From 57ea45b2bc86895582de65928c555e6f0430b287 Mon Sep 17 00:00:00 2001 From: Marc Cluet Date: Mon, 25 Jul 2011 13:27:27 +0100 Subject: Added new feature include-once --- doc/examples/include-once.txt | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 doc/examples/include-once.txt (limited to 'doc/examples') diff --git a/doc/examples/include-once.txt b/doc/examples/include-once.txt new file mode 100644 index 00000000..0cf74e5e --- /dev/null +++ b/doc/examples/include-once.txt @@ -0,0 +1,7 @@ +#include-once +# entries are one url per line. comment lines beginning with '#' are allowed +# urls are passed to urllib.urlopen, so the format must be supported there +# This entries will just be processed ONE TIME by cloud-init, any further +# iterations won't process this file +http://www.ubuntu.com/robots.txt +http://www.w3schools.com/html/lastpage.htm -- cgit v1.2.3 From f70bc5ddf301517863b48943cd3d8d6df5548c68 Mon Sep 17 00:00:00 2001 From: Marc Cluet Date: Mon, 25 Jul 2011 13:27:48 +0100 Subject: Added ssl cert support to mcollective --- cloudinit/CloudConfig/cc_mcollective.py | 21 ++++++++++++++++---- doc/examples/cloud-config-mcollective.txt | 33 +++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 4 deletions(-) (limited to 'doc/examples') diff --git a/cloudinit/CloudConfig/cc_mcollective.py b/cloudinit/CloudConfig/cc_mcollective.py index 9aae2d64..3b358302 100644 --- a/cloudinit/CloudConfig/cc_mcollective.py +++ b/cloudinit/CloudConfig/cc_mcollective.py @@ -50,10 +50,23 @@ def handle(name,cfg,cloud,log,args): # Read server.cfg values from original file in order to be able to mix the rest up mcollective_config.readfp(FakeSecHead(open('/etc/mcollective/server.cfg'))) for cfg_name, cfg in mcollective_cfg['conf'].iteritems(): - # Iterate throug the config items, we'll use ConfigParser.set - # to overwrite or create new items as needed - for o, v in cfg.iteritems(): - mcollective_config.set(cfg_name,o,v) + if cfg_name == 'public-cert': + publicrt_fh = open('/etc/mcollective/ssl/server-public.pem', 'w') + publicrt_fh.write(cfg) + publicrt_fh.close() + mcollective_config.set(cfg_name,'plugin.ssl_server_public','/etc/mcollective/ssl/server-public.pem') + mcollective_config.set(cfg_name,'securityprovider','ssl') + elif cfg_name == 'private-cert': + privcrt_fh = open('/etc/mcollective/ssl/server-private.pem', 'w') + privcrt_fh.write(cfg) + privcrt_fh.close() + mcollective_config.set(cfg_name,'plugin.ssl_server_private','/etc/mcollective/ssl/server-private.pem') + mcollective_config.set(cfg_name,'securityprovider','ssl') + else: + # Iterate throug the config items, we'll use ConfigParser.set + # to overwrite or create new items as needed + for o, v in cfg.iteritems(): + mcollective_config.set(cfg_name,o,v) # We got all our config as wanted we'll rename # the previous server.cfg and create our new one os.rename('/etc/mcollective/server.cfg','/etc/mcollective/server.cfg.old') diff --git a/doc/examples/cloud-config-mcollective.txt b/doc/examples/cloud-config-mcollective.txt index ca7ba03e..ddeaf0c6 100644 --- a/doc/examples/cloud-config-mcollective.txt +++ b/doc/examples/cloud-config-mcollective.txt @@ -13,3 +13,36 @@ mcollective: # plugin.stomp.host: dbhost conf: plugin.stomp.host: dbhost + # This will add ssl certs to mcollective + # WARNING WARNING WARNING + # Please remember cloud-init data is transmitted without encryption + # If you want security for this, please use include-once + SSL urls + public-cert: | + -----BEGIN CERTIFICATE----- + MIICCTCCAXKgAwIBAgIBATANBgkqhkiG9w0BAQUFADANMQswCQYDVQQDDAJjYTAe + Fw0xMDAyMTUxNzI5MjFaFw0xNTAyMTQxNzI5MjFaMA0xCzAJBgNVBAMMAmNhMIGf + MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCu7Q40sm47/E1Pf+r8AYb/V/FWGPgc + b014OmNoX7dgCxTDvps/h8Vw555PdAFsW5+QhsGr31IJNI3kSYprFQcYf7A8tNWu + 1MASW2CfaEiOEi9F1R3R4Qlz4ix+iNoHiUDTjazw/tZwEdxaQXQVLwgTGRwVa+aA + qbutJKi93MILLwIDAQABo3kwdzA4BglghkgBhvhCAQ0EKxYpUHVwcGV0IFJ1Ynkv + T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwDwYDVR0TAQH/BAUwAwEB/zAd + BgNVHQ4EFgQUu4+jHB+GYE5Vxo+ol1OAhevspjAwCwYDVR0PBAQDAgEGMA0GCSqG + SIb3DQEBBQUAA4GBAH/rxlUIjwNb3n7TXJcDJ6MMHUlwjr03BDJXKb34Ulndkpaf + +GAlzPXWa7bO908M9I8RnPfvtKnteLbvgTK+h+zX1XCty+S2EQWk29i2AdoqOTxb + hppiGMp0tT5Havu4aceCXiy2crVcudj3NFciy8X66SoECemW9UYDCb9T5D0d + -----END CERTIFICATE----- + private-cert: | + -----BEGIN CERTIFICATE----- + MIICCTCCAXKgAwIBAgIBATANBgkqhkiG9w0BAQUFADANMQswCQYDVQQDDAJjYTAe + Fw0xMDAyMTUxNzI5MjFaFw0xNTAyMTQxNzI5MjFaMA0xCzAJBgNVBAMMAmNhMIGf + MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCu7Q40sm47/E1Pf+r8AYb/V/FWGPgc + b014OmNoX7dgCxTDvps/h8Vw555PdAFsW5+QhsGr31IJNI3kSYprFQcYf7A8tNWu + 1MASW2CfaEiOEi9F1R3R4Qlz4ix+iNoHiUDTjazw/tZwEdxaQXQVLwgTGRwVa+aA + qbutJKi93MILLwIDAQABo3kwdzA4BglghkgBhvhCAQ0EKxYpUHVwcGV0IFJ1Ynkv + T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwDwYDVR0TAQH/BAUwAwEB/zAd + BgNVHQ4EFgQUu4+jHB+GYE5Vxo+ol1OAhevspjAwCwYDVR0PBAQDAgEGMA0GCSqG + SIb3DQEBBQUAA4GBAH/rxlUIjwNb3n7TXJcDJ6MMHUlwjr03BDJXKb34Ulndkpaf + +GAlzPXWa7bO908M9I8RnPfvtKnteLbvgTK+h+zX1XCty+S2EQWk29i2AdoqOTxb + hppiGMp0tT5Havu4aceCXiy2crVcudj3NFciy8X66SoECemW9UYDCb9T5D0d + -----END CERTIFICATE----- + -- cgit v1.2.3 From 149bfa0e4a2705bbe980a2335c5e7951e9b70925 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Tue, 26 Jul 2011 09:40:19 -0400 Subject: clarify warning text in mcollective config example --- doc/examples/cloud-config-mcollective.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'doc/examples') diff --git a/doc/examples/cloud-config-mcollective.txt b/doc/examples/cloud-config-mcollective.txt index ddeaf0c6..67735682 100644 --- a/doc/examples/cloud-config-mcollective.txt +++ b/doc/examples/cloud-config-mcollective.txt @@ -15,7 +15,8 @@ mcollective: plugin.stomp.host: dbhost # This will add ssl certs to mcollective # WARNING WARNING WARNING - # Please remember cloud-init data is transmitted without encryption + # The ec2 metadata service is a network service, and thus is readable + # by non-root users on the system (ie: 'ec2metadata --user-data') # If you want security for this, please use include-once + SSL urls public-cert: | -----BEGIN CERTIFICATE----- -- cgit v1.2.3