29
34
return super(ApacheSSLContext, self).__call__()
31
36
def configure_cert(self, cn):
32
from keystone_utils import SSH_USER, get_ca
37
from keystone_utils import (
33
44
ssl_dir = os.path.join('/etc/apache2/ssl/', self.service_namespace)
46
mkdir(path=ssl_dir, owner=SSH_USER, group='keystone', perms=perms)
47
# Ensure accessible by keystone ssh user and group (for sync)
48
ensure_permissions(ssl_dir, user=SSH_USER, group='keystone',
51
if not is_ssl_cert_master():
52
log("Not leader or cert master so skipping apache cert config",
56
log("Creating apache ssl certs in %s" % (ssl_dir), level=INFO)
35
58
ca = get_ca(user=SSH_USER)
36
59
cert, key = ca.get_cert_and_key(common_name=cn)
37
60
write_file(path=os.path.join(ssl_dir, 'cert_{}'.format(cn)),
61
content=cert, owner=SSH_USER, group='keystone', perms=0o644)
39
62
write_file(path=os.path.join(ssl_dir, 'key_{}'.format(cn)),
63
content=key, owner=SSH_USER, group='keystone', perms=0o644)
42
65
def configure_ca(self):
43
from keystone_utils import SSH_USER, get_ca
66
from keystone_utils import (
73
if not is_ssl_cert_master():
74
log("Not leader or cert master so skipping apache ca config",
44
78
ca = get_ca(user=SSH_USER)
45
79
install_ca_cert(ca.get_ca_bundle())
80
# Ensure accessible by keystone ssh user and group (unison)
81
ensure_permissions(CA_CERT_PATH, user=SSH_USER, group='keystone',
47
84
def canonical_names(self):
48
85
addresses = self.get_network_addresses()