From: whitestar <whitestar@gaea.test>
Date: Thu, 2 Mar 2017 12:44:05 +0000 (+0900)
Subject: bug fix: follows Debian family's certificates symlink rule.
X-Git-Tag: ssl_cert-0.3.8
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=refs%2Ftags%2Fssl_cert-0.3.8;p=metasearch%2Fgrid-chef-repo.git

bug fix: follows Debian family's certificates symlink rule.
---

diff --git a/cookbooks/ssl_cert/CHANGELOG.md b/cookbooks/ssl_cert/CHANGELOG.md
index 534cdee..29948a4 100644
--- a/cookbooks/ssl_cert/CHANGELOG.md
+++ b/cookbooks/ssl_cert/CHANGELOG.md
@@ -1,6 +1,11 @@
 ssl_cert CHANGELOG
 ==================
 
+0.3.8
+-----
+- bug fix: follows Debian family's certificates symlink rule.
+- revises documents.
+
 0.3.7
 -----
 - adds `SSLCert::Helper.get_vault_item_value` method.
diff --git a/cookbooks/ssl_cert/README.md b/cookbooks/ssl_cert/README.md
index 2286a1e..687d148 100644
--- a/cookbooks/ssl_cert/README.md
+++ b/cookbooks/ssl_cert/README.md
@@ -64,8 +64,11 @@ This cookbook deploys CA certificates, SSL server keys and/or certificates from
 |`['ssl_cert']['server_cert_vault_item_key']`|String|SSL server certificate stored vault item key name. (single key or nested hash key path delimited by slash)|`'public'`|
 |`['ssl_cert']['server_cert_file_prefix']`|String|SSL server certificate file name's prefix.|`''`|
 |`['ssl_cert']['server_cert_file_extension']`|String|SSL server certificate file name's extension. (0.3.0 or later)|`'crt'`|
-|`['ssl_cert']["#{ca}_cert_src_path"]`|String|CA certificate source file path. (0.3.3 or later)|`"#{node['ssl_cert']['certs_src_dir']}/#{node['ssl_cert']['ca_cert_file_prefix']}#{ca}.#{node['ssl_cert']['ca_cert_file_extension']}"`|
-|`['ssl_cert']["#{ca}_cert_path"]`|String|deployed CA certificate file path.|`"#{node['ssl_cert']['certs_dir']}/#{node['ssl_cert']['ca_cert_file_prefix']}#{ca}.#{node['ssl_cert']['ca_cert_file_extension']}"`|
+|`['ssl_cert']['certs_src_dir']`|String||See `attributes/default.rb`.|
+|`['ssl_cert']['certs_dir']`|String||See `attributes/default.rb`.|
+|`['ssl_cert']['private_dir']`|String||See `attributes/default.rb`.|
+|`['ssl_cert']["#{ca}_cert_src_path"]`|String|CA certificate source file path. (0.3.3 or later)|See `attributes/default.rb`.|
+|`['ssl_cert']["#{ca}_cert_path"]`|String|deployed CA certificate file path.|See `attributes/default.rb`.|
 |`['ssl_cert']["#{ca}_pubkey_path"]`|String|deployed CA public key file path. (0.2.0 or later)|`"#{node['ssl_cert']['certs_dir']}/#{node['ssl_cert']['ca_pubkey_file_prefix']}#{ca}.#{node['ssl_cert']['ca_pubkey_file_extension']}"`|
 |`['ssl_cert']["#{undotted_cn}_key_path"]`|String|deployed SSL server key file path.|`"#{node['ssl_cert']['private_dir']}/#{node['ssl_cert']['server_key_file_prefix']}#{undotted_cn}.#{node['ssl_cert']['server_key_file_extension']}"`|
 |`['ssl_cert']["#{undotted_cn}_cert_path"]`|String|deployed SSL server certificate file path.|`"#{node['ssl_cert']['certs_dir']}/#{node['ssl_cert']['server_cert_file_prefix']}#{undotted_cn}.#{node['ssl_cert']['server_cert_file_extension']}"`|
@@ -91,10 +94,18 @@ This cookbook deploys CA certificates, SSL server keys and/or certificates from
 $ ruby -rjson -e 'puts JSON.generate({"public" => File.read("grid_ca.prod.crt")})' \
 > > ~/tmp/grid_ca.prod.crt.json
 
+$ cd $CHEF_REPO_PATH
+
 $ knife vault create ca_certs grid_ca.prod \
 > --json ~/tmp/grid_ca.prod.crt.json
 ```
 
+- grant reference permission to the appropriate nodes
+
+```text
+$ knife vault update ca_certs grid_ca.prod -S 'name:*.example.com'
+```
+
 - add cookbook attributes.
 
