[ADD] clouder_certificate_authority: Implement CA using CFSSL

clouder_certificate_authority/README.rst

@@ -0,0 +1,52 @@
+.. image:: https://img.shields.io/badge/licence-LGPL--3-blue.svg
+   :target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html
+   :alt: License: LGPL-3
+
+================================
+Clouder Template - CFSSL
+================================
+
+This module provides a template for CFSSL in Clouder.
+
+
+Configuration
+=============
+
+Clouder configuration instructions are available at https://clouder.readthedocs.io/
+
+Usage
+=====
+
+To use this module, you need to:
+
+#. Create an CFSSL Service in the Clouder Control Panel
+
+Known issues / Roadmap
+======================
+
+* Add ElasticDump db backup & restore
+* ElasticDump should be a separate service
+* Add SSL (Requires CA - https://github.com/clouder-community/clouder/issues/167)
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues
+<https://github.com/clouder-community/clouder/issues>`_. In case of trouble, please
+check there if your issue has already been reported. If you spotted it first,
+help us smashing it by providing a detailed and welcomed feedback.
+
+Credits
+=======
+
+Contributors
+------------
+
+* Dave Lasley <dave@laslabs.com>
+
+Maintainer
+----------
+
+This module is maintained by Clouder Community.
+
+To contribute to this module, please visit https://github.com/clouder-community/clouder

clouder_certificate_authority/__init__.py

@@ -0,0 +1,3 @@
+# -*- coding: utf-8 -*-
+# Copyright 2016 LasLabs Inc.
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).

clouder_certificate_authority/__openerp__.py

@@ -0,0 +1,30 @@
+# -*- coding: utf-8 -*-
+# Copyright 2016 LasLabs Inc.
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
+
+{
+    'name': 'Clouder Certificate Authority',
+    'version': '9.0.10.0.0',
+    'category': 'Clouder',
+    'depends': [
+        'clouder',
+        'clouder_template_proxy',
+    ],
+    'author': 'LasLabs Inc.',
+    'license': 'LGPL-3',
+    'website': 'https://github.com/clouder-community/clouder',
+    'data': [
+        'data/image_template.xml',
+        'data/image.xml',
+        'data/image_port.xml',
+        'data/image_volume.xml',
+        'data/application_tag.xml',
+        'data/application_type.xml',
+        'data/application_type_option.xml',
+        'data/application_template.xml',
+        'data/application.xml',
+        'data/application_link.xml',
+    ],
+    'installable': True,
+    'application': False,
+}

clouder_certificate_authority/data/application.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright 2016 LasLabs Inc.
+     License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). -->
+
+<odoo>
+
+    <record id="application_cfssl_data" model="clouder.application">
+        <field name="name">CFSSL Data</field>
+        <field name="code">data</field>
+        <field name="type_id" ref="application_type_cfssl" />
+        <field name="tag_ids" eval="[(4, ref('clouder.tag_data'))]" />
+        <field name="default_image_id" ref="image_cfssl_data" />
+        <field name="sequence">1</field>
+        <field name="required" eval="True"/>
+    </record>
+
+    <record id="application_cfssl_exec" model="clouder.application">
+        <field name="name">CFSSL Exec</field>
+        <field name="code">exec</field>
+        <field name="type_id" ref="application_type_cfssl" />
+        <field name="tag_ids" eval="[(4, ref('clouder.tag_exec'))]" />
+        <field name="default_image_id" ref="image_cfssl_exec" />
+        <field name="sequence">2</field>
+        <field name="required" eval="True"/>
+        <field name="update_strategy">auto</field>
+    </record>
+
+    <record id="application_cfssl" model="clouder.application">
+        <field name="name">CFSSL</field>
+        <field name="code">cfssl</field>
+        <field name="type_id" ref="application_type_cfssl" />
+        <field name="child_ids"
+               eval="[(4, ref('application_cfssl_data')),
+                      (4, ref('application_cfssl_exec')),
+                     ]"
+               />
+        <field name="sequence">1</field>
+        <field name="required" eval="True"/>
+    </record>
+
+</odoo>

clouder_certificate_authority/data/application_link.xml

@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright 2016 LasLabs Inc.
+     License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). -->
+
+<odoo>
+
+    <record id="application_link_cfssl"
+            model="clouder.application.link"
+            >
+        <field name="template_id"
+               ref="application_template_cfssl"
+               />
+        <field name="name" ref="application_cfssl" />
+        <field name="service" eval="True" />
+        <field name="required" eval="True" />
+        <field name="auto" eval="True" />
+        <field name="make_link" eval="True" />
+    </record>
+
+</odoo>

clouder_certificate_authority/data/application_tag.xml

@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright 2016 LasLabs Inc.
+     License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). -->
+
+<odoo>
+
+    <record id="tag_cert_authority" model="clouder.application.tag">
+        <field name="name">cert_authority</field>
+    </record>
+
+</odoo>

clouder_certificate_authority/data/application_template.xml

@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright 2016 LasLabs Inc.
+     License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). -->
+
+<odoo>
+
+    <record id="application_template_cfssl"
+            model="clouder.application.template"
+            >
+        <field name="name">CFSSL</field>
+    </record>
+
+</odoo>

