Merge "Templatize keystone ssl keys/certs"

2014-07-09 10:55:59 +00:00 · 2014-07-09 10:55:59 +00:00 · 4b771fa654
commit 4b771fa654
parent 152e83b37d 154bbab23e
4 changed files with 10 additions and 0 deletions
--- a/elements/keystone/os-apply-config/mnt/state/etc/keystone/ssl/certs/ca.pem
+++ b/elements/keystone/os-apply-config/mnt/state/etc/keystone/ssl/certs/ca.pem
@ -0,0 +1 @@
+{{keystone.ca_certificate}}
--- a/elements/keystone/os-apply-config/mnt/state/etc/keystone/ssl/certs/signing_cert.pem
+++ b/elements/keystone/os-apply-config/mnt/state/etc/keystone/ssl/certs/signing_cert.pem
@ -0,0 +1 @@
+{{keystone.signing_certificate}}
--- a/elements/keystone/os-apply-config/mnt/state/etc/keystone/ssl/private/signing_key.pem
+++ b/elements/keystone/os-apply-config/mnt/state/etc/keystone/ssl/private/signing_key.pem
@ -0,0 +1 @@
+{{keystone.signing_key}}
--- a/elements/keystone/os-refresh-config/configure.d/10-keystone-state
+++ b/elements/keystone/os-refresh-config/configure.d/10-keystone-state
@ -3,3 +3,10 @@ set -eux

 [ -d /mnt/state/etc/keystone/ssl/certs ] || install -m 0750 -o keystone -g keystone -d /mnt/state/etc/keystone/ssl/certs
 [ -d /mnt/state/etc/keystone/ssl/private ] || install -m 0750 -o keystone -g keystone -d /mnt/state/etc/keystone/ssl/private
+
+# precreate ssl key file with correct permissions
+# TODO: this can be replaced with mode metadata header when supported in
+# os-apply-config (spec's Change-Id: I8fe7126d7261c1f106d7413bd31aa379e9ae5c3e)
+touch /mnt/state/etc/keystone/ssl/private/signing_key.pem
+chown keystone.keystone /mnt/state/etc/keystone/ssl/private/signing_key.pem
+chmod 0640 /mnt/state/etc/keystone/ssl/private/signing_key.pem