license 'Apache 2.0'
description 'Installs/Configures openldap'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version '0.1.1'
+version '0.1.2'
-depends 'ssl_cert'
+depends 'ssl_cert', '>= 0.1.5'
[
'slapd',
'ldap-utils',
+ 'ssl-cert',
].each {|pkg|
resources(:package => pkg) rescue package pkg do
action :install
end
}
-
- service 'slapd' do
- action [:enable, :start]
- supports :status => true, :restart => true, :reload => false
+
+ # for SSL server key access
+ group 'ssl-cert' do
+ action :modify
+ members 'openldap'
+ append true
end
when 'rhel'
[
end
}
- service 'slapd' do
- #action [:enable, :start]
- action [:enable]
- supports :status => true, :restart => true, :reload => false
+ # for SSL server key access
+ if node['openldap']['with_ssl_cert_cookbook'] \
+ && node['ssl_cert']['rhel']['key_access_group'] != 'root' then
+ group node['ssl_cert']['rhel']['key_access_group'] do
+ action :modify
+ members 'ldap'
+ append true
+ end
end
end
+# deploy ldif file for TLS settings.
if node['openldap']['with_ssl_cert_cookbook'] then
[
'00_olc-add-ldaps.ldif',
}
end
+service 'slapd' do
+ #action [:enable, :start]
+ action [:enable]
+ supports :status => true, :restart => true, :reload => false
+end
+
log <<-EOM
Note:
You must setup OpenLDAP configurations in the first installation:
ssl_cert CHANGELOG
==================
+0.1.5
+-----
+- add ['ssl_cert']['rhel']['key_access_group'] attribute.
+
0.1.4
-----
- improvement for vault item key setting (add nested hash key path format delimited by slash)
|:--|:--|:--|:--|
|`['ssl_cert']['ca_names']`|Array|deployed CA certificates from chef-vault|empty|
|`['ssl_cert']['common_names']`|Array|deployed server keys and/or certificates from chef-vault|empty|
+|`['ssl_cert']['rhel']['key_access_group']`|String|RHEL family's key access group (ver. 0.1.5 or later)|`'ssl-cert'`|
|`['ssl_cert']['chef_gem']['clear_sources']`|Boolean|chef_gem resource's clear_sources property.|`false`|
|`['ssl_cert']['chef_gem']['source']`|String|chef_gem resource's source property.|`nil`|
|`['ssl_cert']['chef_gem']['options']`|String|chef_gem resource's options property.|`nil`|
#'ldap.grid.example.com',
]
+# debian key access group is 'ssl-cert'
+default['ssl_cert']['rhel']['key_access_group'] = 'ssl-cert'
+
# for chef-vault installation
default['ssl_cert']['chef_gem']['clear_sources'] = false
default['ssl_cert']['chef_gem']['source'] = nil
def get_private_key_group
+ if node['ssl_cert']['rhel']['key_access_group'].nil? \
+ || node['ssl_cert']['rhel']['key_access_group'].empty? then
+ node.override['ssl_cert']['rhel']['key_access_group'] = 'root'
+ end
+
node.value_for_platform_family(
'debian' => 'ssl-cert',
- 'rhel' => 'root',
+ 'rhel' => node['ssl_cert']['rhel']['key_access_group'],
'default' => 'root',
)
end
key_path = node['ssl_cert']["#{undotted_cn}_key_path"]
key_group = get_private_key_group
+ group key_group do
+ system true
+ action :create
+ end
key_mode = get_private_key_mode
+
resources(:file => key_path) rescue file key_path do
content secret
sensitive true
license 'Apache 2.0'
description 'Installs/Configures ssl_cert'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version '0.1.4'
+version '0.1.5'