[Func-list] Improving interoperability with existing cert file

Fri, 27 Jun 2008 01:37:14 -0700 

Hi, all.

I'm working on improving interoperability with existing CA/cert file.

In my network I'm using Puppet to manage services. Puppet(puppetmasterd) has 
its own CA to
communicate with clients(puppetd). so I think that certmaster is not needed for 
using func.

But, the cert file extension used by Func and Puppet is different. 
The former uses '.cert', the latter uses '.pem'. Therefore Func can not
recognize cert file created by Puppet.

My patches against func/certmaster are adding 'cert_extension' option in 
certmaster.conf. 
This patch allows Func to use Puppet's cert to communicate, configuring 
'cert_extension = pem'.

People who is interested in using Func with puppet should configure some 
symbolic links as following:
(Of course, you need to apply my patches before you try.)

On the machine running puppetmasterd:

 # cd /var/lib/puppet/ssl/ca
 # openssl rsa -in ca_key.pem -out ca_key_nopassphase.pem -passin 
file:private/ca.pass
 # ln -s ca_key_nopassphase.pem certmaster.key
 # ln -s ca_crt.pem certmaster.crt

and configuring certmaster.conf:

    cert_extension = pem
    cadir = /var/lib/puppet/ssl/ca

and starting func.

On the machine running puppetd:

 # cd /var/lib/puppet/ssl
 # mkdir func && cd func
 # ln -s ../certs/ca.pem ca.cert
 # ln -s ../certs/${HOSTNAME}.pem ${HOSTNAME}.cert
 # ln -s ../csr_${HOSTNAME}.pem ${HOSTNAME}.csr
 # ln -s ../private_keys/${HOSTNAME}.pem

and configuring minion.conf:

    cert_dir = /var/lib/puppet/ssl/func

and starting func.

Finally you can use func on the machine running puppetmasterd.

P.S.

My git repositores are available on github.

    http://github.com/nabeken/certmaster/tree/master
    http://github.com/nabeken/func/tree/master

-- 
TANABE nabeken Ken-ichi
Linux rin.tokyo.tknetworks.org 2.6.25-gentoo-r1 i686 Intel(R) Pentium(R) M 
processor 1.10GHz GNU/Linux
 15:40:37 up  1:33,  5 users,  load average: 0.17, 0.34, 0.25
Mailto: [EMAIL PROTECTED] @gmail.com @tsuntsun.net @meganekkomoe.org

_______________________________________________
Func-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/func-list





















					Reply via email to