From 3f6604921d82f5bd1e062e8324b82c8078d6166a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= Date: Tue, 1 Jun 2021 12:38:25 +0300 Subject: [PATCH] Add ADVERTISE_ADDRESS env variable --- pinecrypt/server/cli.py | 9 ++------- pinecrypt/server/const.py | 8 ++++++++ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/pinecrypt/server/cli.py b/pinecrypt/server/cli.py index dc91e56..64c79d5 100644 --- a/pinecrypt/server/cli.py +++ b/pinecrypt/server/cli.py @@ -350,13 +350,8 @@ def pinecone_provision(): from pinecrypt.server import authority authority.self_enroll(skip_notify=True) - myips = set() - for fam, _, _, _, addrs in socket.getaddrinfo(const.FQDN, None): - if fam in(2, 10): - myips.add(addrs[0]) - # Insert/update DNS records for the replica itself - click.echo("Updating self DNS records: %s -> %s" % (const.FQDN, repr(myips))) + click.echo("Advertising via DNS: %s -> %s" % (const.FQDN, repr(const.ADVERTISE_ADDRESS))) db.certificates.update_one({ "common_name": const.FQDN, "status": "signed", @@ -366,7 +361,7 @@ def pinecone_provision(): "fqdn": const.FQDN, "san": const.AUTHORITY_NAMESPACE, }, - "ip": list(myips), + "ip": list(const.ADVERTISE_ADDRESS), } }) diff --git a/pinecrypt/server/const.py b/pinecrypt/server/const.py index e69bd5f..aeaa7fc 100644 --- a/pinecrypt/server/const.py +++ b/pinecrypt/server/const.py @@ -78,6 +78,14 @@ AUTHORITY_COMMON_NAME = "Pinecrypt Gateway at %s" % AUTHORITY_NAMESPACE AUTHORITY_ORGANIZATION = os.getenv("AUTHORITY_ORGANIZATION") AUTHORITY_LIFETIME_DAYS = 20*365 +# Advertise following IP addresses via DNS record +ADVERTISE_ADDRESS = os.getenv("ADVERTISE_ADDRESS", "").split(",") +if not ADVERTISE_ADDRESS: + ADVERTISE_ADDRESS = set() + for fam, _, _, _, addrs in socket.getaddrinfo(const.FQDN, None): + if fam in(2, 10): + ADVERTISE_ADDRESS.add(addrs[0]) + # Mailer settings SMTP_HOST = os.getenv("SMTP_HOST", "localhost") SMTP_PORT = os.getenv("SMTP_PORT", 25)