I'm cc:ing both lists during the cut-over period.
Minor comments inline.
On 01/19/2011 04:54 PM, Mohammed Morsi wrote:
> ---
> bin/deltacloud-cleanup | 1 +
> bin/deltacloud-configure | 1 +
> contrib/deltacloud-configure.spec | 6 +++-
> recipes/deltacloud_recipe/manifests/deltacloud.pp | 8 +++++
> recipes/openssl/manifests/init.pp | 34
> +++++++++++++++++++++
> 5 files changed, 49 insertions(+), 1 deletions(-)
> create mode 100644 recipes/openssl/manifests/init.pp
>
> diff --git a/bin/deltacloud-cleanup b/bin/deltacloud-cleanup
> index a359fce..a988f52 100755
> --- a/bin/deltacloud-cleanup
> +++ b/bin/deltacloud-cleanup
> @@ -1,4 +1,5 @@
> #!/bin/sh
>
> +export FACTER_DELTACLOUD_ENABLE_SECURITY=true
> puppet /usr/share/deltacloud-configure/deltacloud_uninstall.pp \
> --modulepath=/usr/share/deltacloud-configure/modules/
> diff --git a/bin/deltacloud-configure b/bin/deltacloud-configure
> index c034d4c..bfd340e 100755
> --- a/bin/deltacloud-configure
> +++ b/bin/deltacloud-configure
> @@ -1,4 +1,5 @@
> #!/bin/sh
>
> +export FACTER_DELTACLOUD_ENABLE_SECURITY=true
> puppet /usr/share/deltacloud-configure/deltacloud_recipe.pp \
> --modulepath=/usr/share/deltacloud-configure/modules/
> diff --git a/contrib/deltacloud-configure.spec
> b/contrib/deltacloud-configure.spec
> index 04ff82d..e49877f 100644
> --- a/contrib/deltacloud-configure.spec
> +++ b/contrib/deltacloud-configure.spec
> @@ -4,7 +4,7 @@
> Summary: DeltaCloud Configure Puppet Recipe
> Name: deltacloud-configure
> Version: 2.0.0
> -Release: 1%{?dist}
> +Release: 2%{?dist}
>
> Group: Applications/Internet
> License: GPLv2+
> @@ -36,6 +36,7 @@ rm -rf %{buildroot}
> %{__cp} -R %{pbuild}/recipes/firewall/
> %{buildroot}/%{dchome}/modules/firewall
> %{__cp} -R %{pbuild}/recipes/ntp/ %{buildroot}/%{dchome}/modules/ntp
> %{__cp} -R %{pbuild}/recipes/postgres/
> %{buildroot}/%{dchome}/modules/postgres
> +%{__cp} -R %{pbuild}/recipes/openssl/ %{buildroot}/%{dchome}/modules/openssl
> %{__cp} -R %{pbuild}/bin/deltacloud-configure %{buildroot}/%{_sbindir}/
> %{__cp} -R %{pbuild}/bin/deltacloud-cleanup %{buildroot}/%{_sbindir}/
>
> @@ -49,6 +50,9 @@ rm -rf %{buildroot}
> %{dchome}
>
> %changelog
> +* Thu Jan 14 2011 Mohammed Morsi<[email protected]> 2.0.0-2
> +- include openssl module
> +
> * Mon Jan 10 2011 Mike Orazi<[email protected]> 2.0.0-1
> - Make this a drop in replacement for the old deltacloud-configure scripts
>
> diff --git a/recipes/deltacloud_recipe/manifests/deltacloud.pp
> b/recipes/deltacloud_recipe/manifests/deltacloud.pp
> index 1362f62..eef014f 100644
> --- a/recipes/deltacloud_recipe/manifests/deltacloud.pp
> +++ b/recipes/deltacloud_recipe/manifests/deltacloud.pp
> @@ -12,6 +12,14 @@ import "core"
> import "iwhd"
> import "image-factory"
>
> +if $deltacloud_enable_security == "true" or $deltacloud_enable_security ==
> "1" {
> + import "openssl"
> + $enable_security = true
> +} else {
> + $enable_security = false
> +}
> +
> +
> # Base deltacloud class
> class deltacloud {
> # Setup repos which to pull deltacloud components
> diff --git a/recipes/openssl/manifests/init.pp
> b/recipes/openssl/manifests/init.pp
> new file mode 100644
> index 0000000..8249feb
> --- /dev/null
> +++ b/recipes/openssl/manifests/init.pp
> @@ -0,0 +1,34 @@
> +class openssl {
> + package { "openssl":
> + ensure => installed
> + }
> +}
> +
This might warrant a comment in the .pp just to make it very clear what
you are accomplishing in this define.
> +define openssl::key($user='root', $group='root'){
> + exec{"create_${name}_key":
> + command => "/usr/bin/openssl genrsa -des3 -passout pass:foobar -out
> ${name}.key 1024"
> + }
> + exec{"remove_${name}_key_password":
> + command => "/usr/bin/openssl rsa -passin pass:foobar -in ${name}.key
> -out ${name}.key",
> + require => Exec["create_${name}_key"]
> + }
> + exec{"chmod_${name}.key":
> + command => "/bin/chmod 400 ${name}.key",
> + require => Exec["remove_${name}_key_password"]
> + }
> + exec{"chown_${name}.key":
> + command => "/bin/chown ${user}.${group} ${name}.key",
> + require => Exec["remove_${name}_key_password"]
Do you want to require chmod instead? (Should work as is,but cuts out a
potential timing hole)
> + }
> +}
> +
> +define openssl::certificate($user='root', $group='root'){
> + openssl::key{$name:
> + user => $user,
> + group => $group
> + }
> + exec{"create_${name}_certificate":
> + command => "/usr/bin/openssl req -new -key ${name}.key -days 3650 -out
> ${name}.crt -x509 -subj '/'",
> + require => Exec["remove_${name}_key_password"]
Should this be the last exec in the define above instead? (Should work
as is,but cuts out a potential timing hole)
> + }
> +}
_______________________________________________
deltacloud-devel mailing list
[email protected]
https://fedorahosted.org/mailman/listinfo/deltacloud-devel
