Code Review
/
apex-tripleo-heat-templates.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
Merge "Fix typos"
[apex-tripleo-heat-templates.git]
/
puppet
/
extraconfig
/
tls
/
tls-cert-inject.yaml
diff --git
a/puppet/extraconfig/tls/tls-cert-inject.yaml
b/puppet/extraconfig/tls/tls-cert-inject.yaml
index
b4564fc
..
77b1137
100644
(file)
--- a/
puppet/extraconfig/tls/tls-cert-inject.yaml
+++ b/
puppet/extraconfig/tls/tls-cert-inject.yaml
@@
-5,9
+5,8
@@
description: >
for the load balancer using the given parameters.
parameters:
for the load balancer using the given parameters.
parameters:
- # Can be overriden via parameter_defaults in the environment
+ # Can be overrid
d
en via parameter_defaults in the environment
SSLCertificate:
SSLCertificate:
- default: ''
description: >
The content of the SSL certificate (without Key) in PEM format.
type: string
description: >
The content of the SSL certificate (without Key) in PEM format.
type: string
@@
-17,13
+16,12
@@
parameters:
The content of an SSL intermediate CA certificate in PEM format.
type: string
SSLKey:
The content of an SSL intermediate CA certificate in PEM format.
type: string
SSLKey:
- default: ''
description: >
The content of the SSL Key in PEM format.
type: string
hidden: true
description: >
The content of the SSL Key in PEM format.
type: string
hidden: true
- # Can be overriden by parameter_defaults if the user wants to try deploying
+ # Can be overrid
d
en by parameter_defaults if the user wants to try deploying
# this in a distro that doesn't support this path.
DeployedSSLCertificatePath:
default: '/etc/pki/tls/private/overcloud_endpoint.pem'
# this in a distro that doesn't support this path.
DeployedSSLCertificatePath:
default: '/etc/pki/tls/private/overcloud_endpoint.pem'
@@
-49,18
+47,27
@@
resources:
- name: cert_chain_content
outputs:
- name: chain_md5sum
- name: cert_chain_content
outputs:
- name: chain_md5sum
+ - name: cert_modulus
+ - name: key_modulus
config: |
#!/bin/sh
config: |
#!/bin/sh
- cat
<< EOF | tee ${cert_path} > /dev/null
+ cat
> ${cert_path} << EOF
${cert_chain_content}
EOF
chmod 0440 ${cert_path}
chown root:haproxy ${cert_path}
md5sum ${cert_path} > ${heat_outputs_path}.chain_md5sum
${cert_chain_content}
EOF
chmod 0440 ${cert_path}
chown root:haproxy ${cert_path}
md5sum ${cert_path} > ${heat_outputs_path}.chain_md5sum
+ openssl x509 -noout -modulus -in ${cert_path} \
+ | openssl md5 | cut -c 10- \
+ > ${heat_outputs_path}.cert_modulus
+ openssl rsa -noout -modulus -in ${cert_path} \
+ | openssl md5 | cut -c 10- \
+ > ${heat_outputs_path}.key_modulus
ControllerTLSDeployment:
type: OS::Heat::SoftwareDeployment
properties:
ControllerTLSDeployment:
type: OS::Heat::SoftwareDeployment
properties:
+ name: ControllerTLSDeployment
config: {get_resource: ControllerTLSConfig}
server: {get_param: server}
input_values:
config: {get_resource: ControllerTLSConfig}
server: {get_param: server}
input_values:
@@
-79,3
+86,9
@@
outputs:
deployed_ssl_certificate_path:
description: The location that the TLS certificate was deployed to.
value: {get_param: DeployedSSLCertificatePath}
deployed_ssl_certificate_path:
description: The location that the TLS certificate was deployed to.
value: {get_param: DeployedSSLCertificatePath}
+ key_modulus_md5:
+ description: MD5 checksum of the Key SSL Modulus
+ value: {get_attr: [ControllerTLSDeployment, key_modulus]}
+ cert_modulus_md5:
+ description: MD5 checksum of the Certificate SSL Modulus
+ value: {get_attr: [ControllerTLSDeployment, cert_modulus]}