REMOVE}
+echo 'fi' >> ${C_POST_REMOVE}
+
+ID=$(grep ^ID\= /etc/*release | awk -F\= '{print $2}' | tr -d \")
+VERSION_ID=$(grep ^VERSION_ID\= /etc/*release | awk -F\= '{print $2}' | tr -d \")
+if [ "${ID}x" == "x" ]; then
+  ID=$(cat /etc/*release | grep -v LSB | uniq | awk '{print $1}' | tr "[:upper:]" "[:lower:]" )
+  VERSION_ID=$(cat /etc/*release | grep -v LSB | uniq | awk '{print $3}' | awk -F\. '{print $1}')
+fi
+
+# build
+if [ "${1}x" == "x" ]; then
+  echo "Must provide version number (can be arbitrary)"
+  exit 1
+else
+  cd ..
+  SOURCE_DIR=$(pwd)
+fi
+
+case "$ID" in
+  ubuntu|debian)
+  	PKGTYPE=deb
+  	PLATFORM=debian
+    PACKAGEDIR="${PKG_TARGET}/${1}/${PLATFORM}"
+	;;
+  centos|rhel)
+  	PKGTYPE=rpm
+    PLATFORM=centos
+	case "$VERSION_ID" in
+	  6|7)
+      sudo rm -f /etc/yum.repos.d/puppetlabs-pc1.repo
+      sudo yum -y update
+		;;
+ 	  *) echo "unknown system version: ${VERSION_ID}"; exit 1;;
+	esac
+  PACKAGEDIR="${PKG_TARGET}/${1}/${PLATFORM}/${VERSION_ID}"
+	;;
+  *) echo "unknown system type: ${ID}"; exit 1;;
+esac
+
+HAS_PY3=$(which python3.5)
+if [ "${HAS_PY3}x" == "x" ]; then
+  cd /tmp
+  wget https://www.python.org/ftp/python/3.5.2/Python-3.5.2.tgz
+  tar zxf Python-3.5.2.tgz
+  cd Python-3.5.2
+  ./configure --prefix=/usr/local
+  sudo make altinstall
+  cd /usr/lib
+  sudo ln -s /usr/local/lib/libpython3.5m.a libpython3.5.a
+  cd ${WORKDIR}
+fi
+
+PYVER=3.5
+PIPBIN=/usr/local/bin/pip3.5
+PYBIN=/usr/local/bin/python3.5
+
+if [ "${CX_VER}" != "$(${PIPBIN} list | grep cx | awk '{print $2}' | tr -d '()')" ]; then
+  cd ${WORKDIR}
+  rm -rf ${CX_PATH}
+  tar zxf ${CX_FILE}
+  cd ${CX_PATH}
+  ${PIPBIN} install -U --user .
+  cd ${WORKDIR}
+fi
+
+if [ -e "/home/vagrant/.rvm/scripts/rvm" ]; then
+  source /home/vagrant/.rvm/scripts/rvm
+fi
+HAS_FPM=$(which fpm)
+if [ "${HAS_FPM}x" == "x" ]; then
+  gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
+  curl -sSL https://get.rvm.io | bash -s stable
+  source /home/vagrant/.rvm/scripts/rvm
+  rvm install ruby
+  gem install fpm
+fi
+
+cd $SOURCE_DIR
+
+mkdir -p ${PACKAGEDIR}
+${PIPBIN} install -U --user setuptools
+${PIPBIN} install -U --user requests_aws4auth
+${PIPBIN} install -U --user certifi
+${PIPBIN} install -U --user -r requirements.txt
+${PYBIN} setup.py build_exe
+sudo mv build/exe.linux-x86_64-${PYVER} /opt/elasticsearch-curator
+
+# Put a copy of the up-to-date certifi cacert.pem into a reachable place for the binary
+PEMTARGET='/opt/elasticsearch-curator/lib/certifi'
+sudo mkdir -p ${PEMTARGET}
+sudo cp /home/vagrant/.local/lib/python3.5/site-packages/certifi/cacert.pem ${PEMTARGET}
+
+sudo chown -R root:root /opt/elasticsearch-curator
+cd $WORKDIR
+fpm \
+ -s dir \
+ -t ${PKGTYPE} \
+ -n elasticsearch-curator \
+ -v ${1} \
+ --vendor ${VENDOR} \
+ --maintainer "${MAINTAINER}" \
+ --license 'Apache-2.0' \
+ --category tools \
+ --description 'Have indices in Elasticsearch? This is the tool for you!\n\nLike a museum curator manages the exhibits and collections on display, \nElasticsearch Curator helps you curate, or manage your indices.' \
+ --after-install ${C_POST_INSTALL} \
+ --before-remove ${C_PRE_REMOVE} \
+ --after-remove ${C_POST_REMOVE} \
+ --before-upgrade ${C_PRE_UPGRADE} \
+ --after-upgrade ${C_POST_UPGRADE} \
+ --provides elasticsearch-curator \
+ --conflicts python-elasticsearch-curator \
+ --conflicts python3-elasticsearch-curator \
+/opt/elasticsearch-curator
+
+mv ${WORKDIR}/*.${PKGTYPE} ${PACKAGEDIR}
+
+rm ${C_POST_INSTALL} ${C_PRE_REMOVE} ${C_POST_REMOVE} ${C_PRE_UPGRADE} ${C_POST_UPGRADE}
+# go back to where we started
+cd ${BASEPATH}