Merge "Include SSL cert parameters even for existing CACERT files"

docs/packstack.rst

@@ -129,26 +129,26 @@ Packstack supports ability to be get CA certificate and use it to sign all certi
 **CONFIG_SSL_CACERT_SELFSIGN**
     Specify 'y' if you want Packstack to pregenerate the CA Certificate.
 
-SSL selfsigned CACert options
+SSL certificates options
 -----------------------------
 
-**CONFIG_SELFSIGN_CACERT_SUBJECT_C**
-    Enter the selfsigned CAcert subject country.
+**CONFIG_SSL_CERT_SUBJECT_C**
+    Enter the ssl certificates subject country.
 
-**CONFIG_SELFSIGN_CACERT_SUBJECT_ST**
-    Enter the selfsigned CAcert subject state.
+**CONFIG_SSL_CERT_SUBJECT_ST**
+    Enter the ssl certificates subject state.
 
-**CONFIG_SELFSIGN_CACERT_SUBJECT_L**
-    Enter the selfsigned CAcert subject location.
+**CONFIG_SSL_CERT_SUBJECT_L**
+    Enter the ssl certificates subject location.
 
-**CONFIG_SELFSIGN_CACERT_SUBJECT_O**
-    Enter the selfsigned CAcert subject organization.
+**CONFIG_SSL_CERT_SUBJECT_O**
+    Enter the ssl certificates subject organization.
 
-**CONFIG_SELFSIGN_CACERT_SUBJECT_OU**
-    Enter the selfsigned CAcert subject organizational unit.
+**CONFIG_SSL_CERT_SUBJECT_OU**
+    Enter the ssl certificates subject organizational unit.
 
-**CONFIG_SELFSIGN_CACERT_SUBJECT_CN**
-    Enter the selfsigned CAcert subject common name.
+**CONFIG_SSL_CERT_SUBJECT_CN**
+    Enter the ssl certificates subject common name.
 
 vCenter Config Parameters
 -------------------------

packstack/modules/ospluginutils.py

@@ -105,16 +105,16 @@ def generate_ssl_cert(config, host, service, ssl_key_file, ssl_cert_file):
 
         k = crypto.PKey()
         k.generate_key(crypto.TYPE_RSA, 4096)
-        mail = config['CONFIG_SELFSIGN_CACERT_SUBJECT_MAIL']
+        mail = config['CONFIG_SSL_CERT_SUBJECT_MAIL']
         hostinfo = config['HOST_DETAILS'][host]
         fqdn = hostinfo['fqdn']
         cert = crypto.X509()
         subject = cert.get_subject()
-        subject.C = config['CONFIG_SELFSIGN_CACERT_SUBJECT_C']
-        subject.ST = config['CONFIG_SELFSIGN_CACERT_SUBJECT_ST']
-        subject.L = config['CONFIG_SELFSIGN_CACERT_SUBJECT_L']
-        subject.O = config['CONFIG_SELFSIGN_CACERT_SUBJECT_O']
-        subject.OU = config['CONFIG_SELFSIGN_CACERT_SUBJECT_OU']
+        subject.C = config['CONFIG_SSL_CERT_SUBJECT_C']
+        subject.ST = config['CONFIG_SSL_CERT_SUBJECT_ST']
+        subject.L = config['CONFIG_SSL_CERT_SUBJECT_L']
+        subject.O = config['CONFIG_SSL_CERT_SUBJECT_O']
+        subject.OU = config['CONFIG_SSL_CERT_SUBJECT_OU']
         subject.CN = "%s/%s" % (service, fqdn)
         subject.emailAddress = mail
 

packstack/plugins/ssl_001.py

@@ -86,93 +86,98 @@ def initConfig(controller):
              "CONF_NAME": 'CONFIG_SSL_CACERT_SELFSIGN',
              "USE_DEFAULT": False,
              "NEED_CONFIRM": False,
-             "CONDITION": False}
-        ],
+             "CONDITION": False},
 
-        "SSL_SELFSIGN": [
-            {"CMD_OPTION": "selfsign-cacert-subject-country",
-             "PROMPT": "Enter the selfsigned CAcert subject country.",
+            {"CMD_OPTION": "ssl-cert-subject-country",
+             "PROMPT": "Enter the ssl certificates subject country.",
              "OPTION_LIST": [],
              "VALIDATORS": [validators.validate_not_empty],
              "DEFAULT_VALUE": "--",
              "MASK_INPUT": False,
              "LOOSE_VALIDATION": False,
-             "CONF_NAME": 'CONFIG_SELFSIGN_CACERT_SUBJECT_C',
+             "CONF_NAME": 'CONFIG_SSL_CERT_SUBJECT_C',
              "USE_DEFAULT": False,
              "NEED_CONFIRM": False,
-             "CONDITION": False},
+             "CONDITION": False,
+             "DEPRECATES": ['CONFIG_SELFSIGN_CACERT_SUBJECT_C']},
 
