Letsencrypt

.gitignore

@@ -1,6 +1,8 @@
 *.pyc
+.*.swp
 /*.egg-info
 /.tox
 
 *.iml
 .idea/
+/venv-vergilius

Dockerfile

@@ -4,22 +4,22 @@ MAINTAINER Vasiliy Ostanin <bazilio91@gmail.ru>
 RUN add-apt-repository ppa:nginx/development
 RUN apt-get update
 #apt-get upgrade -y -o Dpkg::Options::="--force-confold" && \
-RUN apt-get install -y ca-certificates nginx git-core python build-essential autoconf libtool \
-    python-dev libffi-dev libssl-dev python-pip dialog nano
+RUN apt-get install -y ca-certificates nginx git-core python3 build-essential autoconf libtool \
+    python3-dev libffi-dev libssl-dev python3-pip dialog nano
 ENV TERM screen
 
-ADD init.d/01_env.sh /etc/init.d/
-ADD services/nginx.sh /etc/service/nginx/run
-ADD services/vergilius.sh /etc/service/vergilius/run
+COPY docker/init.d/01_env.sh /etc/init.d/
+COPY docker/services/nginx.sh /etc/service/nginx/run
+COPY docker/services/vergilius.sh /etc/service/vergilius/run
 
-COPY consul/* /etc/consul/conf.d/
-COPY nginx/conf.d/*.conf /etc/nginx/conf.d/
-COPY nginx/nginx.conf /etc/nginx/nginx.conf
+COPY docker/consul/* /etc/consul/conf.d/
+COPY docker/nginx/conf.d/*.conf /etc/nginx/conf.d/
+COPY docker/nginx/nginx.conf /etc/nginx/nginx.conf
 RUN rm /etc/nginx/sites-enabled/* && mkdir -p /etc/nginx/sites-enabled/certs && \
     mkdir -p /data/dummy_ca/domains/
 
-ADD src /opt/vergilius
-RUN cd /opt/vergilius/ && python setup.py install
+COPY src /opt/vergilius
+RUN cd /opt/vergilius/ && python3 setup.py install
 WORKDIR /opt/vergilius/
 
 EXPOSE 80 443

circle.yml

@@ -1,6 +1,6 @@
 machine:
   python:
-    version: 2.7
+    version: 3.5.2
   services:
     - docker
   environment:
@@ -25,4 +25,4 @@ deployment:
   dockerhub:
     branch: master
     commands:
-      - 'curl -H "Content-Type: application/json" --data "{\"source_type\": \"Branch\", \"source_name\": \"master\"}" -X POST https://registry.hub.docker.com/u/devopsftw/vergilius/trigger/ea3f932c-49b9-47e8-af0c-ec1d8615cda4/'
+      - 'curl -H "Content-Type: application/json" --data "{\"source_type\": \"Branch\", \"source_name\": \"master\"}" -X POST https://registry.hub.docker.com/u/devopsftw/vergilius/trigger/ea3f932c-49b9-47e8-af0c-ec1d8615cda4/'

requirements.txt

@@ -1,7 +1,10 @@
 zope.component==4.2.2
 zope.event==4.1.0
 zope.interface==4.1.3
-python-consul==0.4.7
-tornado==4.3
+python-consul==0.7
+tornado==4.4.2
 funcsigs==1.0.0
 mock==1.3.0
+acme==0.9.3
+cryptography==1.6
+PyOpenSSL==16.2

src/app.py

@@ -1,18 +1,19 @@
-#!/usr/bin/python
+#!/usr/bin/python3
 import logging
 import signal
-
 import time
-import tornado
 
-import vergilius
-from vergilius import logger
-from vergilius.loop.nginx_reloader import NginxReloader
-from vergilius.loop.service_watcher import ServiceWatcher
+import tornado.ioloop
+import vergilius.base
+from vergilius.cert import AcmeCertificateProvider
+from vergilius.loop import NginxReloader, ServiceWatcher
+from vergilius import config
 
 MAX_WAIT_SECONDS_BEFORE_SHUTDOWN = 10
 
-logger.setLevel(logging.DEBUG)
+logging.basicConfig(format='%(asctime)s %(levelname)s:%(name)s %(message)s')
+logger = logging.getLogger(__name__)
+logger.setLevel(config.LOG_LEVEL)
 
 
 def shutdown():
@@ -35,30 +36,36 @@ def stop_loop():
     stop_loop()
 
