def build_ssl_config_file(self):
utils.make_dirs(os.path.dirname(self.ssl_config_file_name),
mode=PUBLIC_DIR_PERMS,
user=self.use_keystone_user,
group=self.use_keystone_group,
log=LOG)
if not file_exists(self.ssl_config_file_name):
with open(self.ssl_config_file_name, 'w') as ssl_config_file:
ssl_config_file.write(self.sslconfig % self.ssl_dictionary)
utils.set_permissions(self.ssl_config_file_name,
mode=PRIVATE_FILE_PERMS,
user=self.use_keystone_user,
group=self.use_keystone_group,
log=LOG)
index_file_name = os.path.join(self.conf_dir, 'index.txt')
if not file_exists(index_file_name):
with open(index_file_name, 'w') as index_file:
index_file.write('')
utils.set_permissions(index_file_name,
mode=PRIVATE_FILE_PERMS,
user=self.use_keystone_user,
group=self.use_keystone_group,
log=LOG)
serial_file_name = os.path.join(self.conf_dir, 'serial')
if not file_exists(serial_file_name):
with open(serial_file_name, 'w') as index_file:
index_file.write('01')
utils.set_permissions(serial_file_name,
mode=PRIVATE_FILE_PERMS,
user=self.use_keystone_user,
group=self.use_keystone_group,
log=LOG)
def build_ca_cert(self):
ca_key_file = self.ssl_dictionary['ca_private_key']
utils.make_dirs(os.path.dirname(ca_key_file),
mode=PRIVATE_DIR_PERMS,
user=self.use_keystone_user,
group=self.use_keystone_group, log=LOG)
if not file_exists(ca_key_file):
self.exec_command(['openssl', 'genrsa',
'-out', '%(ca_private_key)s',
'%(key_size)d'])
utils.set_permissions(ca_key_file,
mode=PRIVATE_FILE_PERMS,
user=self.use_keystone_user,
group=self.use_keystone_group, log=LOG)
ca_cert = self.ssl_dictionary['ca_cert']
utils.make_dirs(os.path.dirname(ca_cert),
mode=PUBLIC_DIR_PERMS,
user=self.use_keystone_user,
group=self.use_keystone_group, log=LOG)
if not file_exists(ca_cert):
self.exec_command(['openssl', 'req', '-new', '-x509',
'-extensions', 'v3_ca',
'-key', '%(ca_private_key)s',
'-out', '%(ca_cert)s',
'-days', '%(valid_days)d',
'-config', '%(ssl_config)s',
'-subj', '%(cert_subject)s'])
utils.set_permissions(ca_cert,
mode=PUBLIC_FILE_PERMS,
user=self.use_keystone_user,
group=self.use_keystone_group, log=LOG)
def build_ssl_config_file(self):
utils.make_dirs(os.path.dirname(self.ssl_config_file_name),
mode=PUBLIC_DIR_PERMS,
user=self.use_keystone_user,
group=self.use_keystone_group, log=LOG)
if not file_exists(self.ssl_config_file_name):
with open(self.ssl_config_file_name, 'w') as ssl_config_file:
ssl_config_file.write(self.sslconfig % self.ssl_dictionary)
utils.set_permissions(self.ssl_config_file_name,
mode=PRIVATE_FILE_PERMS,
user=self.use_keystone_user,
group=self.use_keystone_group, log=LOG)
index_file_name = os.path.join(self.conf_dir, 'index.txt')
if not file_exists(index_file_name):
with open(index_file_name, 'w') as index_file:
index_file.write('')
utils.set_permissions(index_file_name,
mode=PRIVATE_FILE_PERMS,
user=self.use_keystone_user,
group=self.use_keystone_group, log=LOG)
serial_file_name = os.path.join(self.conf_dir, 'serial')
if not file_exists(serial_file_name):
with open(serial_file_name, 'w') as index_file:
index_file.write('01')
utils.set_permissions(serial_file_name,
mode=PRIVATE_FILE_PERMS,
user=self.use_keystone_user,
group=self.use_keystone_group, log=LOG)
def build_ca_cert(self):
