Grid環境構築用のChefリポジトリです。
Revision | f277fba89cb8ada85fcdf7ce92fe799a24d424cd (tree) |
---|---|
Time | 2017-03-02 21:44:05 |
Author | whitestar <whitestar@gaea...> |
Commiter | whitestar |
bug fix: follows Debian family's certificates symlink rule.
@@ -1,6 +1,11 @@ | ||
1 | 1 | ssl_cert CHANGELOG |
2 | 2 | ================== |
3 | 3 | |
4 | +0.3.8 | |
5 | +----- | |
6 | +- bug fix: follows Debian family's certificates symlink rule. | |
7 | +- revises documents. | |
8 | + | |
4 | 9 | 0.3.7 |
5 | 10 | ----- |
6 | 11 | - adds `SSLCert::Helper.get_vault_item_value` method. |
@@ -64,8 +64,11 @@ This cookbook deploys CA certificates, SSL server keys and/or certificates from | ||
64 | 64 | |`['ssl_cert']['server_cert_vault_item_key']`|String|SSL server certificate stored vault item key name. (single key or nested hash key path delimited by slash)|`'public'`| |
65 | 65 | |`['ssl_cert']['server_cert_file_prefix']`|String|SSL server certificate file name's prefix.|`''`| |
66 | 66 | |`['ssl_cert']['server_cert_file_extension']`|String|SSL server certificate file name's extension. (0.3.0 or later)|`'crt'`| |
67 | -|`['ssl_cert']["#{ca}_cert_src_path"]`|String|CA certificate source file path. (0.3.3 or later)|`"#{node['ssl_cert']['certs_src_dir']}/#{node['ssl_cert']['ca_cert_file_prefix']}#{ca}.#{node['ssl_cert']['ca_cert_file_extension']}"`| | |
68 | -|`['ssl_cert']["#{ca}_cert_path"]`|String|deployed CA certificate file path.|`"#{node['ssl_cert']['certs_dir']}/#{node['ssl_cert']['ca_cert_file_prefix']}#{ca}.#{node['ssl_cert']['ca_cert_file_extension']}"`| | |
67 | +|`['ssl_cert']['certs_src_dir']`|String||See `attributes/default.rb`.| | |
68 | +|`['ssl_cert']['certs_dir']`|String||See `attributes/default.rb`.| | |
69 | +|`['ssl_cert']['private_dir']`|String||See `attributes/default.rb`.| | |
70 | +|`['ssl_cert']["#{ca}_cert_src_path"]`|String|CA certificate source file path. (0.3.3 or later)|See `attributes/default.rb`.| | |
71 | +|`['ssl_cert']["#{ca}_cert_path"]`|String|deployed CA certificate file path.|See `attributes/default.rb`.| | |
69 | 72 | |`['ssl_cert']["#{ca}_pubkey_path"]`|String|deployed CA public key file path. (0.2.0 or later)|`"#{node['ssl_cert']['certs_dir']}/#{node['ssl_cert']['ca_pubkey_file_prefix']}#{ca}.#{node['ssl_cert']['ca_pubkey_file_extension']}"`| |
70 | 73 | |`['ssl_cert']["#{undotted_cn}_key_path"]`|String|deployed SSL server key file path.|`"#{node['ssl_cert']['private_dir']}/#{node['ssl_cert']['server_key_file_prefix']}#{undotted_cn}.#{node['ssl_cert']['server_key_file_extension']}"`| |
71 | 74 | |`['ssl_cert']["#{undotted_cn}_cert_path"]`|String|deployed SSL server certificate file path.|`"#{node['ssl_cert']['certs_dir']}/#{node['ssl_cert']['server_cert_file_prefix']}#{undotted_cn}.#{node['ssl_cert']['server_cert_file_extension']}"`| |
@@ -91,10 +94,18 @@ This cookbook deploys CA certificates, SSL server keys and/or certificates from | ||
91 | 94 | $ ruby -rjson -e 'puts JSON.generate({"public" => File.read("grid_ca.prod.crt")})' \ |
92 | 95 | > > ~/tmp/grid_ca.prod.crt.json |
93 | 96 | |
97 | +$ cd $CHEF_REPO_PATH | |
98 | + | |
94 | 99 | $ knife vault create ca_certs grid_ca.prod \ |
95 | 100 | > --json ~/tmp/grid_ca.prod.crt.json |
96 | 101 | ``` |
97 | 102 | |
103 | +- grant reference permission to the appropriate nodes | |
104 | + | |
105 | +```text | |
106 | +$ knife vault update ca_certs grid_ca.prod -S 'name:*.example.com' | |
107 | +``` | |
108 | + | |
98 | 109 | - add cookbook attributes. |
99 | 110 | |
100 | 111 | ```ruby |
@@ -116,10 +127,18 @@ override_attributes( | ||
116 | 127 | $ ruby -rjson -e 'puts JSON.generate({"public" => File.read("grid_ssh_ca.prod.pub")})' \ |
117 | 128 | > > ~/tmp/grid_ssh_ca.prod.pub.json |
118 | 129 | |
130 | +$ cd $CHEF_REPO_PATH | |
131 | + | |
119 | 132 | $ knife vault create ca_pubkeys grid_ssh_ca.prod \ |
120 | 133 | > --json ~/tmp/grid_ssh_ca.prod.pub.json |
121 | 134 | ``` |
122 | 135 | |
136 | +- grant reference permission to the appropriate nodes | |
137 | + | |
138 | +```text | |
139 | +$ knife vault update ca_pubkeys grid_ssh_ca.prod -S 'name:*.example.com' | |
140 | +``` | |
141 | + | |
123 | 142 | - add cookbook attributes. |
124 | 143 | |
125 | 144 | ```ruby |
@@ -141,10 +160,18 @@ override_attributes( | ||
141 | 160 | $ ruby -rjson -e 'puts JSON.generate({"public" => File.read("grid_ssh_ca.prod.krl")})' \ |
142 | 161 | > > ~/tmp/grid_ssh_ca.prod.krl.json |
143 | 162 | |
163 | +$ cd $CHEF_REPO_PATH | |
164 | + | |
144 | 165 | $ knife vault create ssh_ca_krls grid_ssh_ca.prod \ |
145 | 166 | > --json ~/tmp/grid_ssh_ca.prod.krl.json |
146 | 167 | ``` |
147 | 168 | |
169 | +- grant reference permission to the appropriate nodes | |
170 | + | |
171 | +```text | |
172 | +$ knife vault update ssh_ca_krls grid_ssh_ca.prod -S 'name:*.example.com' | |
173 | +``` | |
174 | + | |
148 | 175 | - add cookbook attributes. |
149 | 176 | |
150 | 177 | ```ruby |
@@ -163,16 +190,25 @@ override_attributes( | ||
163 | 190 | $ ruby -rjson -e 'puts JSON.generate({"private" => File.read("node_example_com.prod.key")})' \ |
164 | 191 | > > ~/tmp/node_example_com.prod.key.json |
165 | 192 | |
166 | -$ knife vault create ssl_server_keys node.example.com.prod \ | |
167 | -> --json ~/tmp/node_example_com.prod.key.json | |
168 | - | |
169 | 193 | $ ruby -rjson -e 'puts JSON.generate({"public" => File.read("node_example_com.prod.crt")})' \ |
170 | 194 | > > ~/tmp/node_example_com.prod.crt.json |
171 | 195 | |
196 | +$ cd $CHEF_REPO_PATH | |
197 | + | |
198 | +$ knife vault create ssl_server_keys node.example.com.prod \ | |
199 | +> --json ~/tmp/node_example_com.prod.key.json | |
200 | + | |
172 | 201 | $ knife vault create ssl_server_certs node.example.com.prod \ |
173 | 202 | > --json ~/tmp/node_example_com.prod.crt.json |
174 | 203 | ``` |
175 | 204 | |
205 | +- grant reference permission to the appropriate nodes | |
206 | + | |
207 | +```text | |
208 | +$ knife vault update ssl_server_keys node.example.com.prod -S 'name:node.example.com.prod' | |
209 | +$ knife vault update ssl_server_certs node.example.com.prod -S 'name:node.example.com.prod' | |
210 | +``` | |
211 | + | |
176 | 212 | - add cookbook attributes |
177 | 213 | |
178 | 214 | ```ruby |
@@ -168,7 +168,9 @@ node['ssl_cert']['ca_names'].each {|ca| | ||
168 | 168 | default['ssl_cert']["#{ca}_cert_src_path"] \ |
169 | 169 | = "#{node['ssl_cert']['certs_src_dir']}/#{node['ssl_cert']['ca_cert_file_prefix']}#{ca}.#{node['ssl_cert']['ca_cert_file_extension']}" |
170 | 170 | default['ssl_cert']["#{ca}_cert_path"] = node.value_for_platform_family( |
171 | - 'debian' => "#{node['ssl_cert']['certs_dir']}/#{node['ssl_cert']['ca_cert_file_prefix']}#{ca}.#{node['ssl_cert']['ca_cert_file_extension']}", | |
171 | + # Debian family's certificates symlink rule | |
172 | + # "/etc/ssl/certs/#{node['ssl_cert']['ca_cert_file_prefix']}#{ca}.pem" -> node['ssl_cert']["#{ca}_cert_src_path"] | |
173 | + 'debian' => "#{node['ssl_cert']['certs_dir']}/#{node['ssl_cert']['ca_cert_file_prefix']}#{ca}.pem", | |
172 | 174 | 'rhel' => node['ssl_cert']["#{ca}_cert_src_path"] |
173 | 175 | ) |
174 | 176 | } |
@@ -5,7 +5,7 @@ maintainer_email '' | ||
5 | 5 | license 'Apache 2.0' |
6 | 6 | description 'Installs/Configures ssl_cert' |
7 | 7 | long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) |
8 | -version '0.3.7' | |
8 | +version '0.3.8' | |
9 | 9 | source_url 'http://scm.osdn.jp/gitroot/metasearch/grid-chef-repo.git' |
10 | 10 | issues_url 'https://osdn.jp/projects/metasearch/ticket' |
11 | 11 |