Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Refs #6875 - separate the default CA and server CA
Up until now, we used the default CA for both server and client certificates. This made practically impossible to issue the server certificates outside of the installer and pass it in as arguments. By default, the server CA is the same as default CA, unless the $server_ca_cert is specified. In the bootstrap rpm, we ship both server CA (for verifying the server) as well the default CA (for verifying the qpid by the gofer).
- Loading branch information
Showing
19 changed files
with
348 additions
and
139 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
47 changes: 47 additions & 0 deletions
47
lib/puppet/provider/certs_bootstrap_rpm/katello_ssl_tool.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
require File.expand_path('../../katello_ssl_tool', __FILE__) | ||
|
||
Puppet::Type.type(:certs_bootstrap_rpm).provide(:katello_ssl_tool) do | ||
|
||
commands :katello_certs_gen_rpm => 'katello-certs-gen-rpm' | ||
|
||
def run | ||
post_script_file = File.join(resource[:dir], 'rhsm-katello-reconfigure') | ||
File.open(post_script_file, 'w') { |f| f << resource[:bootstrap_script] } | ||
|
||
Dir.chdir(resource[:dir]) do | ||
katello_certs_gen_rpm('--name', resource[:name], | ||
'--version', '1.0', | ||
'--release', next_release, | ||
'--packager', 'None', | ||
'--vendor', 'None', | ||
'--group', 'Applications/System', | ||
'--summary', resource[:summary], | ||
'--description', resource[:description], | ||
'--requires', 'subscription-manager', | ||
'--post', post_script_file, | ||
*resource[:files]) | ||
if resource[:alias] | ||
File.delete(resource[:alias]) if File.exists?(resource[:alias]) | ||
File.symlink(last_rpm, resource[:alias]) | ||
end | ||
system('/sbin/restorecon ./*.rpm') | ||
end | ||
ensure | ||
File.delete(post_script_file) if File.exists?(post_script_file) | ||
end | ||
|
||
protected | ||
|
||
def last_rpm | ||
Dir.glob(File.join(resource[:dir], "#{resource[:name]}-*.noarch.rpm")).sort.last | ||
end | ||
|
||
def next_release | ||
if last_rpm | ||
last_rpm[/-(\d+).noarch.rpm$/, 1].to_i + 1 | ||
else | ||
1 | ||
end | ||
end | ||
|
||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
Puppet::Type.newtype(:certs_bootstrap_rpm) do | ||
|
||
@doc = "Geneate certificates bootstrap rpm for the clietns | ||
This resource generates an rpm that can be distributed to the clients to set | ||
the subscription-manager to communicate with the server. | ||
It should be subcribed to the resource that represent the server CA, | ||
so that every time the resoruce is generated, a new bootstrap rpm version. | ||
When alias is specified, it symlinks the latest rpm version to this alias | ||
for easier redistribution. | ||
" | ||
|
||
desc 'Generates the rpm with certificates for boostraping the clients' | ||
newparam(:name, :namevar => true) | ||
|
||
newparam(:dir) | ||
|
||
newparam(:summary) | ||
|
||
newparam(:description) | ||
|
||
newparam(:bootstrap_script) | ||
|
||
newparam(:files) | ||
|
||
newparam(:alias) | ||
|
||
def refresh | ||
provider.run | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.