bug fix: follows Debian family's certificates symlink rule.

author whitestar <whitestar@gaea.test>

Thu, 2 Mar 2017 12:44:05 +0000 (21:44 +0900)

committer whitestar <whitestar@gaea.test>

Thu, 2 Mar 2017 12:44:05 +0000 (21:44 +0900)
author whitestar <whitestar@gaea.test>
Thu, 2 Mar 2017 12:44:05 +0000 (21:44 +0900)
committer whitestar <whitestar@gaea.test>
Thu, 2 Mar 2017 12:44:05 +0000 (21:44 +0900)
diff --git a/cookbooks/ssl_cert/CHANGELOG.md b/cookbooks/ssl_cert/CHANGELOG.md

index 534cdee..29948a4 100644 (file)
--- a/cookbooks/ssl_cert/CHANGELOG.md
+++ b/cookbooks/ssl_cert/CHANGELOG.md
@@ -1,6 +1,11 @@
  ssl_cert CHANGELOG
  ==================
  
+0.3.8
+-----
+- bug fix: follows Debian family's certificates symlink rule.
+- revises documents.
+
  0.3.7
  -----
  - adds `SSLCert::Helper.get_vault_item_value` method.
diff --git a/cookbooks/ssl_cert/README.md b/cookbooks/ssl_cert/README.md

index 2286a1e..687d148 100644 (file)
--- a/cookbooks/ssl_cert/README.md
+++ b/cookbooks/ssl_cert/README.md
@@ -64,8 +64,11 @@ This cookbook deploys CA certificates, SSL server keys and/or certificates from
  |`['ssl_cert']['server_cert_vault_item_key']`|String|SSL server certificate stored vault item key name. (single key or nested hash key path delimited by slash)|`'public'`|
  |`['ssl_cert']['server_cert_file_prefix']`|String|SSL server certificate file name's prefix.|`''`|
  |`['ssl_cert']['server_cert_file_extension']`|String|SSL server certificate file name's extension. (0.3.0 or later)|`'crt'`|
-|`['ssl_cert']["#{ca}_cert_src_path"]`|String|CA certificate source file path. (0.3.3 or later)|`"#{node['ssl_cert']['certs_src_dir']}/#{node['ssl_cert']['ca_cert_file_prefix']}#{ca}.#{node['ssl_cert']['ca_cert_file_extension']}"`|
-|`['ssl_cert']["#{ca}_cert_path"]`|String|deployed CA certificate file path.|`"#{node['ssl_cert']['certs_dir']}/#{node['ssl_cert']['ca_cert_file_prefix']}#{ca}.#{node['ssl_cert']['ca_cert_file_extension']}"`|
+|`['ssl_cert']['certs_src_dir']`|String||See `attributes/default.rb`.|
+|`['ssl_cert']['certs_dir']`|String||See `attributes/default.rb`.|
+|`['ssl_cert']['private_dir']`|String||See `attributes/default.rb`.|
+|`['ssl_cert']["#{ca}_cert_src_path"]`|String|CA certificate source file path. (0.3.3 or later)|See `attributes/default.rb`.|
+|`['ssl_cert']["#{ca}_cert_path"]`|String|deployed CA certificate file path.|See `attributes/default.rb`.|
  |`['ssl_cert']["#{ca}_pubkey_path"]`|String|deployed CA public key file path. (0.2.0 or later)|`"#{node['ssl_cert']['certs_dir']}/#{node['ssl_cert']['ca_pubkey_file_prefix']}#{ca}.#{node['ssl_cert']['ca_pubkey_file_extension']}"`|
  |`['ssl_cert']["#{undotted_cn}_key_path"]`|String|deployed SSL server key file path.|`"#{node['ssl_cert']['private_dir']}/#{node['ssl_cert']['server_key_file_prefix']}#{undotted_cn}.#{node['ssl_cert']['server_key_file_extension']}"`|
  |`['ssl_cert']["#{undotted_cn}_cert_path"]`|String|deployed SSL server certificate file path.|`"#{node['ssl_cert']['certs_dir']}/#{node['ssl_cert']['server_cert_file_prefix']}#{undotted_cn}.#{node['ssl_cert']['server_cert_file_extension']}"`|
@@ -91,10 +94,18 @@ This cookbook deploys CA certificates, SSL server keys and/or certificates from
  $ ruby -rjson -e 'puts JSON.generate({"public" => File.read("grid_ca.prod.crt")})' \
  > > ~/tmp/grid_ca.prod.crt.json
  
+$ cd $CHEF_REPO_PATH
+
  $ knife vault create ca_certs grid_ca.prod \
  > --json ~/tmp/grid_ca.prod.crt.json
  ```
  
+- grant reference permission to the appropriate nodes
+
+```text
+$ knife vault update ca_certs grid_ca.prod -S 'name:*.example.com'
+```
+
  - add cookbook attributes.
  
  ```ruby
@@ -116,10 +127,18 @@ override_attributes(
  $ ruby -rjson -e 'puts JSON.generate({"public" => File.read("grid_ssh_ca.prod.pub")})' \
  > > ~/tmp/grid_ssh_ca.prod.pub.json
  
