Improving interoperability with existing cert file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi, all.

I'm working on improving interoperability with existing CA/cert file.

In my network I'm using Puppet to manage services. Puppet(puppetmasterd) has its own CA to
communicate with clients(puppetd). so I think that certmaster is not needed for using func.

But, the cert file extension used by Func and Puppet is different. 
The former uses '.cert', the latter uses '.pem'. Therefore Func can not
recognize cert file created by Puppet.

My patches against func/certmaster are adding 'cert_extension' option in certmaster.conf. 
This patch allows Func to use Puppet's cert to communicate, configuring 'cert_extension = pem'.

People who is interested in using Func with puppet should configure some symbolic links as following:
(Of course, you need to apply my patches before you try.)

On the machine running puppetmasterd:

 # cd /var/lib/puppet/ssl/ca
 # openssl rsa -in ca_key.pem -out ca_key_nopassphase.pem -passin file:private/ca.pass
 # ln -s ca_key_nopassphase.pem certmaster.key
 # ln -s ca_crt.pem certmaster.crt

and configuring certmaster.conf:

    cert_extension = pem
    cadir = /var/lib/puppet/ssl/ca

and starting func.

On the machine running puppetd:

 # cd /var/lib/puppet/ssl
 # mkdir func && cd func
 # ln -s ../certs/ca.pem ca.cert
 # ln -s ../certs/${HOSTNAME}.pem ${HOSTNAME}.cert
 # ln -s ../csr_${HOSTNAME}.pem ${HOSTNAME}.csr
 # ln -s ../private_keys/${HOSTNAME}.pem

and configuring minion.conf:

    cert_dir = /var/lib/puppet/ssl/func

and starting func.

Finally you can use func on the machine running puppetmasterd.

P.S.

My git repositores are available on github.

    http://github.com/nabeken/certmaster/tree/master
    http://github.com/nabeken/func/tree/master

-- 
TANABE nabeken Ken-ichi
Linux rin.tokyo.tknetworks.org 2.6.25-gentoo-r1 i686 Intel(R) Pentium(R) M processor 1.10GHz GNU/Linux
 15:40:37 up  1:33,  5 users,  load average: 0.17, 0.34, 0.25
Mailto: nabeken@xxxxxxxxxxxxxx @gmail.com @tsuntsun.net @meganekkomoe.org

_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list



















[Index of Archives]
 
 
[Fedora Users]
 
 
[Linux Networking]
 
 
[Fedora Legacy List]
 
 
[Fedora Desktop]
 
 
[Fedora SELinux]
 
 
[Big List of Linux Books]
 
 
[Yosemite News]
 
 
[KDE Users]


















 
Powered by Linux