added etcd https support

conf/uwsgi.ini

 [uwsgi]
 workers = 2
-uid = jijisa
 
 master = true
-socket = /home/%(uid)/porch/porch.sock
-chmod-socket = 666
+chdir = /home/%(uid)
 manage-script-name = true
 mount = /=wsgi:app
-daemonize = /home/%{uid)/porch/porch.log
-master = true
-procname = porch
-pidfile = /home/%{uid)/porch/porch.pid
+
+logto2 = /home/%(uid)/porch/porch.log
+log-maxsize = 10485760
+log-backupname = /home/%(uid)/porch/porch.log.old
+
 vacuum = true

porch/database/__init__.py

+import os
+import etcd
+
 from etcd import Client
 from porch.settings import ETCD_HOST, ETCD_PORT, ETCD_PROTO, ETCD_PREFIX
+from porch.settings import ETCD_CERT, ETCD_CA_CERT
+
+# check if ETCD_PROTO is https but there is no ETCD_CERT and ETCD_CA_CERT.
+if ETCD_PROTO == 'https':
+    for f in ETCD_CERT:
+        if not os.path.isfile(f):
+            raise Exception('Fail to set ETCD: File not found {}'.format(f))
+    if not os.path.isfile(ETCD_CA_CERT):
+        raise Exception('Fail to set ETCD: File not found {}'.format(f))
 
-etcdc = Client(
+# Read ETCD_CA_CERT if it exists.
+if ETCD_PROTO == 'https':
+    s_cacert = ''
+    with open(ETCD_CA_CERT, 'r') as f:
+        s_cacert = f.read()
+    etcdc = Client(
+            host=ETCD_HOST,
+            port=ETCD_PORT,
+            allow_reconnect=True,
+            protocol=ETCD_PROTO,
+            cert=ETCD_CERT,
+            ca_cert=ETCD_CA_CERT
+    )
+else:
+    etcdc = Client(
             host=ETCD_HOST,
             port=ETCD_PORT,
             allow_reconnect=True,
             protocol=ETCD_PROTO
     )
+
 etcdc.prefix = ETCD_PREFIX
+
+# check if ETCD_PREFIX exists on etcd server. If not, create it.
+try:
+    r = etcdc.read(etcdc.prefix)
+except etcd.EtcdKeyNotFound as e:
+    etcdc.write(etcdc.prefix, None, dir=True)
+

porch/settings.py.dev

 # Flask settings
-#FLASK_SERVER_NAME = '121.254.203.198:5000'
 FLASK_HOST = '0.0.0.0'
 FLASK_PORT = 8000
 FLASK_DEBUG = True  # Do not use debug mode in production
@@ -13,5 +12,8 @@ RESTPLUS_ERROR_404_HELP = False
 # ETCD settings
 ETCD_HOST = '192.168.24.31'
 ETCD_PORT = 2379
-ETCD_PROTO = 'http'
+ETCD_PROTO = 'http'  # 'http' or 'https'
 ETCD_PREFIX = '/porch'
+ETCD_CERT = ('/path/to/client_cert',
+             '/path/to/client_key')
+ETCD_CA_CERT = '/path/to/ca_cert'

scripts/create_adminpw.py

+import bcrypt
+import getpass
+
+p = getpass.getpass()
+
+salt = bcrypt.gensalt()
+pw = bcrypt.hashpw(bytes(p, 'utf-8'), salt)
+
+print("salt: {}".format(salt))
+print("adminpw: {}".format(pw))

scripts/create_jwt_key.py

+import os
+import binascii
+
+print(binascii.hexlify(os.urandom(24)).decode())