summaryrefslogtreecommitdiffstats
path: root/tools
diff options
context:
space:
mode:
authorChris St. Pierre <chris.a.st.pierre@gmail.com>2013-08-13 08:21:25 -0400
committerChris St. Pierre <chris.a.st.pierre@gmail.com>2013-08-13 08:33:04 -0400
commit5c5edfa9b3a2f3baad06802269e7acd1d3e77566 (patch)
tree2b909ac63c9848d0e991eb25c105b8a5a204ad03 /tools
parent1fd3b4cb3151a993b5f62b57898fafc7ff020b98 (diff)
downloadbcfg2-5c5edfa9b3a2f3baad06802269e7acd1d3e77566.tar.gz
bcfg2-5c5edfa9b3a2f3baad06802269e7acd1d3e77566.tar.bz2
bcfg2-5c5edfa9b3a2f3baad06802269e7acd1d3e77566.zip
Rewrote SSLCA as Cfg handler.
This adds encryption support to SSL key creation (much like SSH private keys), and the ability to generate keys and certs that are specific to groups, instead of just to hosts. It also moves the SSLCA data (the XML files describing keys and certs as well as the keys and certs themselves) into the Cfg tree, rather than off in their own separate place. tools/upgrade/1.4/migrate_sslca.py can be used to migrate to the new format. This also adds XMLCfgCreator, a CfgCreator that makes it easier to create data based on XML descriptions of it (which is exactly what the SSH key and SSL CA creators do), including built-in support for host- and group-specific data, encryption, and so on.
Diffstat (limited to 'tools')
-rw-r--r--tools/upgrade/1.4/README6
-rwxr-xr-xtools/upgrade/1.4/migrate_sslca.py44
2 files changed, 49 insertions, 1 deletions
diff --git a/tools/upgrade/1.4/README b/tools/upgrade/1.4/README
index 8dde8b8b5..b03cb9b74 100644
--- a/tools/upgrade/1.4/README
+++ b/tools/upgrade/1.4/README
@@ -6,5 +6,9 @@ migrate_decisions.py
files into structured XML
convert_bundles.py
- - Remove deprecated explicit bundle names, renames .genshi bundles
+ - Remove deprecated explicit bundle names, rename .genshi bundles
to .xml
+
+migrate_sslca.py
+ - Migrate from the standalone SSLCA plugin to the built-in SSL
+ certificate generation abilities of the Cfg plugin \ No newline at end of file
diff --git a/tools/upgrade/1.4/migrate_sslca.py b/tools/upgrade/1.4/migrate_sslca.py
new file mode 100755
index 000000000..958228c86
--- /dev/null
+++ b/tools/upgrade/1.4/migrate_sslca.py
@@ -0,0 +1,44 @@
+#!/usr/bin/env python
+
+import os
+import sys
+import shutil
+import Bcfg2.Options
+
+
+def main():
+ parser = Bcfg2.Options.get_parser(
+ description="Migrate from the SSLCA plugin to built-in Cfg SSL cert "
+ "generation")
+ parser.add_options([Bcfg2.Options.Common.repository])
+ parser.parse()
+
+ sslcadir = os.path.join(Bcfg2.Options.setup.repository, 'SSLCA')
+ cfgdir = os.path.join(Bcfg2.Options.setup.repository, 'Cfg')
+ for root, _, files in os.walk(sslcadir):
+ if not files:
+ continue
+ newpath = cfgdir + root[len(sslcadir):]
+ if not os.path.exists(newpath):
+ print("Creating %s and copying contents from %s" % (newpath, root))
+ shutil.copytree(root, newpath)
+ else:
+ print("Copying contents from %s to %s" % (root, newpath))
+ for fname in files:
+ newfpath = os.path.exists(os.path.join(newpath, fname))
+ if newfpath:
+ print("%s already exists, skipping" % newfpath)
+ else:
+ shutil.copy(os.path.join(root, fname), newpath)
+ cert = os.path.join(newpath, "cert.xml")
+ newcert = os.path.join(newpath, "sslcert.xml")
+ key = os.path.join(newpath, "key.xml")
+ newkey = os.path.join(newpath, "sslkey.xml")
+ if os.path.exists(cert):
+ os.rename(cert, newcert)
+ if os.path.exists(key):
+ os.rename(key, newkey)
+
+
+if __name__ == '__main__':
+ sys.exit(main())