diff --git a/docs/packstack.rst b/docs/packstack.rst index 725fb4911..f1360b1eb 100644 --- a/docs/packstack.rst +++ b/docs/packstack.rst @@ -129,26 +129,26 @@ Packstack supports ability to be get CA certificate and use it to sign all certi **CONFIG_SSL_CACERT_SELFSIGN** Specify 'y' if you want Packstack to pregenerate the CA Certificate. -SSL selfsigned CACert options +SSL certificates options ----------------------------- -**CONFIG_SELFSIGN_CACERT_SUBJECT_C** - Enter the selfsigned CAcert subject country. +**CONFIG_SSL_CERT_SUBJECT_C** + Enter the ssl certificates subject country. -**CONFIG_SELFSIGN_CACERT_SUBJECT_ST** - Enter the selfsigned CAcert subject state. +**CONFIG_SSL_CERT_SUBJECT_ST** + Enter the ssl certificates subject state. -**CONFIG_SELFSIGN_CACERT_SUBJECT_L** - Enter the selfsigned CAcert subject location. +**CONFIG_SSL_CERT_SUBJECT_L** + Enter the ssl certificates subject location. -**CONFIG_SELFSIGN_CACERT_SUBJECT_O** - Enter the selfsigned CAcert subject organization. +**CONFIG_SSL_CERT_SUBJECT_O** + Enter the ssl certificates subject organization. -**CONFIG_SELFSIGN_CACERT_SUBJECT_OU** - Enter the selfsigned CAcert subject organizational unit. +**CONFIG_SSL_CERT_SUBJECT_OU** + Enter the ssl certificates subject organizational unit. -**CONFIG_SELFSIGN_CACERT_SUBJECT_CN** - Enter the selfsigned CAcert subject common name. +**CONFIG_SSL_CERT_SUBJECT_CN** + Enter the ssl certificates subject common name. vCenter Config Parameters ------------------------- diff --git a/packstack/modules/ospluginutils.py b/packstack/modules/ospluginutils.py index cd8a33d36..3ed3adfd4 100644 --- a/packstack/modules/ospluginutils.py +++ b/packstack/modules/ospluginutils.py @@ -105,16 +105,16 @@ def generate_ssl_cert(config, host, service, ssl_key_file, ssl_cert_file): k = crypto.PKey() k.generate_key(crypto.TYPE_RSA, 4096) - mail = config['CONFIG_SELFSIGN_CACERT_SUBJECT_MAIL'] + mail = config['CONFIG_SSL_CERT_SUBJECT_MAIL'] hostinfo = config['HOST_DETAILS'][host] fqdn = hostinfo['fqdn'] cert = crypto.X509() subject = cert.get_subject() - subject.C = config['CONFIG_SELFSIGN_CACERT_SUBJECT_C'] - subject.ST = config['CONFIG_SELFSIGN_CACERT_SUBJECT_ST'] - subject.L = config['CONFIG_SELFSIGN_CACERT_SUBJECT_L'] - subject.O = config['CONFIG_SELFSIGN_CACERT_SUBJECT_O'] - subject.OU = config['CONFIG_SELFSIGN_CACERT_SUBJECT_OU'] + subject.C = config['CONFIG_SSL_CERT_SUBJECT_C'] + subject.ST = config['CONFIG_SSL_CERT_SUBJECT_ST'] + subject.L = config['CONFIG_SSL_CERT_SUBJECT_L'] + subject.O = config['CONFIG_SSL_CERT_SUBJECT_O'] + subject.OU = config['CONFIG_SSL_CERT_SUBJECT_OU'] subject.CN = "%s/%s" % (service, fqdn) subject.emailAddress = mail diff --git a/packstack/plugins/ssl_001.py b/packstack/plugins/ssl_001.py index d57f90d64..12405f8e2 100644 --- a/packstack/plugins/ssl_001.py +++ b/packstack/plugins/ssl_001.py @@ -86,93 +86,98 @@ def initConfig(controller): "CONF_NAME": 'CONFIG_SSL_CACERT_SELFSIGN', "USE_DEFAULT": False, "NEED_CONFIRM": False, - "CONDITION": False} - ], + "CONDITION": False}, - "SSL_SELFSIGN": [ - {"CMD_OPTION": "selfsign-cacert-subject-country", - "PROMPT": "Enter the selfsigned CAcert subject country.", + {"CMD_OPTION": "ssl-cert-subject-country", + "PROMPT": "Enter the ssl certificates subject country.", "OPTION_LIST": [], "VALIDATORS": [validators.validate_not_empty], "DEFAULT_VALUE": "--", "MASK_INPUT": False, "LOOSE_VALIDATION": False, - "CONF_NAME": 'CONFIG_SELFSIGN_CACERT_SUBJECT_C', + "CONF_NAME": 