-
Notifications
You must be signed in to change notification settings - Fork 134
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixes #29803 - Move --certs* to hooks/
- Loading branch information
Showing
5 changed files
with
102 additions
and
98 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
# Add options around regenerating certificates | ||
if module_present?('certs') | ||
app_option( | ||
'--certs-update-server', | ||
:flag, | ||
"This option will enforce an update of the HTTPS certificates", | ||
:default => false | ||
) | ||
app_option( | ||
'--certs-update-server-ca', | ||
:flag, | ||
"This option will enforce an update of the CA used for HTTPS certificates.", | ||
:default => false | ||
) | ||
app_option( | ||
'--certs-update-all', | ||
:flag, | ||
"This option will enforce an update of all the certificates for given host", | ||
:default => false | ||
) | ||
app_option( | ||
'--certs-reset', | ||
:flag, | ||
"This option will reset any custom certificates and use the self-signed CA " \ | ||
"instead. Note that any clients will need to be updated with the latest " \ | ||
"katello-ca-consumer RPM, and any external proxies will need to have the " \ | ||
"certs updated by generating a new certs tarball.", | ||
:default => false | ||
) | ||
app_option( | ||
'--certs-skip-check', | ||
:flag, | ||
"This option will cause skipping the certificates sanity check. Use with caution", | ||
:default => false | ||
) | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
require 'fileutils' | ||
require 'English' | ||
|
||
if module_enabled?('certs') | ||
SSL_BUILD_DIR = param('certs', 'ssl_build_dir').value | ||
|
||
def mark_for_update(cert_name, hostname = nil) | ||
path = File.join(*[SSL_BUILD_DIR, hostname, cert_name].compact) | ||
if app_value(:noop) | ||
puts "Marking certificate #{path} for update (noop)" | ||
else | ||
puts "Marking certificate #{path} for update" | ||
FileUtils.touch("#{path}.update") | ||
end | ||
end | ||
|
||
ca_file = param('certs', 'server_ca_cert').value | ||
cert_file = param('certs', 'server_cert').value | ||
key_file = param('certs', 'server_key').value | ||
|
||
if param('foreman_proxy_certs', 'foreman_proxy_fqdn') | ||
hostname = param('foreman_proxy_certs', 'foreman_proxy_fqdn').value | ||
else | ||
hostname = param('certs', 'node_fqdn').value | ||
end | ||
|
||
if app_value('certs_update_server') | ||
mark_for_update("#{hostname}-apache", hostname) | ||
mark_for_update("#{hostname}-foreman-proxy", hostname) | ||
end | ||
|
||
if app_value('certs_update_all') || app_value('certs_update_default_ca') || app_value('certs_reset') | ||
all_cert_names = Dir.glob(File.join(SSL_BUILD_DIR, hostname, '*.noarch.rpm')).map do |rpm| | ||
File.basename(rpm).sub(/-1\.0-\d+\.noarch\.rpm/, '') | ||
end.uniq | ||
|
||
all_cert_names.each do |cert_name| | ||
mark_for_update(cert_name, hostname) | ||
end | ||
end | ||
|
||
if app_value('certs_update_server_ca') || app_value('certs_reset') | ||
mark_for_update('katello-server-ca') | ||
end | ||
|
||
if app_value('certs_reset') && !app_value(:noop) | ||
param('certs', 'server_cert').unset_value | ||
param('certs', 'server_key').unset_value | ||
param('certs', 'server_ca_cert').unset_value | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
if module_enabled?('certs') | ||
if app_value('certs_update_server_ca') && !module_enabled?('katello') | ||
fail_and_exit("--certs-update-server-ca needs to be used with katello", 101) | ||
end | ||
|
||
if !app_value('certs_skip_check') && | ||
cert_file.to_s != "" && | ||
(app_value('certs_update_server_ca') || app_value('certs_update_server')) | ||
check_cmd = %(katello-certs-check -c "#{cert_file}" -k "#{key_file}" -b "#{ca_file}") | ||
output = `#{check_cmd} 2>&1` | ||
unless $CHILD_STATUS.success? | ||
fail_and_exit("Command '#{check_cmd}' exited with #{$CHILD_STATUS.exitstatus}:\n #{output}", 101) | ||
end | ||
end | ||
end |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.