Merge "Output the SSL Certificate and Key modulus"

2015-11-25 17:59:03 +00:00 · 2015-11-25 17:59:03 +00:00 · 66c4ecdbf1
commit 66c4ecdbf1
parent 1f007f2f9f 5bfef1a17c
3 changed files with 26 additions and 0 deletions
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@ -1409,3 +1409,9 @@ outputs:
          - {get_attr: [NodeTLSData, deploy_stdout]}
          - {get_attr: [ControllerExtraConfigPre, deploy_stdout]}
          - {get_param: UpdateIdentifier}
+  tls_key_modulus_md5:
+    description: MD5 checksum of the TLS Key Modulus
+    value: {get_attr: [NodeTLSData, key_modulus_md5]}
+  tls_cert_modulus_md5:
+    description: MD5 checksum of the TLS Certificate Modulus
+    value: {get_attr: [NodeTLSData, cert_modulus_md5]}
--- a/puppet/extraconfig/tls/no-tls.yaml
+++ b/puppet/extraconfig/tls/no-tls.yaml
@ -26,3 +26,9 @@ outputs:
    value: 'TLS not enabled.'
  deployed_ssl_certificate_path:
    value: ''
+  key_modulus_md5:
+    description: Key SSL Modulus
+    value: ''
+  cert_modulus_md5:
+    description: Certificate SSL Modulus
+    value: ''
--- a/puppet/extraconfig/tls/tls-cert-inject.yaml
+++ b/puppet/extraconfig/tls/tls-cert-inject.yaml
@ -49,6 +49,8 @@ resources:
        - name: cert_chain_content
      outputs:
        - name: chain_md5sum
+        - name: cert_modulus
+        - name: key_modulus
      config: |
        #!/bin/sh
        cat << EOF | tee ${cert_path} > /dev/null
@ -57,6 +59,12 @@ resources:
        chmod 0440 ${cert_path}
        chown root:haproxy ${cert_path}
        md5sum ${cert_path} > ${heat_outputs_path}.chain_md5sum
+        openssl x509 -noout -modulus -in ${cert_path} \
+          | openssl md5 | cut -c 10- \
+          > ${heat_outputs_path}.cert_modulus
+        openssl rsa -noout -modulus -in ${cert_path} \
+          | openssl md5 | cut -c 10- \
+          > ${heat_outputs_path}.key_modulus

  ControllerTLSDeployment:
    type: OS::Heat::SoftwareDeployment
@ -79,3 +87,9 @@ outputs:
  deployed_ssl_certificate_path:
    description: The location that the TLS certificate was deployed to.
    value: {get_param: DeployedSSLCertificatePath}
+  key_modulus_md5:
+    description: MD5 checksum of the Key SSL Modulus
+    value: {get_attr: [ControllerTLSDeployment, key_modulus]}
+  cert_modulus_md5:
+    description: MD5 checksum of the Certificate SSL Modulus
+    value: {get_attr: [ControllerTLSDeployment, cert_modulus]}