'CONFIG_SSL_CERT_SUBJECT_C', "USE_DEFAULT": False, "NEED_CONFIRM": False, - "CONDITION": False}, + "CONDITION": False, + "DEPRECATES": ['CONFIG_SELFSIGN_CACERT_SUBJECT_C']}, - {"CMD_OPTION": "selfsign-cacert-subject-state", - "PROMPT": "Enter the selfsigned CAcert subject state.", + {"CMD_OPTION": "ssl-cert-subject-state", + "PROMPT": "Enter the ssl certificates subject state.", "OPTION_LIST": [], "VALIDATORS": [validators.validate_not_empty], "DEFAULT_VALUE": "State", "MASK_INPUT": False, "LOOSE_VALIDATION": False, - "CONF_NAME": 'CONFIG_SELFSIGN_CACERT_SUBJECT_ST', + "CONF_NAME": 'CONFIG_SSL_CERT_SUBJECT_ST', "USE_DEFAULT": False, "NEED_CONFIRM": False, - "CONDITION": False}, + "CONDITION": False, + "DEPRECATES": ['CONFIG_SELFSIGN_CACERT_SUBJECT_ST']}, - {"CMD_OPTION": "selfsign-cacert-subject-location", - "PROMPT": "Enter the selfsigned CAcert subject location.", + {"CMD_OPTION": "ssl-cert-subject-location", + "PROMPT": "Enter the ssl certificate subject location.", "OPTION_LIST": [], "VALIDATORS": [validators.validate_not_empty], "DEFAULT_VALUE": "City", "MASK_INPUT": False, "LOOSE_VALIDATION": False, - "CONF_NAME": 'CONFIG_SELFSIGN_CACERT_SUBJECT_L', + "CONF_NAME": 'CONFIG_SSL_CERT_SUBJECT_L', "USE_DEFAULT": False, "NEED_CONFIRM": False, - "CONDITION": False}, + "CONDITION": False, + "DEPRECATES": ['CONFIG_SELFSIGN_CACERT_SUBJECT_L']}, - {"CMD_OPTION": "selfsign-cacert-subject-organization", - "PROMPT": "Enter the selfsigned CAcert subject organization.", + {"CMD_OPTION": "ssl-cert-subject-organization", + "PROMPT": "Enter the ssl certificate subject organization.", "OPTION_LIST": [], "VALIDATORS": [validators.validate_not_empty], "DEFAULT_VALUE": "openstack", "MASK_INPUT": False, "LOOSE_VALIDATION": False, - "CONF_NAME": 'CONFIG_SELFSIGN_CACERT_SUBJECT_O', + "CONF_NAME": 'CONFIG_SSL_CERT_SUBJECT_O', "USE_DEFAULT": False, "NEED_CONFIRM": False, - "CONDITION": False}, + "CONDITION": False, + "DEPRECATES": ['CONFIG_SELFSIGN_CACERT_SUBJECT_O']}, - {"CMD_OPTION": "selfsign-cacert-subject-organizational-unit", - "PROMPT": "Enter the selfsigned CAcert subject organizational unit.", + {"CMD_OPTION": "ssl-cert-subject-organizational-unit", + "PROMPT": "Enter the ssl certificate subject organizational unit.", "OPTION_LIST": [], "VALIDATORS": [validators.validate_not_empty], "DEFAULT_VALUE": "packstack", "MASK_INPUT": False, "LOOSE_VALIDATION": False, - "CONF_NAME": 'CONFIG_SELFSIGN_CACERT_SUBJECT_OU', + "CONF_NAME": 'CONFIG_SSL_CERT_SUBJECT_OU', "USE_DEFAULT": False, "NEED_CONFIRM": False, - "CONDITION": False}, + "CONDITION": False, + "DEPRECATES": ['CONFIG_SELFSIGN_CACERT_SUBJECT_OU']}, - {"CMD_OPTION": "selfsign-cacert-subject-common-name", - "PROMPT": "Enter the selfsigned CAcert subject common name.", + {"CMD_OPTION": "ssl-cert-subject-common-name", + "PROMPT": "Enter the ssl certificaate subject common name.", "OPTION_LIST": [], "VALIDATORS": [validators.validate_not_empty], "DEFAULT_VALUE": gethostname(), "MASK_INPUT": False, "LOOSE_VALIDATION": False, - "CONF_NAME": 'CONFIG_SELFSIGN_CACERT_SUBJECT_CN', + "CONF_NAME": 'CONFIG_SSL_CERT_SUBJECT_CN', "USE_DEFAULT": False, "NEED_CONFIRM": False, - "CONDITION": False}, + "CONDITION": False, + "DEPRECATES": ['CONFIG_SELFSIGN_CACERT_SUBJECT_CN']}, - {"CMD_OPTION": "selfsign-cacert-subject-email", - "PROMPT": "Enter the selfsigned CAcert subject admin email.", + {"CMD_OPTION": "ssl-cert-subject-email", + "PROMPT": "Enter the ssl certificate subject admin