[deltacloud-devel] [PATCH 1/3] integrate openssl security into aeolus configure/recipe

[Mohammed Morsi]

---
 bin/deltacloud-cleanup                            |    1 +
 bin/deltacloud-configure                          |    1 +
 contrib/deltacloud-configure.spec                 |    6 +++-
 recipes/deltacloud_recipe/manifests/deltacloud.pp |    8 +++++
 recipes/openssl/manifests/init.pp                 |   34 +++++++++++++++++++++
 5 files changed, 49 insertions(+), 1 deletions(-)
 create mode 100644 recipes/openssl/manifests/init.pp

diff --git a/bin/deltacloud-cleanup b/bin/deltacloud-cleanup
index a359fce..a988f52 100755
--- a/bin/deltacloud-cleanup
+++ b/bin/deltacloud-cleanup
@@ -1,4 +1,5 @@
 #!/bin/sh
 
+export FACTER_DELTACLOUD_ENABLE_SECURITY=true
 puppet /usr/share/deltacloud-configure/deltacloud_uninstall.pp \
        --modulepath=/usr/share/deltacloud-configure/modules/
diff --git a/bin/deltacloud-configure b/bin/deltacloud-configure
index c034d4c..bfd340e 100755
--- a/bin/deltacloud-configure
+++ b/bin/deltacloud-configure
@@ -1,4 +1,5 @@
 #!/bin/sh
 
+export FACTER_DELTACLOUD_ENABLE_SECURITY=true
 puppet /usr/share/deltacloud-configure/deltacloud_recipe.pp \
        --modulepath=/usr/share/deltacloud-configure/modules/
diff --git a/contrib/deltacloud-configure.spec 
b/contrib/deltacloud-configure.spec
index 04ff82d..e49877f 100644
--- a/contrib/deltacloud-configure.spec
+++ b/contrib/deltacloud-configure.spec
@@ -4,7 +4,7 @@
 Summary:  DeltaCloud Configure Puppet Recipe
 Name:     deltacloud-configure
 Version:  2.0.0
-Release:  1%{?dist}
+Release:  2%{?dist}
 
 Group:    Applications/Internet
 License:  GPLv2+
@@ -36,6 +36,7 @@ rm -rf %{buildroot}
 %{__cp} -R %{pbuild}/recipes/firewall/ %{buildroot}/%{dchome}/modules/firewall
 %{__cp} -R %{pbuild}/recipes/ntp/ %{buildroot}/%{dchome}/modules/ntp
 %{__cp} -R %{pbuild}/recipes/postgres/ %{buildroot}/%{dchome}/modules/postgres
+%{__cp} -R %{pbuild}/recipes/openssl/ %{buildroot}/%{dchome}/modules/openssl
 %{__cp} -R %{pbuild}/bin/deltacloud-configure %{buildroot}/%{_sbindir}/
 %{__cp} -R %{pbuild}/bin/deltacloud-cleanup %{buildroot}/%{_sbindir}/
 
@@ -49,6 +50,9 @@ rm -rf %{buildroot}
 %{dchome}
 
 %changelog
+* Thu Jan 14 2011 Mohammed Morsi <mmo...@redhat.com> 2.0.0-2
+- include openssl module
+
 * Mon Jan 10 2011 Mike Orazi <mor...@redhat.com> 2.0.0-1
 - Make this a drop in replacement for the old deltacloud-configure scripts
 
diff --git a/recipes/deltacloud_recipe/manifests/deltacloud.pp 
b/recipes/deltacloud_recipe/manifests/deltacloud.pp
index 1362f62..eef014f 100644
--- a/recipes/deltacloud_recipe/manifests/deltacloud.pp
+++ b/recipes/deltacloud_recipe/manifests/deltacloud.pp
@@ -12,6 +12,14 @@ import "core"
 import "iwhd"
 import "image-factory"
 
+if $deltacloud_enable_security == "true" or $deltacloud_enable_security == "1" 
{
+  import "openssl"
+  $enable_security = true
+} else {
+  $enable_security = false
+}
+
+
 # Base deltacloud class
 class deltacloud {
   # Setup repos which to pull deltacloud components
diff --git a/recipes/openssl/manifests/init.pp 
b/recipes/openssl/manifests/init.pp
new file mode 100644
index 0000000..8249feb
--- /dev/null
+++ b/recipes/openssl/manifests/init.pp
@@ -0,0 +1,34 @@
+class openssl {
+  package { "openssl":
+    ensure => installed
+  }
+}
+
+define openssl::key($user='root', $group='root'){
+  exec{"create_${name}_key":
+    command => "/usr/bin/openssl genrsa -des3 -passout pass:foobar -out 
${name}.key 1024"
+  }
+  exec{"remove_${name}_key_password":
+    command => "/usr/bin/openssl rsa -passin pass:foobar -in ${name}.key -out 
${name}.key",
+    require => Exec["create_${name}_key"]
+  }
+  exec{"chmod_${name}.key":
+    command => "/bin/chmod 400 ${name}.key",
+    require => Exec["remove_${name}_key_password"]
+  }
+  exec{"chown_${name}.key":
+    command => "/bin/chown ${user}.${group} ${name}.key",
+    require => Exec["remove_${name}_key_password"]
+  }
+}
+
+define openssl::certificate($user='root', $group='root'){
+  openssl::key{$name:
+     user  => $user,
+     group => $group 
+  }
+  exec{"create_${name}_certificate":
+    command => "/usr/bin/openssl req -new -key ${name}.key -days 3650 -out 
${name}.crt -x509 -subj '/'",
+    require => Exec["remove_${name}_key_password"]
+  }
+}
-- 
1.7.2.3

_______________________________________________
deltacloud-devel mailing list
deltacloud-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/deltacloud-devel