 ```ruby
@@ -116,10 +127,18 @@ override_attributes(
 $ ruby -rjson -e 'puts JSON.generate({"public" => File.read("grid_ssh_ca.prod.pub")})' \
 > > ~/tmp/grid_ssh_ca.prod.pub.json
 
+$ cd $CHEF_REPO_PATH
+
 $ knife vault create ca_pubkeys grid_ssh_ca.prod \
 > --json ~/tmp/grid_ssh_ca.prod.pub.json
 ```
 
+- grant reference permission to the appropriate nodes
+
+```text
+$ knife vault update ca_pubkeys grid_ssh_ca.prod -S 'name:*.example.com'
+```
+
 - add cookbook attributes.
 
 ```ruby
@@ -141,10 +160,18 @@ override_attributes(
 $ ruby -rjson -e 'puts JSON.generate({"public" => File.read("grid_ssh_ca.prod.krl")})' \
 > > ~/tmp/grid_ssh_ca.prod.krl.json
 
+$ cd $CHEF_REPO_PATH
+
 $ knife vault create ssh_ca_krls grid_ssh_ca.prod \
 > --json ~/tmp/grid_ssh_ca.prod.krl.json
 ```
 
+- grant reference permission to the appropriate nodes
+
+```text
+$ knife vault update ssh_ca_krls grid_ssh_ca.prod -S 'name:*.example.com'
+```
+
 - add cookbook attributes.
 
 ```ruby
@@ -163,16 +190,25 @@ override_attributes(
 $ ruby -rjson -e 'puts JSON.generate({"private" => File.read("node_example_com.prod.key")})' \
 > > ~/tmp/node_example_com.prod.key.json
 
-$ knife vault create ssl_server_keys node.example.com.prod \
-> --json ~/tmp/node_example_com.prod.key.json
-
 $ ruby -rjson -e 'puts JSON.generate({"public" => File.read("node_example_com.prod.crt")})' \
 > > ~/tmp/node_example_com.prod.crt.json
 
+$ cd $CHEF_REPO_PATH
+
+$ knife vault create ssl_server_keys node.example.com.prod \
+> --json ~/tmp/node_example_com.prod.key.json
+
 $ knife vault create ssl_server_certs node.example.com.prod \
 > --json ~/tmp/node_example_com.prod.crt.json
 ```
 
+- grant reference permission to the appropriate nodes
+
+```text
+$ knife vault update ssl_server_keys node.example.com.prod -S 'name:node.example.com.prod'
+$ knife vault update ssl_server_certs node.example.com.prod -S 'name:node.example.com.prod'
+```
+
 - add cookbook attributes
 
 ```ruby
diff --git a/cookbooks/ssl_cert/attributes/default.rb b/cookbooks/ssl_cert/attributes/default.rb
index 55ff93c..ef6d192 100644
--- a/cookbooks/ssl_cert/attributes/default.rb
+++ b/cookbooks/ssl_cert/attributes/default.rb
@@ -168,7 +168,9 @@ node['ssl_cert']['ca_names'].each {|ca|
   default['ssl_cert']["#{ca}_cert_src_path"] \
     = "#{node['ssl_cert']['certs_src_dir']}/#{node['ssl_cert']['ca_cert_file_prefix']}#{ca}.#{node['ssl_cert']['ca_cert_file_extension']}"
   default['ssl_cert']["#{ca}_cert_path"] = node.value_for_platform_family(
-    'debian' => "#{node['ssl_cert']['certs_dir']}/#{node['ssl_cert']['ca_cert_file_prefix']}#{ca}.#{node['ssl_cert']['ca_cert_file_extension']}",
+    # Debian family's certificates symlink rule
+    # "/etc/ssl/certs/#{node['ssl_cert']['ca_cert_file_prefix']}#{ca}.pem" -> node['ssl_cert']["#{ca}_cert_src_path"]
+    'debian' => "#{node['ssl_cert']['certs_dir']}/#{node['ssl_cert']['ca_cert_file_prefix']}#{ca}.pem",
     'rhel' => node['ssl_cert']["#{ca}_cert_src_path"]
   )
 }
diff --git a/cookbooks/ssl_cert/metadata.rb b/cookbooks/ssl_cert/metadata.rb
index 695f8bf..4843570 100644
--- a/cookbooks/ssl_cert/metadata.rb
+++ b/cookbooks/ssl_cert/metadata.rb
@@ -5,7 +5,7 @@ maintainer_email ''
 license          'Apache 2.0'
 description      'Installs/Configures ssl_cert'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '0.3.7'
+version          '0.3.8'
 source_url       'http://scm.osdn.jp/gitroot/metasearch/grid-chef-repo.git'
 issues_url       'https://osdn.jp/projects/metasearch/ticket'