add ssl certificate fields for Monitor in default_config.xml

add ssl certificate generation for Monitor in plc.d/ssl

separate bootcd values from bootmanager configuration
build.sh now collects all the certificates that it needs to authenticate the
https sessions. As well, the BM configuration includes several new values that
control how and where it uploads logs.

BOOT_API_SERVER remains as the API server for all API calls
BOOT_SERVER is the host from which the bootstrapfs and other files are fetched.
MONITOR_SERVER is the host where logs are uploaded
UPLOAD_LOG_SCRIPT is the path to the upload script or entry point.

If the configuration value PLC_MONITOR_ENABLED=false, then MONITOR_SERVER=BOOT_SERVER
It is now much easier to extend BM in the future to upload additional files
such as for hardware information, SMART data, commands run by root users
during the session, etc.

diff --git a/default_config.xml b/default_config.xml
index 8dd0266..84bdabf 100644 (file)
--- a/default_config.xml
+++ b/default_config.xml
@@ -606,6 +606,32 @@ $Id$
           <description>The password to use when accessing the
           database, Monitor user account in the local PLC.</description>
         </variable>
+
+           <variable id="ssl_key" type="file">
+                 <name>SSL Private Key</name>
+                 <value>/etc/planetlab/monitor_ssl.key</value>
+                 <description>The SSL private key to use for encrypting HTTPS
+                 traffic.</description>
+               </variable>
+
+               <variable id="ssl_crt" type="file">
+                 <name>SSL Public Certificate</name>
+                 <value>/etc/planetlab/monitor_ssl.crt</value>
+                 <description>The corresponding SSL public certificate for
+                 the HTTP server. By default, this certificate is
+                 self-signed. You may replace the certificate later with one
+                 signed by a root CA.</description>
+               </variable>
+
+               <variable id="ca_ssl_crt" type="file">
+                 <name>Root CA SSL Public Certificate</name>
+                 <value>/etc/planetlab/monitor_ca_ssl.crt</value>
+                 <description>The certificate of the root CA, if any, that
+                 signed your server certificate. If your server certificate is
+                 self-signed, then this file is the same as your server
+                 certificate.</description>
+               </variable>
+
       </variablelist>
     </category>
     <category id="plc_rt">

diff --git a/plc.d/ssl b/plc.d/ssl
index d483d4d..afdcd22 100755 (executable)
--- a/plc.d/ssl
+++ b/plc.d/ssl
@@ -81,7 +81,7 @@ case "$1" in
         MESSAGE=$"Generating SSL certificates for"
         dialog "$MESSAGE"
 
-       for server in WWW API BOOT ; do
+       for server in WWW API BOOT MONITOR; do
            eval "a=\$PLC_${server}_ENABLED"
             echo $a
             if [ "$a" -ne 1 ] ; then
@@ -96,7 +96,7 @@ case "$1" in
 
            # Check if we have already generated a certificate for
            # the same hostname.
-           for previous_server in WWW API BOOT ; do
+           for previous_server in WWW API BOOT MONITOR; do
                if [ "$server" = "$previous_server" ] ; then
                    break
                fi
@@ -123,7 +123,7 @@ case "$1" in
        # 4) and /etc/httpd/conf (Fedora Core 2). If the API, boot,
        # and web servers are all running on the same machine, the web
        # server certificate takes precedence.
-       for server in API BOOT WWW ; do
+       for server in API BOOT WWW MONITOR; do
            enabled=PLC_${server}_ENABLED
            if [ "${!enabled}" != "1" ] ; then
                continue