email.", "OPTION_LIST": [], "VALIDATORS": [validators.validate_not_empty], "DEFAULT_VALUE": "admin@%s" % gethostname(), "MASK_INPUT": False, "LOOSE_VALIDATION": False, - "CONF_NAME": 'CONFIG_SELFSIGN_CACERT_SUBJECT_MAIL', + "CONF_NAME": 'CONFIG_SSL_CERT_SUBJECT_MAIL', "USE_DEFAULT": False, "NEED_CONFIRM": False, - "CONDITION": False}, + "CONDITION": False, + "DEPRECATES": ['CONFIG_SELFSIGN_CACERT_SUBJECT_MAIL']}, ] } update_params_usage(basedefs.PACKSTACK_DOC, params) @@ -184,13 +189,6 @@ def initConfig(controller): "PRE_CONDITION_MATCH": "yes", "POST_CONDITION": False, "POST_CONDITION_MATCH": True}, - - {"GROUP_NAME": "SSL_SELFSIGN", - "DESCRIPTION": "SSL selfsigned CAcert Config parameters", - "PRE_CONDITION": 'CONFIG_SSL_CACERT_SELFSIGN', - "PRE_CONDITION_MATCH": "y", - "POST_CONDITION": False, - "POST_CONDITION_MATCH": True} ] for group in groups: controller.addGroup(group, params[group['GROUP_NAME']]) @@ -248,15 +246,15 @@ def create_self_signed_cert(config, messages): k.generate_key(crypto.TYPE_RSA, 4096) # create a self-signed cert - mail = config['CONFIG_SELFSIGN_CACERT_SUBJECT_MAIL'] + mail = config['CONFIG_SSL_CERT_SUBJECT_MAIL'] cert = crypto.X509() subject = cert.get_subject() - subject.C = config['CONFIG_SELFSIGN_CACERT_SUBJECT_C'] - subject.ST = config['CONFIG_SELFSIGN_CACERT_SUBJECT_ST'] - subject.L = config['CONFIG_SELFSIGN_CACERT_SUBJECT_L'] - subject.O = config['CONFIG_SELFSIGN_CACERT_SUBJECT_O'] - subject.OU = config['CONFIG_SELFSIGN_CACERT_SUBJECT_OU'] - subject.CN = config['CONFIG_SELFSIGN_CACERT_SUBJECT_CN'] + subject.C = config['CONFIG_SSL_CERT_SUBJECT_C'] + subject.ST = config['CONFIG_SSL_CERT_SUBJECT_ST'] + subject.L = config['CONFIG_SSL_CERT_SUBJECT_L'] + subject.O = config['CONFIG_SSL_CERT_SUBJECT_O'] + subject.OU = config['CONFIG_SSL_CERT_SUBJECT_OU'] + subject.CN = config['CONFIG_SSL_CERT_SUBJECT_CN'] subject.emailAddress = mail cert.set_serial_number(1000) cert.gmtime_adj_notBefore(0) diff --git a/releasenotes/notes/renamed-ssl-subject-parameters-c2a52d17c349a59f.yaml b/releasenotes/notes/renamed-ssl-subject-parameters-c2a52d17c349a59f.yaml new file mode 100644 index 000000000..876a1055d --- /dev/null +++ b/releasenotes/notes/renamed-ssl-subject-parameters-c2a52d17c349a59f.yaml @@ -0,0 +1,36 @@ +--- +upgrade: + - | + Parameters names for SSL certificates subjects have + been changed. While old parameters names still works + when using answers files, they will not work when + passed with packstack cli. For users using them, they + are required to move to new CLI parameters, see ``packstack -h`` + for details of new names. + +deprecations: + - | + SSL certificates subject parameters can be used now + both to create a new selfsigned CA certificate or + to generate new server certificates using an existing + CA certificate. In order to provide a more accurate + usage description for SSL certificates subject parameters, + they have been renamed as follows: + + * CONFIG_SELFSIGN_CACERT_SUBJECT_C is renamed to + CONFIG_SSL_CERT_SUBJECT_C + * CONFIG_SELFSIGN_CACERT_SUBJECT_ST is renamed to + CONFIG_SSL_CERT_SUBJECT_ST + * CONFIG_SELFSIGN_CACERT_SUBJECT_L is renamed to + CONFIG_SSL_CERT_SUBJECT_L + * CONFIG_SELFSIGN_CACERT_SUBJECT_O is renamed to + CONFIG_SSL_CERT_SUBJECT_O + * CONFIG_SELFSIGN_CACERT_SUBJECT_OU is renamed to + CONFIG_SSL_CERT_SUBJECT_OU + * CONFIG_SELFSIGN_CACERT_SUBJECT_CN is renamed to + CONFIG_SSL_CERT_SUBJECT_CN + * CONFIG_SELFSIGN_CACERT_SUBJECT_MAIL is renamed to + CONFIG_SSL_CERT_SUBJECT_MAIL + + Old parameters names in answer files will still work + but it's recomended to move to new ones.