ca_key_file = self.ssl_dictionary['ca_private_key']
utils.make_dirs(os.path.dirname(ca_key_file),
mode=PRIVATE_DIR_PERMS,
user=self.use_keystone_user,
group=self.use_keystone_group, log=LOG)
if not file_exists(ca_key_file):
self.exec_command('openssl genrsa -out %(ca_private_key)s '
'%(key_size)d')
utils.set_permissions(ca_key_file,
mode=PRIVATE_FILE_PERMS,
user=self.use_keystone_user,
group=self.use_keystone_group, log=LOG)
ca_cert = self.ssl_dictionary['ca_cert']
utils.make_dirs(os.path.dirname(ca_cert),
mode=PUBLIC_DIR_PERMS,
user=self.use_keystone_user,
group=self.use_keystone_group, log=LOG)
if not file_exists(ca_cert):
self.exec_command('openssl req -new -x509 -extensions v3_ca '
'-passin pass:%(ca_password)s '
'-key %(ca_private_key)s -out %(ca_cert)s '
'-days %(valid_days)d '
'-config %(ssl_config)s '
'-subj %(cert_subject)s')
utils.set_permissions(ca_cert,
mode=PUBLIC_FILE_PERMS,
user=self.use_keystone_user,
group=self.use_keystone_group, log=LOG)
def build_private_key(self):
signing_keyfile = self.ssl_dictionary['signing_key']
utils.make_dirs(os.path.dirname(signing_keyfile),
mode=PRIVATE_DIR_PERMS,
user=self.use_keystone_user,
group=self.use_keystone_group, log=LOG)
if not file_exists(signing_keyfile):
self.exec_command(['openssl', 'genrsa', '-out', '%(signing_key)s',
'%(key_size)d'])
utils.set_permissions(signing_keyfile,
mode=PRIVATE_FILE_PERMS,
user=self.use_keystone_user,
group=self.use_keystone_group, log=LOG)
def build_signing_cert(self):
signing_cert = self.ssl_dictionary['signing_cert']
utils.make_dirs(os.path.dirname(signing_cert),
mode=PUBLIC_DIR_PERMS,
user=self.use_keystone_user,
group=self.use_keystone_group, log=LOG)
if not file_exists(signing_cert):
self.exec_command('openssl req -key %(signing_key)s -new -nodes '
'-out %(request_file)s -config %(ssl_config)s '
'-subj %(cert_subject)s')
self.exec_command('openssl ca -batch -out %(signing_cert)s '
'-config %(ssl_config)s -days %(valid_days)dd '
'-cert %(ca_cert)s -keyfile %(ca_private_key)s '
'-infiles %(request_file)s')
def build_signing_cert(self):
signing_cert = self.ssl_dictionary['signing_cert']
utils.make_dirs(os.path.dirname(signing_cert),
mode=PUBLIC_DIR_PERMS,
user=self.use_keystone_user,
group=self.use_keystone_group,
log=LOG)
if not file_exists(signing_cert):
self.exec_command('openssl req -key %(signing_key)s -new '
'-out %(request_file)s -config %(ssl_config)s '
'-subj %(cert_subject)s')
self.exec_command('openssl ca -batch -out %(signing_cert)s '
'-config %(ssl_config)s -days %(valid_days)dd '
'-cert %(ca_cert)s -keyfile %(ca_private_key)s '
'-infiles %(request_file)s')
def build_signing_cert(self):
signing_cert = self.ssl_dictionary['signing_cert']
utils.make_dirs(os.path.dirname(signing_cert),
mode=PUBLIC_DIR_PERMS,
user=self.use_keystone_user,
group=self.use_keystone_group, log=LOG)
if not file_exists(signing_cert):
self.exec_command(['openssl', 'req', '-key', '%(signing_key)s',
'-new', '-out', '%(request_file)s',
'-config', '%(ssl_config)s',
'-subj', '%(cert_subject)s'])
self.exec_command(['openssl', 'ca', '-batch',
'-out', '%(signing_cert)s',
'-config', '%(ssl_config)s',
'-days', '%(valid_days)dd',
'-cert', '%(ca_cert)s',
'-keyfile', '%(ca_private_key)s',
'-infiles', '%(request_file)s'])