simp-beaker-helpers 1.2.0 → 1.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/lib/simp/beaker_helpers.rb +23 -6
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
1
|
---
|
|
2
2
|
!binary "U0hBMQ==":
|
|
3
3
|
metadata.gz: !binary |-
|
|
4
|
-
|
|
4
|
+
YjliNTUyNTQzNzFkNjZkYWZlNjU2YTA3OGFjMWUyZGU3NWFiZGQ2Yw==
|
|
5
5
|
data.tar.gz: !binary |-
|
|
6
|
-
|
|
6
|
+
N2VlYzNjMGM3ZDMwZTk5Y2ZiOWE1OWJkODUyMzA1ODJmZjVlNDQwNw==
|
|
7
7
|
SHA512:
|
|
8
8
|
metadata.gz: !binary |-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
NzU0ZjJmZTNlNmIwNzNlYzE4ZGE3YmFmZDc5MDUzMjIyMzE5M2JmNGUxMjJm
|
|
10
|
+
Zjc3MzU3NDhmZWYzYTJjMjA5ODc4MDJhYjUwYzAyMTA0NTNmOTYwM2IwYWQy
|
|
11
|
+
NzM4NWJmMjZjZTRmOWZmYzgwMDFjNzllOGVkOTA5ZjY4MTEwZDg=
|
|
12
12
|
data.tar.gz: !binary |-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
13
|
+
OTc5YTI3YjBmYTI4NjU5ODcxN2FlYTE5Y2Y2NGU2NjlhMzg2NTk0NWQ1NDRl
|
|
14
|
+
NTdmZmMzYjFiMjNiYmI2OTExZmE1ZTQ0Mjg2ZDIxYTdmZWVhZDBjYzMzMjUw
|
|
15
|
+
NDc5ZWJiYjEyN2M4NjA1NzM3OTA2Y2U4ZTRmNjI0YTM5ZjA1YTE=
|
data/lib/simp/beaker_helpers.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
module Simp; end
|
|
2
2
|
|
|
3
3
|
module Simp::BeakerHelpers
|
|
4
|
-
VERSION = '1.2.
|
|
4
|
+
VERSION = '1.2.1'
|
|
5
5
|
|
|
6
6
|
# use the `puppet fact` face to look up facts on an SUT
|
|
7
7
|
def pfact_on(sut, fact_name)
|
|
@@ -230,10 +230,10 @@ DEFAULT_KERNEL_TITLE=`/sbin/grubby --info=\\\${DEFAULT_KERNEL_INFO} | grep -m1 t
|
|
|
230
230
|
puts "== Fake PKI CA"
|
|
231
231
|
pki_dir = File.expand_path( "../../files/pki", File.dirname(__FILE__))
|
|
232
232
|
host_dir = '/root/pki'
|
|
233
|
-
fqdns = fact_on
|
|
233
|
+
fqdns = fact_on(hosts, 'fqdn')
|
|
234
234
|
|
|
235
235
|
on ca_sut, %Q(mkdir -p "#{host_dir}")
|
|
236
|
-
Dir[ File.join(pki_dir, '*')].each
|
|
236
|
+
Dir[ File.join(pki_dir, '*') ].each{|f| scp_to( ca_sut, f, host_dir)}
|
|
237
237
|
|
|
238
238
|
# generate PKI certs for each SUT
|
|
239
239
|
Dir.mktmpdir do |dir|
|
|
@@ -241,7 +241,7 @@ DEFAULT_KERNEL_TITLE=`/sbin/grubby --info=\\\${DEFAULT_KERNEL_INFO} | grep -m1 t
|
|
|
241
241
|
File.open(pki_hosts_file, 'w'){|fh| fqdns.each{|fqdn| fh.puts fqdn}}
|
|
242
242
|
scp_to(ca_sut, pki_hosts_file, host_dir)
|
|
243
243
|
# generate certs
|
|
244
|
-
on
|
|
244
|
+
on(ca_sut, "cd #{host_dir}; cat #{host_dir}/pki.hosts | xargs bash make.sh")
|
|
245
245
|
end
|
|
246
246
|
|
|
247
247
|
# if a local_dir was provided, copy everything down to it
|
|
@@ -273,10 +273,27 @@ DEFAULT_KERNEL_TITLE=`/sbin/grubby --info=\\\${DEFAULT_KERNEL_INFO} | grep -m1 t
|
|
|
273
273
|
scp_to(sut, "#{local_host_pki_tree}/#{fqdn}.pem", "#{sut_pki_dir}/private/")
|
|
274
274
|
scp_to(sut, "#{local_host_pki_tree}/#{fqdn}.pub", "#{sut_pki_dir}/public/")
|
|
275
275
|
|
|
276
|
-
# NOTE: to match pki::copy, 'cacert.pem' is
|
|
276
|
+
# NOTE: to match pki::copy, 'cacert.pem' is copied to 'cacerts.pem'
|
|
277
277
|
scp_to(sut, local_cacert, "#{sut_pki_dir}/cacerts/cacerts.pem")
|
|
278
|
-
end
|
|
279
278
|
|
|
279
|
+
# Need to hash all of the CA certificates so that apps can use them
|
|
280
|
+
# properly! This must happen on the host itself since it needs to match
|
|
281
|
+
# the native hashing algorithms.
|
|
282
|
+
hash_cmd = <<-EOM.strip
|
|
283
|
+
cd #{sut_pki_dir}/cacerts; \
|
|
284
|
+
for x in *; do \
|
|
285
|
+
if [ ! -h "$x" ]; then \
|
|
286
|
+
`openssl x509 -in $x >/dev/null 2>&1`; \
|
|
287
|
+
if [ $? -eq 0 ]; then \
|
|
288
|
+
hash=`openssl x509 -in $x -hash | head -1`; \
|
|
289
|
+
ln -sf $x $hash.0; \
|
|
290
|
+
fi; \
|
|
291
|
+
fi; \
|
|
292
|
+
done
|
|
293
|
+
EOM
|
|
294
|
+
|
|
295
|
+
on(sut, hash_cmd)
|
|
296
|
+
end
|
|
280
297
|
|
|
281
298
|
# Copy a CA keydist/ directory of CA+host certs into an SUT
|
|
282
299
|
#
|