x/packstack
Code Issues Proposed changes

Refactor SSL setup to use CA to sign certificates

Browse Source 
Users can now use Packstack generated CA or provide Subordinate CA to packstack
to sign certificates used by OpenStack.

Resolves: rhbz#1163866

Change-Id: Idd89dbb7f197a194fd87576be6d95a75d059231e
This commit is contained in:
Lukas Bezdicka
2015-04-14 12:16:25 -04:00
parent 41f3e9e86c
commit 1c0c36bf40
38 changed files with 938 additions and 232 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
packstack/plugins/heat_650.py
View File

@@ -28,6 +28,7 @@ from packstack.modules.shortcuts import get_mq
from packstack.modules.ospluginutils import appendManifestFile
from packstack.modules.ospluginutils import createFirewallResources
from packstack.modules.ospluginutils import getManifestTemplate
from packstack.modules.ospluginutils import generate_ssl_cert
# ------------- Heat Packstack Plugin Initialization --------------
@@ -170,6 +171,18 @@ def initSequences(controller):
# ------------------------ step functions -------------------------
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_CONTROLLER_HOST']
ssl_cert_file = config['CONFIG_HEAT_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_heat.crt'
)
ssl_key_file = config['CONFIG_HEAT_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_heat.key'
)
service = 'heat'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat")