OSDN > Find Software > Internet > WWW/HTTP > Indexing/Search > Meta Search > SCM > git > grid-chef-repo > Commit

Meta Search
Fork

R/O
HTTP
SSH
HTTPS

grid-chef-repo: Commit

Grid環境構築用のChefリポジトリです。

Commit MetaInfo

Revision	f277fba89cb8ada85fcdf7ce92fe799a24d424cd (tree)
Time	2017-03-02 21:44:05
Author	whitestar <whitestar@gaea...>
Commiter	whitestar

Log Message

bug fix: follows Debian family's certificates symlink rule.

Change Summary

modified: cookbooks/ssl_cert/CHANGELOG.md (diff)
modified: cookbooks/ssl_cert/README.md (diff)
modified: cookbooks/ssl_cert/attributes/default.rb (diff)
modified: cookbooks/ssl_cert/metadata.rb (diff)

Incremental Difference

--- a/cookbooks/ssl_cert/CHANGELOG.md

+++ b/cookbooks/ssl_cert/CHANGELOG.md

		@@ -1,6 +1,11 @@
1	1	ssl_cert CHANGELOG
2	2	==================
3	3
	4	+0.3.8
	5	+-----
	6	+- bug fix: follows Debian family's certificates symlink rule.
	7	+- revises documents.
	8	+
4	9	0.3.7
5	10	-----
6	11	- adds `SSLCert::Helper.get_vault_item_value` method.

--- a/cookbooks/ssl_cert/README.md

+++ b/cookbooks/ssl_cert/README.md

		@@ -64,8 +64,11 @@ This cookbook deploys CA certificates, SSL server keys and/or certificates from
64	64	\|`['ssl_cert']['server_cert_vault_item_key']`\|String\|SSL server certificate stored vault item key name. (single key or nested hash key path delimited by slash)\|`'public'`\|
65	65	\|`['ssl_cert']['server_cert_file_prefix']`\|String\|SSL server certificate file name's prefix.\|`''`\|
66	66	\|`['ssl_cert']['server_cert_file_extension']`\|String\|SSL server certificate file name's extension. (0.3.0 or later)\|`'crt'`\|
67		-\|`['ssl_cert']["#{ca}_cert_src_path"]`\|String\|CA certificate source file path. (0.3.3 or later)\|`"#{node['ssl_cert']['certs_src_dir']}/#{node['ssl_cert']['ca_cert_file_prefix']}#{ca}.#{node['ssl_cert']['ca_cert_file_extension']}"`\|
68		-\|`['ssl_cert']["#{ca}_cert_path"]`\|String\|deployed CA certificate file path.\|`"#{node['ssl_cert']['certs_dir']}/#{node['ssl_cert']['ca_cert_file_prefix']}#{ca}.#{node['ssl_cert']['ca_cert_file_extension']}"`\|
	67	+\|`['ssl_cert']['certs_src_dir']`\|String\|\|See `attributes/default.rb`.\|
	68	+\|`['ssl_cert']['certs_dir']`\|String\|\|See `attributes/default.rb`.\|
	69	+\|`['ssl_cert']['private_dir']`\|String\|\|See `attributes/default.rb`.\|
	70	+\|`['ssl_cert']["#{ca}_cert_src_path"]`\|String\|CA certificate source file path. (0.3.3 or later)\|See `attributes/default.rb`.\|
	71	+\|`['ssl_cert']["#{ca}_cert_path"]`\|String\|deployed CA certificate file path.\|See `attributes/default.rb`.\|
69	72	\|`['ssl_cert']["#{ca}_pubkey_path"]`\|String\|deployed CA public key file path. (0.2.0 or later)\|`"#{node['ssl_cert']['certs_dir']}/#{node['ssl_cert']['ca_pubkey_file_prefix']}#{ca}.#{node['ssl_cert']['ca_pubkey_file_extension']}"`\|
70	73	\|`['ssl_cert']["#{undotted_cn}_key_path"]`\|String\|deployed SSL server key file path.\|`"#{node['ssl_cert']['private_dir']}/#{node['ssl_cert']['server_key_file_prefix']}#{undotted_cn}.#{node['ssl_cert']['server_key_file_extension']}"`\|
71	74	\|`['ssl_cert']["#{undotted_cn}_cert_path"]`\|String\|deployed SSL server certificate file path.\|`"#{node['ssl_cert']['certs_dir']}/#{node['ssl_cert']['server_cert_file_prefix']}#{undotted_cn}.#{node['ssl_cert']['server_cert_file_extension']}"`\|

		@@ -91,10 +94,18 @@ This cookbook deploys CA certificates, SSL server keys and/or certificates from
91	94	$ ruby -rjson -e 'puts JSON.generate({"public" => File.read("grid_ca.prod.crt")})' \
92	95	> > ~/tmp/grid_ca.prod.crt.json
93	96
	97	+$ cd $CHEF_REPO_PATH
	98	+
94	99	$ knife vault create ca_certs grid_ca.prod \
95	100	> --json ~/tmp/grid_ca.prod.crt.json
96	101	```
97	102
	103	+- grant reference permission to the appropriate nodes
	104	+
	105	+```text
	106	+$ knife vault update ca_certs grid_ca.prod -S 'name:*.example.com'
	107	+```
	108	+
98	109	- add cookbook attributes.
99	110
100	111	```ruby

