First semiworking iteration

Container can be started with empty data directory.
After using docker exec the commands from the NOTES file can be
used to create a first cert and additional certs after that.

start.py

@@ -0,0 +1,113 @@
+#!/usr/bin/python3.4
+
+import os
+import signal
+import logging
+import time
+import hashlib
+
+cert_path='/data/haproxy'
+cert_file='/data/haproxy/cert.pem'
+pid_file='/haproxy.pid'
+
+
+def hash_cert_file():
+    if not os.path.isfile(cert_file):
+        return ''
+    aFile = open(cert_file, 'rb')
+    hasher = hashlib.sha256()
+    buf = aFile.read(65536)
+    while len(buf) > 0:
+        hasher.update(buf)
+        buf = aFile.read(65536)
+    return hasher.digest()
+
+def setup_logging():
+    """Sets up logging with a nice format"""
+    logging.basicConfig(format='%(asctime)s [%(levelname)s]: %(message)s', level=logging.INFO)
+
+def get_pid():
+    """This function reads the process id from the given file and returns as int."""
+    with open(pid_file, 'r') as file:
+        return int(file.read())
+
+def kill_haproxy():
+    """Stops the currently running instance of haproxy by issueing a kill signal to its pid."""
+    logging.info('killing haproxy')
+    try:
+        os.kill(get_pid(), signal.SIGKILL)
+    except OSError:
+        pass
+
+def start_haproxy_ssl():
+    logging.info('starting haproxy SSL')
+    os.system('/usr/sbin/haproxy -f /haproxy_ssl.conf -p /haproxy.pid')
+
+def start_haproxy():
+    logging.info('starting haproxy NON SSL')
+    os.system('/usr/sbin/haproxy -f /haproxy.conf -p /haproxy.pid')
+
+def is_haproxy_running():
+    try:
+        os.kill(get_pid(), 0)
+        return True
+    except OSError:
+        return False
+
+def ssl_possible():
+    """Check if a certificate is available."""
+    if not os.path.exists(cert_path):
+        logging.info('creating cert_path path: %s', cert_path)
+        os.mkdir(cert_path)
+
+    if not os.path.isfile(cert_file):
+        return False
+    else:
+        return True
+
+if __name__ == '__main__':
+    setup_logging()
+
+    logging.info('starting')
+
+    cert_file_hash = ''
+
+    if ssl_possible():
+        logging.info('try in SSL mode')
+        start_haproxy_ssl()
+        cert_file_hash = hash_cert_file()
+        if is_haproxy_running():
+            SSL_RUNNING=True
+        else:
+            logging.info('SSL mode failed')
+    if not is_haproxy_running() or not ssl_possible():
+        logging.info('try in NON SSL mode')
+        start_haproxy()
+        SSL_RUNNING=False
+
+    while True:
+        time.sleep(10)
+        if ssl_possible() and not SSL_RUNNING:
+            kill_haproxy()
+            start_haproxy_ssl()
+            if is_haproxy_running():
+                cert_file_hash = hash_cert_file()
+                logging.info('NON SSL -> SSL')
+                SSL_RUNNING=True
+            else:
+                start_haproxy()
+                SSL_RUNNING=False
+        if SSL_RUNNING and cert_file_hash != hash_cert_file():
+            logging.info('cert has changed')
+            kill_haproxy()
+            start_haproxy_ssl()
+            if is_haproxy_running():
+                cert_file_hash = hash_cert_file()
+                logging.info('SSL -> SSL')
+                SSL_RUNNING=True
+            else:
+                start_haproxy()
+                logging.info('SSL -> NON SSL')
+                SSL_RUNNING=False
+#        logging.info('haproxy is running: %s', str(is_haproxy_running()))
+#        logging.info('haproxy is running with SSL: %s', str(SSL_RUNNING))