OpenStack Compute (nova)

Merge lp:~soren/nova/ca-separate-code-and-state into lp:~hudson-openstack/nova/trunk

  1. ca-separate-code-and-state
  2. Merge into trunk
Proposed by Soren Hansen
Status: Merged
Approved by: Vish Ishaya
Approved revision: 944
Merged at revision: 943
Proposed branch: lp:~soren/nova/ca-separate-code-and-state
Merge into: lp:~hudson-openstack/nova/trunk
Diff against target: 100 lines (+20/-6)
5 files modified
MANIFEST.in (+1/-1)
nova/CA/geninter.sh (+1/-1)
nova/CA/genrootca.sh (+2/-1)
nova/api/ec2/cloud.py (+8/-1)
nova/crypto.py (+8/-2)
To merge this branch: bzr merge lp:~soren/nova/ca-separate-code-and-state
Reviewer Review Type Date Requested Status
Vish Ishaya (community) Approve
Jay Pipes (community) Approve
Review via email: mp+56345@code.launchpad.net

Commit message

Separate CA/ dir into code and state.

Description of the change

This is the first half of the fix for bug #727794

To post a comment you must log in.
Revision history for this message
Jay Pipes (jaypipes) wrote :

lgtm.

review: Approve
Revision history for this message
Vish Ishaya (vishvananda) wrote :

lgtm

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'MANIFEST.in'
2--- MANIFEST.in 2011-03-14 20:10:11 +0000
3+++ MANIFEST.in 2011-04-05 13:01:00 +0000
4@@ -1,7 +1,7 @@
5 include HACKING LICENSE run_tests.py run_tests.sh
6 include README builddeb.sh exercise_rsapi.py
7 include ChangeLog MANIFEST.in pylintrc Authors
8-graft CA
9+graft nova/CA
10 graft doc
11 graft smoketests
12 graft tools
13
14=== renamed directory 'CA' => 'nova/CA'
15=== modified file 'nova/CA/geninter.sh'
16--- CA/geninter.sh 2010-11-06 00:02:36 +0000
17+++ nova/CA/geninter.sh 2011-04-05 13:01:00 +0000
18@@ -23,7 +23,7 @@
19 cd projects/$NAME
20 cp ../../openssl.cnf.tmpl openssl.cnf
21 sed -i -e s/%USERNAME%/$NAME/g openssl.cnf
22-mkdir certs crl newcerts private
23+mkdir -p certs crl newcerts private
24 openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf -batch -nodes
25 echo "10" > serial
26 touch index.txt
27
28=== modified file 'nova/CA/genrootca.sh'
29--- CA/genrootca.sh 2010-11-06 00:02:36 +0000
30+++ nova/CA/genrootca.sh 2011-04-05 13:01:00 +0000
31@@ -20,8 +20,9 @@
32 then
33 echo "Not installing, it's already done."
34 else
35- cp openssl.cnf.tmpl openssl.cnf
36+ cp "$(dirname $0)/openssl.cnf.tmpl" openssl.cnf
37 sed -i -e s/%USERNAME%/ROOT/g openssl.cnf
38+ mkdir -p certs crl newcerts private
39 openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf -batch -nodes
40 touch index.txt
41 echo "10" > serial
42
43=== modified file 'nova/api/ec2/cloud.py'
44--- nova/api/ec2/cloud.py 2011-04-01 16:44:12 +0000
45+++ nova/api/ec2/cloud.py 2011-04-05 13:01:00 +0000
46@@ -103,10 +103,17 @@
47 # Gen root CA, if we don't have one
48 root_ca_path = os.path.join(FLAGS.ca_path, FLAGS.ca_file)
49 if not os.path.exists(root_ca_path):
50+ genrootca_sh_path = os.path.join(os.path.dirname(__file__),
51+ os.path.pardir,
52+ os.path.pardir,
53+ 'CA',
54+ 'genrootca.sh')
55+
56 start = os.getcwd()
57+ os.makedirs(FLAGS.ca_path)
58 os.chdir(FLAGS.ca_path)
59 # TODO(vish): Do this with M2Crypto instead
60- utils.runthis(_("Generating root CA: %s"), "sh", "genrootca.sh")
61+ utils.runthis(_("Generating root CA: %s"), "sh", genrootca_sh_path)
62 os.chdir(start)
63
64 def _get_mpi_data(self, context, project_id):
65
66=== modified file 'nova/crypto.py'
67--- nova/crypto.py 2011-03-23 04:31:50 +0000
68+++ nova/crypto.py 2011-04-05 13:01:00 +0000
69@@ -215,9 +215,12 @@
70
71 def _ensure_project_folder(project_id):
72 if not os.path.exists(ca_path(project_id)):
73+ geninter_sh_path = os.path.join(os.path.dirname(__file__),
74+ 'CA',
75+ 'geninter.sh')
76 start = os.getcwd()
77 os.chdir(ca_folder())
78- utils.execute('sh', 'geninter.sh', project_id,
79+ utils.execute('sh', geninter_sh_path, project_id,
80 _project_cert_subject(project_id))
81 os.chdir(start)
82
83@@ -227,13 +230,16 @@
84 csr_fn = os.path.join(project_folder, "server.csr")
85 crt_fn = os.path.join(project_folder, "server.crt")
86
87+ genvpn_sh_path = os.path.join(os.path.dirname(__file__),
88+ 'CA',
89+ 'geninter.sh')
90 if os.path.exists(crt_fn):
91 return
92 _ensure_project_folder(project_id)
93 start = os.getcwd()
94 os.chdir(ca_folder())
95 # TODO(vish): the shell scripts could all be done in python
96- utils.execute('sh', 'genvpn.sh',
97+ utils.execute('sh', genvpn_sh_path,
98 project_id, _vpn_cert_subject(project_id))
99 with open(csr_fn, "r") as csrfile:
100 csr_text = csrfile.read()