+$ cd $CHEF_REPO_PATH
+
  $ knife vault create ca_pubkeys grid_ssh_ca.prod \
  > --json ~/tmp/grid_ssh_ca.prod.pub.json
  ```
  
+- grant reference permission to the appropriate nodes
+
+```text
+$ knife vault update ca_pubkeys grid_ssh_ca.prod -S 'name:*.example.com'
+```
+
  - add cookbook attributes.
  
  ```ruby
@@ -141,10 +160,18 @@ override_attributes(
  $ ruby -rjson -e 'puts JSON.generate({"public" => File.read("grid_ssh_ca.prod.krl")})' \
  > > ~/tmp/grid_ssh_ca.prod.krl.json
  
+$ cd $CHEF_REPO_PATH
+
  $ knife vault create ssh_ca_krls grid_ssh_ca.prod \
  > --json ~/tmp/grid_ssh_ca.prod.krl.json
  ```
  
+- grant reference permission to the appropriate nodes
+
+```text
+$ knife vault update ssh_ca_krls grid_ssh_ca.prod -S 'name:*.example.com'
+```
+
  - add cookbook attributes.
  
  ```ruby
@@ -163,16 +190,25 @@ override_attributes(
  $ ruby -rjson -e 'puts JSON.generate({"private" => File.read("node_example_com.prod.key")})' \
  > > ~/tmp/node_example_com.prod.key.json
  
-$ knife vault create ssl_server_keys node.example.com.prod \
-> --json ~/tmp/node_example_com.prod.key.json
-
  $ ruby -rjson -e 'puts JSON.generate({"public" => File.read("node_example_com.prod.crt")})' \
  > > ~/tmp/node_example_com.prod.crt.json
  
+$ cd $CHEF_REPO_PATH
+
+$ knife vault create ssl_server_keys node.example.com.prod \
+> --json ~/tmp/node_example_com.prod.key.json
+
  $ knife vault create ssl_server_certs node.example.com.prod \
  > --json ~/tmp/node_example_com.prod.crt.json
  ```
  
+- grant reference permission to the appropriate nodes
+
+```text
+$ knife vault update ssl_server_keys node.example.com.prod -S 'name:node.example.com.prod'
+$ knife vault update ssl_server_certs node.example.com.prod -S 'name:node.example.com.prod'
+```
+
  - add cookbook attributes
  
  ```ruby
diff --git a/cookbooks/ssl_cert/attributes/default.rb b/cookbooks/ssl_cert/attributes/default.rb

index 55ff93c..ef6d192 100644 (file)
--- a/cookbooks/ssl_cert/attributes/default.rb
+++ b/cookbooks/ssl_cert/attributes/default.rb
@@ -168,7 +168,9 @@ node['ssl_cert']['ca_names'].each {|ca|
    default['ssl_cert']["#{ca}_cert_src_path"] \
      = "#{node['ssl_cert']['certs_src_dir']}/#{node['ssl_cert']['ca_cert_file_prefix']}#{ca}.#{node['ssl_cert']['ca_cert_file_extension']}"
    default['ssl_cert']["#{ca}_cert_path"] = node.value_for_platform_family(
-    'debian' => "#{node['ssl_cert']['certs_dir']}/#{node['ssl_cert']['ca_cert_file_prefix']}#{ca}.#{node['ssl_cert']['ca_cert_file_extension']}",
+    # Debian family's certificates symlink rule
+    # "/etc/ssl/certs/#{node['ssl_cert']['ca_cert_file_prefix']}#{ca}.pem" -> node['ssl_cert']["#{ca}_cert_src_path"]
+    'debian' => "#{node['ssl_cert']['certs_dir']}/#{node['ssl_cert']['ca_cert_file_prefix']}#{ca}.pem",
      'rhel' => node['ssl_cert']["#{ca}_cert_src_path"]
    )
  }
diff --git a/cookbooks/ssl_cert/metadata.rb b/cookbooks/ssl_cert/metadata.rb

index 695f8bf..4843570 100644 (file)
--- a/cookbooks/ssl_cert/metadata.rb
+++ b/cookbooks/ssl_cert/metadata.rb
@@ -5,7 +5,7 @@ maintainer_email ''
  license          'Apache 2.0'
  description      'Installs/Configures ssl_cert'
  long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '0.3.7'
+version          '0.3.8'
  source_url       'http://scm.osdn.jp/gitroot/metasearch/grid-chef-repo.git'
  issues_url       'https://osdn.jp/projects/metasearch/ticket'
author	whitestar <whitestar@gaea.test>
	Thu, 2 Mar 2017 12:44:05 +0000 (21:44 +0900)
committer	whitestar <whitestar@gaea.test>
	Thu, 2 Mar 2017 12:44:05 +0000 (21:44 +0900)
cookbooks/ssl_cert/CHANGELOG.md		patch \| blob \| history
cookbooks/ssl_cert/README.md		patch \| blob \| history
cookbooks/ssl_cert/attributes/default.rb		patch \| blob \| history
cookbooks/ssl_cert/metadata.rb		patch \| blob \| history