 
-def sig_handler(sig, frame):
+def sig_handler(sig, _):
     logger.warning('Caught signal: %s', sig)
     tornado.ioloop.IOLoop.instance().add_callback(shutdown)
 
+
 def handle_future(f):
     tornado.ioloop.IOLoop.current().stop()
-    if f.exception() != None:
+    if f.exception() is not None:
         raise f.exception()
 
+
 def main():
     signal.signal(signal.SIGTERM, sig_handler)
     signal.signal(signal.SIGINT, sig_handler)
 
-    vergilius.Vergilius.init()
-
-    consul_handler = ServiceWatcher().watch_services()
-    nginx_reloader = NginxReloader().nginx_reload()
+    app = App()
+    sw = ServiceWatcher(app)
 
     io_loop = tornado.ioloop.IOLoop.current()
-    io_loop.add_future(consul_handler, handle_future)
-    io_loop.add_future(nginx_reloader, handle_future)
+    io_loop.add_future(sw.watch_services(), handle_future)
+    io_loop.add_future(app.nginx_reloader.reload(), handle_future)
 
     io_loop.start()
 
 
+class App(object):
+    def __init__(self):
+        self.session = vergilius.base.ConsulSession()
+        self.certificate_provider = AcmeCertificateProvider()
+        self.nginx_reloader = NginxReloader()
+
 if __name__ == '__main__':
     main()

src/setup.py

@@ -2,11 +2,14 @@
 from setuptools import find_packages
 
 install_requires = [
-    'python-consul',
-    'tornado',
+    'python-consul==0.7.0',
+    'tornado==4.4.2',
     'setuptools>=1.0',
     'zope.component',
     'zope.interface',
+    'acme==0.9.3',
+    'cryptography==1.6',
+    'PyOpenSSL==16.2',
 ]
 
 setup(

src/vergilius/__init__.py

@@ -1,25 +0,0 @@
-import logging
-import os
-
-from consul import Consul
-from consul import tornado as consul_from_tornado
-from tornado import template
-
-import config
-from components.dummy_certificate_provider import DummyCertificateProvider
-from vergilius.models.identity import Identity
-
-logger = logging.getLogger(__name__)
-template_loader = template.Loader(os.path.join(os.path.dirname(os.path.abspath(__file__)), 'templates'))
-certificate_provider = DummyCertificateProvider()
-
-consul = Consul(host=config.CONSUL_HOST)
-consul_tornado = consul_from_tornado.Consul(host=config.CONSUL_HOST)
-
-
-class Vergilius(object):
-    identity = None
-
-    @classmethod
-    def init(cls):
-        cls.identity = Identity()

src/vergilius/base.py

@@ -0,0 +1,56 @@
+import logging
+import consul
+from consul.tornado import Consul as TornadoConsul
+
+from tornado.ioloop import IOLoop
+from tornado.locks import Event
+import tornado.gen
+
+from vergilius import config
+
+logger = logging.getLogger(__name__)
+logger.setLevel(logging.DEBUG)
+tc = TornadoConsul(host=config.CONSUL_HOST)
+
+
+class ConsulSession(object):
+    def __init__(self):
+        self._sid = None
+        self._waitSid = Event()
+        IOLoop.instance().spawn_callback(self.watch)
+        pass
+
+    @tornado.gen.coroutine
+    def watch(self):
+        while True:
+            tick = tornado.gen.sleep(5)
+            yield self.ensure_session()
+            yield tick
+
+    @tornado.gen.coroutine
+    def ensure_session(self):
+        if self._sid is None:
+            self._sid = yield self.create_session()
+            self._waitSid.set()
+        else:
+            try:
+                yield tc.session.renew(self._sid)
+            except consul.NotFound:
+                self._waitSid.clear()
+                logger.error('session not found, trying to recreate')
+                self._sid = yield self.create_session()
+                self._waitSid.set()
+            except consul.ConsulException as e:
+                logger.error('consul exception: %s' % e)
+        return True
+
+    @tornado.gen.coroutine
+    def create_session(self):
+        sid = yield tc.session.create('vergilius', ttl=10, behavior='delete', lock_delay=0)
+        logger.debug('session created: %s', sid)
+        return sid
+
+    @tornado.gen.coroutine
+    def get_sid(self):
+        yield self._waitSid.wait()
+        return self._sid