HTTPS cert changes

o No longer use the self signed cert genetated by the mod_ssl package o generate our own self signed cert o add options so user can specify their own cert to use o close port 80 if using ssl for horizon o Adds a new resources member to the controller object, this contains a list of files to be copied to remote host Addresses some of the points raised in https://bugzilla.redhat.com/show_bug.cgi?id=919071 Change-Id: I9182b07481fd396a8a250ea045428a5c382eb2b1
2013-03-10 17:35:16 -04:00
parent b366123ecc
commit ae1b33dcc4
6 changed files with 156 additions and 3 deletions
--- a/packstack/puppet/modules/packstack/templates/ssl/generate_ssl_certs.sh.erb
+++ b/packstack/puppet/modules/packstack/templates/ssl/generate_ssl_certs.sh.erb
@@ -0,0 +1,37 @@
+#!/bin/env bash
+
+FQDN=`hostname`
+if [ "x${FQDN}" = "x" ]; then
+   FQDN=localhost.localdomain
+fi
+
+SSLKEY=/etc/pki/tls/private/ssl_ps_server.key
+SSLCERT=/etc/pki/tls/certs/ssl_ps_server.crt
+
+# If packstack dropped a cert in the resources directory then we
+# use that instead of generating one
+if [ -f $PACKSTACK_VAR_DIR/resources/ssl_ps_server.crt ] ; then
+    cp  $PACKSTACK_VAR_DIR/resources/ssl_ps_server.crt $SSLCERT
+    cp  $PACKSTACK_VAR_DIR/resources/ssl_ps_server.key $SSLKEY
+    exit 0
+fi
+
+umask 277
+
+answers() {
+        echo --
+        echo State
+        echo City
+        echo openstack
+        echo packstack
+        echo $1
+        echo admin@$1
+        echo
+        echo
+}
+
+
+# gen key and self signed host cert
+openssl genrsa -rand 2048 > $SSLKEY 2> /dev/null
+answers $FQDN | openssl req -new -x509 -days 1096 -key $SSLKEY -text -out $SSLCERT
+