1 files changed, 22 insertions, 7 deletions

diff --git a/cloudinit/CloudConfig/cc_mcollective.py b/cloudinit/CloudConfig/cc_mcollective.py
index 9aae2d64..c7912aa4 100644
--- a/cloudinit/CloudConfig/cc_mcollective.py
+++ b/cloudinit/CloudConfig/cc_mcollective.py
@@ -24,6 +24,10 @@ import fileinput
 import StringIO
 import ConfigParser
 import cloudinit.CloudConfig as cc
+import cloudinit.util as util
+
+pubcert_file = "/etc/mcollective/ssl/server-public.pem"
+pricert_file = "/etc/mcollective/ssl/server-private.pem"
 
 # Our fake header section
 class FakeSecHead(object):
@@ -50,24 +54,35 @@ def handle(name,cfg,cloud,log,args):
         # Read server.cfg values from original file in order to be able to mix the rest up
         mcollective_config.readfp(FakeSecHead(open('/etc/mcollective/server.cfg')))
         for cfg_name, cfg in mcollective_cfg['conf'].iteritems():
-            # Iterate throug the config items, we'll use ConfigParser.set
-            # to overwrite or create new items as needed
-            for o, v in cfg.iteritems():
-                mcollective_config.set(cfg_name,o,v)
+            if cfg_name == 'public-cert':
+                util.write_file(pubcert_file, cfg, mode=0644)
+                mcollective_config.set(cfg_name,
+                    'plugin.ssl_server_public', pubcert_file)
+                mcollective_config.set(cfg_name,'securityprovider','ssl')
+            elif cfg_name == 'private-cert':
+                util.write_file(pricert_file, cfg, mode=0600)
+                mcollective_config.set(cfg_name,
+                    'plugin.ssl_server_private', pricert_file)
+                mcollective_config.set(cfg_name,'securityprovider','ssl')
+            else:
+                # Iterate throug the config items, we'll use ConfigParser.set
+                # to overwrite or create new items as needed
+                for o, v in cfg.iteritems():
+                    mcollective_config.set(cfg_name,o,v)
         # We got all our config as wanted we'll rename
         # the previous server.cfg and create our new one
         os.rename('/etc/mcollective/server.cfg','/etc/mcollective/server.cfg.old')
         outputfile = StringIO.StringIO()
         mcollective_config.write(outputfile)
         # Now we got the whole file, write to disk except first line
-        final_configfile = open('/etc/mcollective/server.cfg', 'wb')
         # Note below, that we've just used ConfigParser because it generally
         # works.  Below, we remove the initial 'nullsection' header
         # and then change 'key = value' to 'key: value'.  The global
         # search and replace of '=' with ':' could be problematic though.
         # this most likely needs fixing.
-        final_configfile.write(outputfile.getvalue().replace('[nullsection]\n','').replace(' =',':'))
-        final_configfile.close()
+        util.write_file('/etc/mcollective/server.cfg',
+            outputfile.getvalue().replace('[nullsection]\n','').replace(' =',':'),
+            mode=0644)
 
     # Start mcollective
     subprocess.check_call(['service', 'mcollective', 'start'])