Change in ovirt-engine[master]: pki: scripts rework

oschreib at redhat.com oschreib at redhat.com
Wed Jun 12 13:37:31 UTC 2013 

Ofer Schreiber has submitted this change and it was merged.

Change subject: pki: scripts rework
......................................................................


pki: scripts rework

there is a need to reuse some of the logic post installation. split
scripts, fixup shell usage, add error handling, named parameters and
more.

move scripts to engine bin directory, /etc is no place for executables.

yet there is a long way to go to cleanup the pki module.

Usage: pki-create-ca.sh [OPTIONS]
Create certificate authority.

    --subject=subject              X.500 subject name.
    --keystore-password=password   Password for keystore.

Usage: pki-enroll-pkcs12.sh [OPTIONS]
Generate key, enroll certificate, store in PKCS#12 format.
Result will be at /etc/pki/ovirt-engine/keys/PREFIX.p12

    --name=prefix         file name without prefix.
    --password=password   password of PKCS#12.
    --subject=subject     X.500 subject name.
    --keep-key            reissue certificate based on previous request.

Usage: pki-enroll-request.sh [OPTIONS]
Sign certificate request.
Certificate request should be put at: /etc/pki/ovirt-engine/requests/PREFIX.req
Certificate will be available at:     /etc/pki/ovirt-engine/certs/PREFIX.cer

    --name=prefix         file name.
    --subject=subject     X.500 subject name.
    --days=n              issue days.
    --timeout=n           lock timeout, default=20

Change-Id: I8f3a8ae1fb061532cdafd5bc7961c5178d7948a0
Signed-off-by: Alon Bar-Lev <alonbl at redhat.com>
---
M .gitignore
M Makefile
M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/VdsDeploy.java
M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/hostinstall/OpenSslCAWrapper.java
M ovirt-engine.spec.in
A packaging/bin/pki-common.sh.in
A packaging/bin/pki-create-ca.sh
A packaging/bin/pki-enroll-pkcs12.sh
A packaging/bin/pki-enroll-request.sh
D packaging/etc/pki/CreateCA.sh
D packaging/etc/pki/SignReq.lock
D packaging/etc/pki/SignReq.sh
M packaging/etc/pki/cacert.template.in
M packaging/etc/pki/cert.template.in
D packaging/etc/pki/certs/.keep
D packaging/etc/pki/installCA.sh
D packaging/etc/pki/keys/.keep
D packaging/etc/pki/private/.keep
D packaging/etc/pki/requests/.keep
M packaging/fedora/setup/basedefs.py
M packaging/fedora/setup/engine-setup.py
M packaging/setup/ovirt_engine_setup/constants.py
M packaging/setup/plugins/ovirt-engine-setup/pki/ca.py
23 files changed, 460 insertions(+), 312 deletions(-)

Approvals:
  Ofer Schreiber: Verified; Looks good to me, approved


-- 
To view, visit http://gerrit.ovirt.org/15499
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I8f3a8ae1fb061532cdafd5bc7961c5178d7948a0
Gerrit-PatchSet: 7
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <alonbl at redhat.com>
Gerrit-Reviewer: Alon Bar-Lev <alonbl at redhat.com>
Gerrit-Reviewer: Barak Azulay <bazulay at redhat.com>
Gerrit-Reviewer: Ofer Schreiber <oschreib at redhat.com>
Gerrit-Reviewer: Sandro Bonazzola <sbonazzo at redhat.com>
Gerrit-Reviewer: Yair Zaslavsky <yzaslavs at redhat.com>
Gerrit-Reviewer: oVirt Jenkins CI Server

More information about the Engine-commits mailing list