... | ... | @@ -8,7 +8,7 @@ For these reasons, and to prevent multiple calls to OCSP and the Device Registry |
|
|
|
|
|
# CertCache Documentation
|
|
|
|
|
|
CertCache is a set of processes, APIs, and a database for maintaining extra information acout client certs issued by CloudPath. It is designed to integrate with the following services:
|
|
|
CertCache is a [Node](https://nodejs.org/) application, providing a set of processes, and an API, a webhook endpoint, and a database for maintaining extra information acout client certs issued by CloudPath. It is designed to integrate with the following services:
|
|
|
|
|
|
* [CloudPath](http://cloudpath.net/), via webhook (POST) notifications through the [AWS](https://aws.amazon.com/) [API Gateway](https://aws.amazon.com/api-gateway/) to an AWS [SQS](https://aws.amazon.com/sqs/) queue.
|
|
|
* Device Registry, via a RESTful [API]([API](https://certcache.itlab.stanford.edu/api-docs/)
|
... | ... | @@ -24,18 +24,17 @@ There is a separate page describing the overall [architecture](architecture). |
|
|
|
|
|
As described in the [architecture](architecture) page, there are several components to CertCache, and those are spread across several projects.
|
|
|
|
|
|
The API and queue processing code is contained in this [project](/et/certcache/)
|
|
|
The Node application (API and queue processing) is the [certcache](https://code.stanford.edu/et/certcache/) repository.
|
|
|
|
|
|
The AWS API Gateway and SQS configuration is maintained in [Terraform](https://terraform.io) using a custom [certcache](/tf_modules/certcache) module; for IT Lab the general configuration is in the [pacific-aws](/et/pacific-aws/) project.
|
|
|
The AWS API Gateway and SQS configuration is handled by [Terraform](https://terraform.io) using a custom [certcache](https://code.stanford.edu/tf_modules/certcache) module; for IT Lab the general configuration is in the [pacific-aws](https://code.stanford.edu/et/pacific-aws/) project.
|
|
|
|
|
|
|
|
|
The container image is built on a base Debian Stretch + NodeJS [image](/et/core-node/), using a [Packer][https://packer.io/] [build project](/et/core-certcache/).
|
|
|
The container image is built on a base Debian Stretch + NodeJS [image](https://code.stanford.edu/et/core-node/), using a [Packer](https://packer.io/) [build project](https://code.stanford.edu/et/core-certcache/).
|
|
|
|
|
|
## Unit Definition
|
|
|
|
|
|
The CertCache image is currently run as a container using [fleet](https://github.com/coreos/fleet) unit; it will migrate to [Kubernetes](https://kubernetes.io/) in the near future. The unit file is used to start and stop the container, and to register the container with a load balancer (the LB is also used for SSL offload).
|
|
|
|
|
|
The unit definition is in the [itlab-apps](/et/itlab-apps) project as [certcache/units/certcache.service](/et/itlab-apps/blob/master/certcache/units/certache.service), along with an [envvars](/et/itlab-apps/blob/master/certcache/envvars) file to define the runtime environment.
|
|
|
The unit definition is in the [itlab-apps](https://code.stanford.edu/et/itlab-apps) project as [certcache/units/certcache.service](https://code.stanford.edu/et/itlab-apps/blob/master/certcache/units/certache.service), along with an [envvars](https://code.stanford.edu/et/itlab-apps/blob/master/certcache/envvars) file to define the runtime environment.
|
|
|
|
|
|
CertCache uses the following environment variables
|
|
|
|
... | ... | |