		@@ -116,10 +127,18 @@ override_attributes(
116	127	$ ruby -rjson -e 'puts JSON.generate({"public" => File.read("grid_ssh_ca.prod.pub")})' \
117	128	> > ~/tmp/grid_ssh_ca.prod.pub.json
118	129
	130	+$ cd $CHEF_REPO_PATH
	131	+
119	132	$ knife vault create ca_pubkeys grid_ssh_ca.prod \
120	133	> --json ~/tmp/grid_ssh_ca.prod.pub.json
121	134	```
122	135
	136	+- grant reference permission to the appropriate nodes
	137	+
	138	+```text
	139	+$ knife vault update ca_pubkeys grid_ssh_ca.prod -S 'name:*.example.com'
	140	+```
	141	+
123	142	- add cookbook attributes.
124	143
125	144	```ruby

		@@ -141,10 +160,18 @@ override_attributes(
141	160	$ ruby -rjson -e 'puts JSON.generate({"public" => File.read("grid_ssh_ca.prod.krl")})' \
142	161	> > ~/tmp/grid_ssh_ca.prod.krl.json
143	162
	163	+$ cd $CHEF_REPO_PATH
	164	+
144	165	$ knife vault create ssh_ca_krls grid_ssh_ca.prod \
145	166	> --json ~/tmp/grid_ssh_ca.prod.krl.json
146	167	```
147	168
	169	+- grant reference permission to the appropriate nodes
	170	+
	171	+```text
	172	+$ knife vault update ssh_ca_krls grid_ssh_ca.prod -S 'name:*.example.com'
	173	+```
	174	+
148	175	- add cookbook attributes.
149	176
150	177	```ruby

		@@ -163,16 +190,25 @@ override_attributes(
163	190	$ ruby -rjson -e 'puts JSON.generate({"private" => File.read("node_example_com.prod.key")})' \
164	191	> > ~/tmp/node_example_com.prod.key.json
165	192
166		-$ knife vault create ssl_server_keys node.example.com.prod \
167		-> --json ~/tmp/node_example_com.prod.key.json
168		-
169	193	$ ruby -rjson -e 'puts JSON.generate({"public" => File.read("node_example_com.prod.crt")})' \
170	194	> > ~/tmp/node_example_com.prod.crt.json
171	195
	196	+$ cd $CHEF_REPO_PATH
	197	+
	198	+$ knife vault create ssl_server_keys node.example.com.prod \
	199	+> --json ~/tmp/node_example_com.prod.key.json
	200	+
172	201	$ knife vault create ssl_server_certs node.example.com.prod \
173	202	> --json ~/tmp/node_example_com.prod.crt.json
174	203	```
175	204
	205	+- grant reference permission to the appropriate nodes
	206	+
	207	+```text
	208	+$ knife vault update ssl_server_keys node.example.com.prod -S 'name:node.example.com.prod'
	209	+$ knife vault update ssl_server_certs node.example.com.prod -S 'name:node.example.com.prod'
	210	+```
	211	+
176	212	- add cookbook attributes
177	213
178	214	```ruby

--- a/cookbooks/ssl_cert/attributes/default.rb

+++ b/cookbooks/ssl_cert/attributes/default.rb

		@@ -168,7 +168,9 @@ node['ssl_cert']['ca_names'].each {\|ca\|
168	168	default['ssl_cert']["#{ca}_cert_src_path"] \
169	169	= "#{node['ssl_cert']['certs_src_dir']}/#{node['ssl_cert']['ca_cert_file_prefix']}#{ca}.#{node['ssl_cert']['ca_cert_file_extension']}"
170	170	default['ssl_cert']["#{ca}_cert_path"] = node.value_for_platform_family(
171		- 'debian' => "#{node['ssl_cert']['certs_dir']}/#{node['ssl_cert']['ca_cert_file_prefix']}#{ca}.#{node['ssl_cert']['ca_cert_file_extension']}",
	171	+ # Debian family's certificates symlink rule
	172	+ # "/etc/ssl/certs/#{node['ssl_cert']['ca_cert_file_prefix']}#{ca}.pem" -> node['ssl_cert']["#{ca}_cert_src_path"]
	173	+ 'debian' => "#{node['ssl_cert']['certs_dir']}/#{node['ssl_cert']['ca_cert_file_prefix']}#{ca}.pem",
172	174	'rhel' => node['ssl_cert']["#{ca}_cert_src_path"]
173	175	)
174	176	}

--- a/cookbooks/ssl_cert/metadata.rb

+++ b/cookbooks/ssl_cert/metadata.rb

		@@ -5,7 +5,7 @@ maintainer_email ''
5	5	license 'Apache 2.0'
6	6	description 'Installs/Configures ssl_cert'
7	7	long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
8		-version '0.3.7'
	8	+version '0.3.8'
9	9	source_url 'http://scm.osdn.jp/gitroot/metasearch/grid-chef-repo.git'
10	10	issues_url 'https://osdn.jp/projects/metasearch/ticket'
11	11

Show on old repository browser