Grid環境構築用のChefリポジトリです。
Revision | 6b388cdd1d72b8b3069db081a6da2db19a9fad1e (tree) |
---|---|
Zeit | 2016-01-05 14:50:59 |
Autor | whitestar <whitestar@gaea...> |
Commiter | whitestar |
a little modified.
@@ -1,6 +1,10 @@ | ||
1 | 1 | ssl_cert CHANGELOG |
2 | 2 | ================== |
3 | 3 | |
4 | +0.1.1 | |
5 | +----- | |
6 | +- a little modified. | |
7 | + | |
4 | 8 | 0.1.0 |
5 | 9 | ----- |
6 | 10 | - Initial release of ssl_cert |
@@ -22,7 +22,7 @@ Attributes | ||
22 | 22 | |`['ssl_cert']['chef_gem']['source']`|String|chef_gem resource's source property.|`nil`| |
23 | 23 | |`['ssl_cert']['chef_gem']['options']`|String|chef_gem resource's options property.|`nil`| |
24 | 24 | |`['ssl_cert']['chef-vault']['version']`|String|chef-vault installation version.|`'~> 2.6'`| |
25 | -|`['ssl_cert']['env_context']`|String|node's environment.|`node.chef_environment`| | |
25 | +|`['ssl_cert']['env_context']`|String|node's environment or nil/empty.|`node.chef_environment`| | |
26 | 26 | |`['ssl_cert']['ca_cert_vault']`|String|CA certificate stored vault name.|`'ca_certs'`| |
27 | 27 | |`['ssl_cert']['server_key_vault']`|String|SSL server key stored vault name.|`'ssl_server_keys'`| |
28 | 28 | |`['ssl_cert']['server_cert_vault']`|String|SSL server certificate stored vault name.|`'ssl_server_certs'`| |
@@ -44,7 +44,7 @@ default['ssl_cert']['ca_cert_vault'] = 'ca_certs' | ||
44 | 44 | * vault item management |
45 | 45 | |
46 | 46 | $ ruby -rjson -e 'puts JSON.generate({"public" => File.read("grid_ca.prod.crt")})' \ |
47 | - > > grid_ca.prod.crt.json | |
47 | + > > ~/tmp/grid_ca.prod.crt.json | |
48 | 48 | $ knife vault create ca_certs grid_ca.prod \ |
49 | 49 | > --json ~/tmp/grid_ca.prod.crt.json |
50 | 50 | =end |
@@ -58,9 +58,9 @@ default['ssl_cert']['server_key_vault'] = 'ssl_server_keys' | ||
58 | 58 | * vault item management |
59 | 59 | |
60 | 60 | $ ruby -rjson -e 'puts JSON.generate({"private" => File.read("node_example_com.prod.key")})' \ |
61 | - > > node_example_com.prod.key.json | |
61 | + > > ~/tmp/node_example_com.prod.key.json | |
62 | 62 | $ knife vault create ssl_server_keys node.example.com.prod \ |
63 | - > --json node_example_com.prod.key.json | |
63 | + > --json ~/tmp/node_example_com.prod.key.json | |
64 | 64 | =end |
65 | 65 | |
66 | 66 | default['ssl_cert']['server_cert_vault'] = 'ssl_server_certs' |
@@ -72,9 +72,9 @@ default['ssl_cert']['server_cert_vault'] = 'ssl_server_certs' | ||
72 | 72 | * vault item management |
73 | 73 | |
74 | 74 | $ ruby -rjson -e 'puts JSON.generate({"public" => File.read("node_example_com.prod.crt")})' \ |
75 | - > > node_example_com.prod.crt.json | |
75 | + > > ~/tmp/node_example_com.prod.crt.json | |
76 | 76 | $ knife vault create ssl_server_certs node.example.com.prod \ |
77 | - > --json node_example_com.prod.crt.json | |
77 | + > --json ~/tmp/node_example_com.prod.crt.json | |
78 | 78 | =end |
79 | 79 | |
80 | 80 | undotted_cns = node['ssl_cert']['common_names'].map {|item| |
@@ -69,6 +69,16 @@ module Helper | ||
69 | 69 | end |
70 | 70 | |
71 | 71 | |
72 | + def env_suffix | |
73 | + suffix = | |
74 | + (!node['ssl_cert']['env_context'].nil? && !node['ssl_cert']['env_context'].empty?) \ | |
75 | + ? ".#{node['ssl_cert']['env_context']}" \ | |
76 | + : '' | |
77 | + | |
78 | + return suffix | |
79 | + end | |
80 | + | |
81 | + | |
72 | 82 | def ca_certificate(ca) |
73 | 83 | undotted_ca = ca.gsub('.', '_') |
74 | 84 |
@@ -76,7 +86,7 @@ module Helper | ||
76 | 86 | require 'chef-vault' |
77 | 87 | cert = ChefVault::Item.load( |
78 | 88 | node['ssl_cert']['ca_cert_vault'], |
79 | - "#{ca}.#{node['ssl_cert']['env_context']}")['public'] | |
89 | + "#{ca}#{env_suffix}")['public'] | |
80 | 90 | |
81 | 91 | cert_path = node['ssl_cert']["#{undotted_ca}_cert_path"] |
82 | 92 | resources(:file => cert_path) rescue file cert_path do |
@@ -95,7 +105,7 @@ module Helper | ||
95 | 105 | require 'chef-vault' |
96 | 106 | cert = ChefVault::Item.load( |
97 | 107 | node['ssl_cert']['server_cert_vault'], |
98 | - "#{cn}.#{node['ssl_cert']['env_context']}")['public'] | |
108 | + "#{cn}#{env_suffix}")['public'] | |
99 | 109 | |
100 | 110 | cert_path = node['ssl_cert']["#{undotted_cn}_cert_path"] |
101 | 111 | resources(:file => cert_path) rescue file cert_path do |
@@ -116,7 +126,7 @@ module Helper | ||
116 | 126 | require 'chef-vault' |
117 | 127 | secret = ChefVault::Item.load( |
118 | 128 | node['ssl_cert']['server_key_vault'], |
119 | - "#{cn}.#{node['ssl_cert']['env_context']}")['private'] | |
129 | + "#{cn}#{env_suffix}")['private'] | |
120 | 130 | |
121 | 131 | key_path = node['ssl_cert']["#{undotted_cn}_key_path"] |
122 | 132 | key_group = get_private_key_group |
@@ -4,4 +4,4 @@ maintainer_email '' | ||
4 | 4 | license 'Apache 2.0' |
5 | 5 | description 'Installs/Configures ssl_cert' |
6 | 6 | long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) |
7 | -version '0.1.0' | |
7 | +version '0.1.1' |