openstack/puppet-vswitch
Code Issues Proposed changes
31b7721a1e
puppet-vswitch/lib/puppet/provider/vs_ssl/ovs.rb
Tim Rozet 6e3d77e9e4 Adds SSL custom type/provider 
New type for configuring SSL in OVS.  Bootstrap mode allows the switch
to accept an initial CA certificate offered by the controller.
Otherwise specify the location of the CA certificate to use in comparing
the controller's cert.  OVS only supports a single instance of SSL
configuration so the provider limits the resource declaration to a
single instance named 'system'.

Partially-Implements: blueprint opendaylight-ssl-support

Change-Id: Ic026ee0bc4f385e0f8cd7076b3044feeb935ae45
Signed-off-by: Tim Rozet <trozet@redhat.com>
2018-01-09 18:18:22 -05:00

101 lines
2.1 KiB
Ruby
Raw Blame History

Puppet::Type.type(:vs_ssl).provide(:ovs) do
commands :vsctl => 'ovs-vsctl'
bootstrap_ca_cert = '/etc/openvswitch/cacert.pem'
def singleton_check
if not @resource[:name].eql? 'system'
raise Puppet::Error, "OVS ssl provider only supports singleton instance with name 'system'"
end
end
def parse_ssl_output(filter=false)
output = vsctl('get=ssl').split("\n")
if output.empty?
return false
end
if filter == false
return output
end
output.each do |line|
key, value = line.split(': ').map(&:strip)
if key.eql? filter
return value
end
end
raise Puppet::Error, "Unable to parse ssl output for filter: #{filter} in ssl output: #{output}"
end
def create
singleton_check
unless File.file?(@resource[:key_file])
raise Puppet::Error, "Key file not found: #{@resource[:key_file]}"
end
unless File.file?(@resource[:cert_file])
raise Puppet::Error, "Certificate file not found: #{@resource[:cert_file]}"
end
if @resource[:bootstrap]
vsctl('--', '--bootstrap', 'set-ssl', @resource[:key_file], @resource[:cert_file], bootstrap_ca_cert)
else
unless File.file?(@resource[:ca_file])
raise Puppet::Error, "CA Certificate file not found: #{@resource[:ca_file]}"
end
vsctl('--', 'set-ssl', @resource[:key_file], @resource[:cert_file], @resource[:ca_file])
end
end
def destroy
vsctl('del-ssl')
end
def exists?
singleton_check
output = vsctl('get-ssl')
if output.empty?
return false
else
return true
end
end
def key_file
return parse_ssl_output('Private key')
end
def key_file=(key_file)
destroy
create
end
def cert_file
return parse_ssl_output('Certificate')
end
def cert_file=(cert_file)
destroy
create
end
def ca_file
return parse_ssl_output('CA Certificate')
end
def ca_file=(ca_file)
destroy
create
end
def bootstrap
return parse_ssl_output('Bootstrap')
end
def bootstrap=(bootstrap)
destroy
create
end
end
View Git Blame Copy Permalink