From c46b69134aaca38070f75f4a993c6246c5cfe0c0 Mon Sep 17 00:00:00 2001
From: Stephen Soltesz <soltesz@cs.princeton.edu>
Date: Tue, 1 Sep 2009 00:01:13 +0000
Subject: [PATCH] add ssl certificate fields for Monitor in default_config.xml
 add ssl certificate generation for Monitor in plc.d/ssl

separate bootcd values from bootmanager configuration
build.sh now collects all the certificates that it needs to authenticate the
https sessions. As well, the BM configuration includes several new values that
control how and where it uploads logs.

BOOT_API_SERVER remains as the API server for all API calls
BOOT_SERVER is the host from which the bootstrapfs and other files are fetched.
MONITOR_SERVER is the host where logs are uploaded
UPLOAD_LOG_SCRIPT is the path to the upload script or entry point.

If the configuration value PLC_MONITOR_ENABLED=false, then MONITOR_SERVER=BOOT_SERVER
It is now much easier to extend BM in the future to upload additional files
such as for hardware information, SMART data, commands run by root users
during the session, etc.
---
 default_config.xml | 26 ++++++++++++++++++++++++++
 plc.d/ssl          |  6 +++---
 2 files changed, 29 insertions(+), 3 deletions(-)

diff --git a/default_config.xml b/default_config.xml
index 8dd0266..84bdabf 100644
--- a/default_config.xml
+++ b/default_config.xml
@@ -606,6 +606,32 @@ $Id$
           <description>The password to use when accessing the
           database, Monitor user account in the local PLC.</description>
         </variable>
+
+	    <variable id="ssl_key" type="file">
+		  <name>SSL Private Key</name>
+		  <value>/etc/planetlab/monitor_ssl.key</value>
+		  <description>The SSL private key to use for encrypting HTTPS
+		  traffic.</description>
+		</variable>
+
+		<variable id="ssl_crt" type="file">
+		  <name>SSL Public Certificate</name>
+		  <value>/etc/planetlab/monitor_ssl.crt</value>
+		  <description>The corresponding SSL public certificate for
+		  the HTTP server. By default, this certificate is
+		  self-signed. You may replace the certificate later with one
+		  signed by a root CA.</description>
+		</variable>
+
+		<variable id="ca_ssl_crt" type="file">
+		  <name>Root CA SSL Public Certificate</name>
+		  <value>/etc/planetlab/monitor_ca_ssl.crt</value>
+		  <description>The certificate of the root CA, if any, that
+		  signed your server certificate. If your server certificate is
+		  self-signed, then this file is the same as your server
+		  certificate.</description>
+		</variable>
+
       </variablelist>
     </category>
     <category id="plc_rt">
diff --git a/plc.d/ssl b/plc.d/ssl
index d483d4d..afdcd22 100755
--- a/plc.d/ssl
+++ b/plc.d/ssl
@@ -81,7 +81,7 @@ case "$1" in
         MESSAGE=$"Generating SSL certificates for"
         dialog "$MESSAGE"
 
-	for server in WWW API BOOT ; do
+	for server in WWW API BOOT MONITOR; do
 	    eval "a=\$PLC_${server}_ENABLED"
             echo $a
             if [ "$a" -ne 1 ] ; then
@@ -96,7 +96,7 @@ case "$1" in
 
 	    # Check if we have already generated a certificate for
 	    # the same hostname.
-	    for previous_server in WWW API BOOT ; do
+	    for previous_server in WWW API BOOT MONITOR; do
 		if [ "$server" = "$previous_server" ] ; then
 		    break
 		fi
@@ -123,7 +123,7 @@ case "$1" in
 	# 4) and /etc/httpd/conf (Fedora Core 2). If the API, boot,
 	# and web servers are all running on the same machine, the web
 	# server certificate takes precedence.
-	for server in API BOOT WWW ; do
+	for server in API BOOT WWW MONITOR; do
 	    enabled=PLC_${server}_ENABLED
 	    if [ "${!enabled}" != "1" ] ; then
 		continue
-- 
2.47.0