diff options
author | Jenkins <jenkins@review.openstack.org> | 2015-11-25 17:59:03 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2015-11-25 17:59:03 +0000 |
commit | 66c4ecdbf1640cfe3e74d736ec1fa2dd4580ff1f (patch) | |
tree | abbae960c9f1bb3f86faa02db85877e7d592f55b /puppet | |
parent | 1f007f2f9ff6f65bd04b5cf25534bbcfa2df44ce (diff) | |
parent | 5bfef1a17cc2fd7208a3ef95a046a3820561b102 (diff) |
Merge "Output the SSL Certificate and Key modulus"
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/controller.yaml | 6 | ||||
-rw-r--r-- | puppet/extraconfig/tls/no-tls.yaml | 6 | ||||
-rw-r--r-- | puppet/extraconfig/tls/tls-cert-inject.yaml | 14 |
3 files changed, 26 insertions, 0 deletions
diff --git a/puppet/controller.yaml b/puppet/controller.yaml index a7038dec..9792e7dc 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -1409,3 +1409,9 @@ outputs: - {get_attr: [NodeTLSData, deploy_stdout]} - {get_attr: [ControllerExtraConfigPre, deploy_stdout]} - {get_param: UpdateIdentifier} + tls_key_modulus_md5: + description: MD5 checksum of the TLS Key Modulus + value: {get_attr: [NodeTLSData, key_modulus_md5]} + tls_cert_modulus_md5: + description: MD5 checksum of the TLS Certificate Modulus + value: {get_attr: [NodeTLSData, cert_modulus_md5]} diff --git a/puppet/extraconfig/tls/no-tls.yaml b/puppet/extraconfig/tls/no-tls.yaml index d2dfdfa4..2da209cb 100644 --- a/puppet/extraconfig/tls/no-tls.yaml +++ b/puppet/extraconfig/tls/no-tls.yaml @@ -26,3 +26,9 @@ outputs: value: 'TLS not enabled.' deployed_ssl_certificate_path: value: '' + key_modulus_md5: + description: Key SSL Modulus + value: '' + cert_modulus_md5: + description: Certificate SSL Modulus + value: '' diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml index b4564fc7..739a51ad 100644 --- a/puppet/extraconfig/tls/tls-cert-inject.yaml +++ b/puppet/extraconfig/tls/tls-cert-inject.yaml @@ -49,6 +49,8 @@ resources: - name: cert_chain_content outputs: - name: chain_md5sum + - name: cert_modulus + - name: key_modulus config: | #!/bin/sh cat << EOF | tee ${cert_path} > /dev/null @@ -57,6 +59,12 @@ resources: chmod 0440 ${cert_path} chown root:haproxy ${cert_path} md5sum ${cert_path} > ${heat_outputs_path}.chain_md5sum + openssl x509 -noout -modulus -in ${cert_path} \ + | openssl md5 | cut -c 10- \ + > ${heat_outputs_path}.cert_modulus + openssl rsa -noout -modulus -in ${cert_path} \ + | openssl md5 | cut -c 10- \ + > ${heat_outputs_path}.key_modulus ControllerTLSDeployment: type: OS::Heat::SoftwareDeployment @@ -79,3 +87,9 @@ outputs: deployed_ssl_certificate_path: description: The location that the TLS certificate was deployed to. value: {get_param: DeployedSSLCertificatePath} + key_modulus_md5: + description: MD5 checksum of the Key SSL Modulus + value: {get_attr: [ControllerTLSDeployment, key_modulus]} + cert_modulus_md5: + description: MD5 checksum of the Certificate SSL Modulus + value: {get_attr: [ControllerTLSDeployment, cert_modulus]} |