From: Mohammed Morsi mmorsi@redhat.com
--- bin/deltacloud-cleanup | 1 + bin/deltacloud-configure | 1 + contrib/deltacloud-configure.spec | 4 ++ recipes/deltacloud_recipe/manifests/deltacloud.pp | 8 ++++ recipes/openssl/manifests/init.pp | 38 +++++++++++++++++++++ 5 files changed, 52 insertions(+), 0 deletions(-) create mode 100644 recipes/openssl/manifests/init.pp
diff --git a/bin/deltacloud-cleanup b/bin/deltacloud-cleanup index a359fce..a988f52 100755 --- a/bin/deltacloud-cleanup +++ b/bin/deltacloud-cleanup @@ -1,4 +1,5 @@ #!/bin/sh
+export FACTER_DELTACLOUD_ENABLE_SECURITY=true puppet /usr/share/deltacloud-configure/deltacloud_uninstall.pp \ --modulepath=/usr/share/deltacloud-configure/modules/ diff --git a/bin/deltacloud-configure b/bin/deltacloud-configure index c034d4c..bfd340e 100755 --- a/bin/deltacloud-configure +++ b/bin/deltacloud-configure @@ -1,4 +1,5 @@ #!/bin/sh
+export FACTER_DELTACLOUD_ENABLE_SECURITY=true puppet /usr/share/deltacloud-configure/deltacloud_recipe.pp \ --modulepath=/usr/share/deltacloud-configure/modules/ diff --git a/contrib/deltacloud-configure.spec b/contrib/deltacloud-configure.spec index 16a9cf1..e49877f 100644 --- a/contrib/deltacloud-configure.spec +++ b/contrib/deltacloud-configure.spec @@ -36,6 +36,7 @@ rm -rf %{buildroot} %{__cp} -R %{pbuild}/recipes/firewall/ %{buildroot}/%{dchome}/modules/firewall %{__cp} -R %{pbuild}/recipes/ntp/ %{buildroot}/%{dchome}/modules/ntp %{__cp} -R %{pbuild}/recipes/postgres/ %{buildroot}/%{dchome}/modules/postgres +%{__cp} -R %{pbuild}/recipes/openssl/ %{buildroot}/%{dchome}/modules/openssl %{__cp} -R %{pbuild}/bin/deltacloud-configure %{buildroot}/%{_sbindir}/ %{__cp} -R %{pbuild}/bin/deltacloud-cleanup %{buildroot}/%{_sbindir}/
@@ -49,6 +50,9 @@ rm -rf %{buildroot} %{dchome}
%changelog +* Thu Jan 14 2011 Mohammed Morsi mmorsi@redhat.com 2.0.0-2 +- include openssl module + * Mon Jan 10 2011 Mike Orazi morazi@redhat.com 2.0.0-1 - Make this a drop in replacement for the old deltacloud-configure scripts
diff --git a/recipes/deltacloud_recipe/manifests/deltacloud.pp b/recipes/deltacloud_recipe/manifests/deltacloud.pp index 1362f62..eef014f 100644 --- a/recipes/deltacloud_recipe/manifests/deltacloud.pp +++ b/recipes/deltacloud_recipe/manifests/deltacloud.pp @@ -12,6 +12,14 @@ import "core" import "iwhd" import "image-factory"
+if $deltacloud_enable_security == "true" or $deltacloud_enable_security == "1" { + import "openssl" + $enable_security = true +} else { + $enable_security = false +} + + # Base deltacloud class class deltacloud { # Setup repos which to pull deltacloud components diff --git a/recipes/openssl/manifests/init.pp b/recipes/openssl/manifests/init.pp new file mode 100644 index 0000000..71c5870 --- /dev/null +++ b/recipes/openssl/manifests/init.pp @@ -0,0 +1,38 @@ +class openssl { + package { "openssl": + ensure => installed + } +} + +# Create a passwordless ssl key at the location specified by the name +# (a '.key' extension will be appended to the filename). +define openssl::key($user='root', $group='root'){ + exec{"create_${name}_key": + command => "/usr/bin/openssl genrsa -des3 -passout pass:foobar -out ${name}.key 1024" + } + exec{"remove_${name}_key_password": + command => "/usr/bin/openssl rsa -passin pass:foobar -in ${name}.key -out ${name}.key", + require => Exec["create_${name}_key"] + } + exec{"chmod_${name}.key": + command => "/bin/chmod 400 ${name}.key", + require => Exec["remove_${name}_key_password"] + } + exec{"chown_${name}.key": + command => "/bin/chown ${user}.${group} ${name}.key", + require => Exec["chmod_${name}.key"] + } +} + +# Create a ssl certificate at the location specified by the name +# (a '.crt' extension will be appended to the filename). +define openssl::certificate($user='root', $group='root'){ + openssl::key{$name: + user => $user, + group => $group + } + exec{"create_${name}_certificate": + command => "/usr/bin/openssl req -new -key ${name}.key -days 3650 -out ${name}.crt -x509 -subj '/'", + require => Openssl::Key[$name] + } +}