clouder_certificate_authority/data/application_type.xml

@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright 2016 LasLabs Inc.
+     License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). -->
+
+<odoo>
+
+    <record id="application_type_cfssl"
+            model="clouder.application.type"
+            >
+        <field name="name">cfssl</field>
+        <field name="system_user">cfssl</field>
+        <field name="tag_ids"
+               eval="[(6, 0, [ref('tag_cert_authority')])]"
+               />
+    </record>
+
+</odoo>

clouder_certificate_authority/data/application_type_option.xml

@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright 2016 LasLabs Inc.
+     License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). -->
+
+<odoo>
+
+    <record id="application_type_option_cfssl_network"
+            model="clouder.application.type.option"
+            >
+        <field name="application_type_id"
+               ref="application_type_cfssl"
+               />
+        <field name="name">network</field>
+        <field name="type">service</field>
+        <field name="default">172.17.0.0/16</field>
+    </record>
+
+    <record id="application_type_option_cfssl_listen"
+            model="clouder.application.type.option"
+            >
+        <field name="application_type_id"
+               ref="application_type_cfssl"
+               />
+        <field name="name">listen</field>
+        <field name="type">service</field>
+        <field name="default">*</field>
+    </record>
+
+</odoo>

clouder_certificate_authority/data/image.xml

@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright 2016 LasLabs Inc.
+     License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). -->
+
+<odoo>
+
+    <record id="image_cfssl_data" model="clouder.image">
+        <field name="name">image_cfssl_data</field>
+        <field name="template_ids"
+               eval="[(4, [ref('image_template_cfssl_data')])]"
+               />
+        <field name="parent_from">lasley/cfssl-data</field>
+    </record>
+
+    <record id="image_cfssl_exec" model="clouder.image">
+        <field name="name">image_cfssl_exec</field>
+        <field name="template_ids"
+               eval="[(4, [ref('image_template_cfssl_exec')])]"
+               />
+        <field name="parent_from">lasley/cfssl-exec</field>
+        <field name="volumes_from">data</field>
+    </record>
+
+</odoo>

clouder_certificate_authority/data/image_port.xml

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright 2016 LasLabs Inc.
+     License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). -->
+
+<odoo>
+
+    <record id="image_port_cfssl_http"
+            model="clouder.image.port"
+            >
+        <field name="template_id" ref="image_template_cfssl_exec" />
+        <field name="name">cfssl-http</field>
+        <field name="local_port">8888</field>
+    </record>
+
+</odoo>

clouder_certificate_authority/data/image_template.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright 2016 LasLabs Inc.
+     License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). -->
+
+<odoo>
+
+    <record id="image_template_cfssl_data"
+            model="clouder.image.template"
+            >
+        <field name="name">image_template_cfssl_data</field>
+    </record>
+
+    <record id="image_template_cfssl_exec"
+            model="clouder.image.template"
+            >
+        <field name="name">image_template_cfssl_exec</field>
+    </record>
+
+</odoo>

clouder_certificate_authority/data/image_volume.xml

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright 2016 LasLabs Inc.
+     License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). -->
+
+<odoo>
+
+    <record id="image_volume_cfssl_etc"
+            model="clouder.image.volume"
+            >
+        <field name="template_id" ref="image_template_cfssl_data" />
+        <field name="name">etc</field>
+        <field name="localpath">/etc/cfssl</field>
+        <field name="user">cfssl</field>
+    </record>
+
+</odoo>

clouder_certificate_authority/images/1.2.0-data/Dockerfile

@@ -0,0 +1,4 @@
+FROM yannickburon/clouder:base
+MAINTAINER Dave Lasley <dave@laslabs.com>
+
+CMD tail -f /dev/null

clouder_certificate_authority/images/1.2.0-exec/Dockerfile

@@ -0,0 +1,36 @@
+FROM yannickburon/clouder:base
+MAINTAINER Dave Lasley <dave@laslabs.com>
+
+ENV PATH /go/bin:/usr/local/go/bin:$PATH
+ENV GOPATH /go
+ENV USER root
+
+ENV buildDeps "build-base \
+               gcc \
+               git \
+               go \
+               libtool"
+
+RUN apk add --no-cache $buildDeps
+
+RUN git clone --depth=1 https://github.com/cloudflare/cfssl.git /go/src/github.com/cloudflare/cfssl
+
+RUN set -x \
+	&& apk add --no-cache $buildDeps \
+	&& cd /go/src/github.com/cloudflare/cfssl \
+	&& go get github.com/GeertJohan/go.rice/rice && rice embed-go -i=./cli/serve \
+	&& cp -R /go/src/github.com/cloudflare/cfssl/vendor/github.com/cloudflare/cfssl_trust /etc/cfssl \
+	&& go build -o /usr/bin/cfssl ./cmd/cfssl \
+	&& go build -o /usr/bin/cfssljson ./cmd/cfssljson \
+	&& go build -o /usr/bin/mkbundle ./cmd/mkbundle \
+	&& go build -o /usr/bin/multirootca ./cmd/multirootca \
+	&& apk del $buildDeps \
+	&& rm -rf /var/cache/apk/* \
+	&& rm -rf /go \
+	&& echo "Build complete."
+
+
+WORKDIR /etc/cfssl
+
+ENTRYPOINT ["cfssl"]
+CMD ["--help"]