Moving the certificate generation from init script
This commit is contained in:
Praveen K Paladugu
parent
0acef03521
commit
f23808cc97
@ -1,6 +1,6 @@
|
||||
diff -up openwsman-2.2.3/etc/init/openwsmand.sh.in.orig openwsman-2.2.3/etc/init/openwsmand.sh.in
|
||||
--- openwsman-2.2.3/etc/init/openwsmand.sh.in.orig 2010-04-22 09:36:29.186800378 -0500
|
||||
+++ openwsman-2.2.3/etc/init/openwsmand.sh.in 2010-04-22 09:38:15.507820659 -0500
|
||||
diff -up ./etc/init/openwsmand.sh.in.old ./etc/init/openwsmand.sh.in
|
||||
--- ./etc/init/openwsmand.sh.in.old 2010-08-04 16:43:40.212100948 -0500
|
||||
+++ ./etc/init/openwsmand.sh.in 2010-08-04 17:26:20.013849220 -0500
|
||||
@@ -4,15 +4,15 @@
|
||||
# Provides: openwsmand
|
||||
# Required-Start: $remote_fs
|
||||
@ -20,27 +20,93 @@ diff -up openwsman-2.2.3/etc/init/openwsmand.sh.in.orig openwsman-2.2.3/etc/init
|
||||
# description: Openwsman Daemon
|
||||
# processname: openwsmand
|
||||
|
||||
@@ -61,7 +61,7 @@ start()
|
||||
if [ "x${FQDN}" = "x" ]; then
|
||||
FQDN=localhost.localdomain
|
||||
fi
|
||||
@@ -56,20 +56,16 @@ start()
|
||||
echo "Using common server certificate /etc/ssl/servercerts/servercert.pem"
|
||||
ln -s /etc/ssl/servercerts/server{cert,key}.pem @SYSCONFDIR@
|
||||
else
|
||||
- echo "Generating Openwsman server public certificate and private key"
|
||||
- FQDN=`hostname --fqdn`
|
||||
- if [ "x${FQDN}" = "x" ]; then
|
||||
- FQDN=localhost.localdomain
|
||||
- fi
|
||||
-cat << EOF | sh @SYSCONFDIR@/owsmangencert.sh > /dev/null 2>&1
|
||||
+cat << EOF | sh @libexecdir@/openwsman/owsmangencert.sh > /dev/null 2>&1
|
||||
--
|
||||
SomeState
|
||||
SomeCity
|
||||
@@ -145,8 +145,13 @@ case "$1" in
|
||||
---
|
||||
-SomeState
|
||||
-SomeCity
|
||||
-SomeOrganization
|
||||
-SomeOrganizationalUnit
|
||||
-${FQDN}
|
||||
-root@${FQDN}
|
||||
-EOF
|
||||
+ echo "FAILED: Starting openwsman server"
|
||||
+ echo "There is no ssl server key available for openwsman server to use."
|
||||
+ echo -e "Please generate one with the following script and start the openwsman service again:\n"
|
||||
+ echo "##################################"
|
||||
+ echo "/etc/openwsman/owsmangencert.sh"
|
||||
+ echo "================================="
|
||||
+
|
||||
+ echo "NOTE: The script uses /dev/random device for generating some random bits while generating the server key."
|
||||
+ echo -e " If this takes too long, you can replace the value of \"RANDFILE\" in @SYSCONFDIR@/ssleay.cnf with /dev/urandom.\n Please understand the implications of doing do."
|
||||
+
|
||||
fi
|
||||
fi
|
||||
|
||||
@@ -145,6 +141,10 @@ case "$1" in
|
||||
fi
|
||||
;;
|
||||
|
||||
+
|
||||
+ condrestart)
|
||||
+ [ -e $lockfile ] && restart
|
||||
+
|
||||
+ ;;
|
||||
+
|
||||
*)
|
||||
- echo "Usage: $0 {restart|start|stop|reload|force-reload|status}"
|
||||
+ echo "Usage: $0 {restart|start|stop|reload|force-reload|status|condrestart}"
|
||||
echo "Usage: $0 {restart|start|stop|reload|force-reload|status}"
|
||||
esac
|
||||
diff -up ./etc/owsmangencert.sh.in.old ./etc/owsmangencert.sh.in
|
||||
--- ./etc/owsmangencert.sh.in.old 2010-08-04 17:14:31.241100874 -0500
|
||||
+++ ./etc/owsmangencert.sh.in 2010-08-04 17:21:02.944850958 -0500
|
||||
@@ -1,7 +1,5 @@
|
||||
#!/bin/sh
|
||||
|
||||
-#!/bin/sh -e
|
||||
-
|
||||
CERTFILE=@SYSCONFDIR@/servercert.pem
|
||||
KEYFILE=@SYSCONFDIR@/serverkey.pem
|
||||
CNFFILE=@SYSCONFDIR@/ssleay.cnf
|
||||
@@ -15,19 +13,33 @@ if [ "$1" = "--force" ]; then
|
||||
shift
|
||||
fi
|
||||
|
||||
+FQDN=`hostname --fqdn`
|
||||
+ if [ "x${FQDN}" = "x" ]; then
|
||||
+ FQDN=localhost.localdomain
|
||||
+ fi
|
||||
echo
|
||||
echo creating selfsingned certificate
|
||||
echo "replace it with one signed by a certification authority (CA)"
|
||||
echo
|
||||
-echo enter your ServerName at the Common Name prompt
|
||||
+#echo enter your ServerName at the Common Name prompt
|
||||
echo
|
||||
|
||||
# use special .cnf, because with normal one no valid selfsigned
|
||||
# certificate is created
|
||||
|
||||
-export RANDFILE=/dev/random
|
||||
-openssl req -days 365 $@ -config $CNFFILE \
|
||||
+#export RANDFILE=/dev/random
|
||||
+cat <<EOF |openssl req -days 365 $@ -config $CNFFILE \
|
||||
-new -x509 -nodes -out $CERTFILE \
|
||||
-keyout $KEYFILE
|
||||
+--
|
||||
+SomeState
|
||||
+SomeCity
|
||||
+SomeOrganization
|
||||
+SomeOrganizationalUnit
|
||||
+${FQDN}
|
||||
+root@${FQDN}
|
||||
+EOF
|
||||
+
|
||||
+
|
||||
chmod 600 $KEYFILE
|
||||
|
||||
if [ $lsb -ne 0 ]; then
|
||||
|
||||
@ -17,7 +17,7 @@ BuildRequires: perl-devel pkgconfig openssl-devel
|
||||
BuildRequires: libtool
|
||||
Requires: net-tools
|
||||
Version: 2.2.3
|
||||
Release: 6%{?dist}
|
||||
Release: 7%{?dist}
|
||||
Url: http://www.openwsman.org/
|
||||
License: BSD
|
||||
Group: Applications/System
|
||||
@ -268,6 +268,10 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Aug 10 2010 Praveen K Paladugu <praveen_paladugu@dell.com> - 2.2.3-7
|
||||
- Moved the certificate generation from init script. The user will have to
|
||||
- generate the certificate manually.
|
||||
|
||||
* Mon Aug 2 2010 Praveen K Paladugu <praveen_paladugu@dell.com> - 2.2.3-6
|
||||
- Fixed the version checking of swig and forced all the ruby files to be
|
||||
- installed into site{lib,arch} dirs
|
||||
|
||||
Loading…
Reference in New Issue
Block a user