-            {"CMD_OPTION": "selfsign-cacert-subject-state",
-             "PROMPT": "Enter the selfsigned CAcert subject state.",
+            {"CMD_OPTION": "ssl-cert-subject-state",
+             "PROMPT": "Enter the ssl certificates subject state.",
              "OPTION_LIST": [],
              "VALIDATORS": [validators.validate_not_empty],
              "DEFAULT_VALUE": "State",
              "MASK_INPUT": False,
              "LOOSE_VALIDATION": False,
-             "CONF_NAME": 'CONFIG_SELFSIGN_CACERT_SUBJECT_ST',
+             "CONF_NAME": 'CONFIG_SSL_CERT_SUBJECT_ST',
              "USE_DEFAULT": False,
              "NEED_CONFIRM": False,
-             "CONDITION": False},
+             "CONDITION": False,
+             "DEPRECATES": ['CONFIG_SELFSIGN_CACERT_SUBJECT_ST']},
 
-            {"CMD_OPTION": "selfsign-cacert-subject-location",
-             "PROMPT": "Enter the selfsigned CAcert subject location.",
+            {"CMD_OPTION": "ssl-cert-subject-location",
+             "PROMPT": "Enter the ssl certificate subject location.",
              "OPTION_LIST": [],
              "VALIDATORS": [validators.validate_not_empty],
              "DEFAULT_VALUE": "City",
              "MASK_INPUT": False,
              "LOOSE_VALIDATION": False,
-             "CONF_NAME": 'CONFIG_SELFSIGN_CACERT_SUBJECT_L',
+             "CONF_NAME": 'CONFIG_SSL_CERT_SUBJECT_L',
              "USE_DEFAULT": False,
              "NEED_CONFIRM": False,
-             "CONDITION": False},
+             "CONDITION": False,
+             "DEPRECATES": ['CONFIG_SELFSIGN_CACERT_SUBJECT_L']},
 
-            {"CMD_OPTION": "selfsign-cacert-subject-organization",
-             "PROMPT": "Enter the selfsigned CAcert subject organization.",
+            {"CMD_OPTION": "ssl-cert-subject-organization",
+             "PROMPT": "Enter the ssl certificate subject organization.",
              "OPTION_LIST": [],
              "VALIDATORS": [validators.validate_not_empty],
              "DEFAULT_VALUE": "openstack",
              "MASK_INPUT": False,
              "LOOSE_VALIDATION": False,
-             "CONF_NAME": 'CONFIG_SELFSIGN_CACERT_SUBJECT_O',
+             "CONF_NAME": 'CONFIG_SSL_CERT_SUBJECT_O',
              "USE_DEFAULT": False,
              "NEED_CONFIRM": False,
-             "CONDITION": False},
+             "CONDITION": False,
+             "DEPRECATES": ['CONFIG_SELFSIGN_CACERT_SUBJECT_O']},
 
-            {"CMD_OPTION": "selfsign-cacert-subject-organizational-unit",
-             "PROMPT": "Enter the selfsigned CAcert subject organizational unit.",
+            {"CMD_OPTION": "ssl-cert-subject-organizational-unit",
+             "PROMPT": "Enter the ssl certificate subject organizational unit.",
              "OPTION_LIST": [],
              "VALIDATORS": [validators.validate_not_empty],
              "DEFAULT_VALUE": "packstack",
              "MASK_INPUT": False,
              "LOOSE_VALIDATION": False,
-             "CONF_NAME": 'CONFIG_SELFSIGN_CACERT_SUBJECT_OU',
+             "CONF_NAME": 'CONFIG_SSL_CERT_SUBJECT_OU',
              "USE_DEFAULT": False,
              "NEED_CONFIRM": False,
-             "CONDITION": False},
+             "CONDITION": False,
+             "DEPRECATES": ['CONFIG_SELFSIGN_CACERT_SUBJECT_OU']},
 
-            {"CMD_OPTION": "selfsign-cacert-subject-common-name",
-             "PROMPT": "Enter the selfsigned CAcert subject common name.",
+            {"CMD_OPTION": "ssl-cert-subject-common-name",
+             "PROMPT": "Enter the ssl certificaate subject common name.",
              "OPTION_LIST": [],
              "VALIDATORS": [validators.validate_not_empty],
              "DEFAULT_VALUE": gethostname(),
              "MASK_INPUT": False,
              "LOOSE_VALIDATION": False,
-             "CONF_NAME": 'CONFIG_SELFSIGN_CACERT_SUBJECT_CN',
+             "CONF_NAME": 'CONFIG_SSL_CERT_SUBJECT_CN',
              "USE_DEFAULT": False,
              "NEED_CONFIRM": False,
-             "CONDITION": False},
+             "CONDITION": False,
+             "DEPRECATES": ['CONFIG_SELFSIGN_CACERT_SUBJECT_CN']},
 
-            {"CMD_OPTION": "selfsign-cacert-subject-email",
-             "PROMPT": "Enter the selfsigned CAcert subject admin email.",
+            {"CMD_OPTION": "ssl-cert-subject-email",
+             "PROMPT": "Enter the ssl certificate subject admin email.",
              "OPTION_LIST": [],
              "VALIDATORS": [validators.validate_not_empty],
              "DEFAULT_VALUE": "admin@%s" % gethostname(),
              "MASK_INPUT": False,
              "LOOSE_VALIDATION": False,
-             "CONF_NAME": 'CONFIG_SELFSIGN_CACERT_SUBJECT_MAIL',
+             "CONF_NAME": 'CONFIG_SSL_CERT_SUBJECT_MAIL',
              "USE_DEFAULT": False,
              "NEED_CONFIRM": False,
-             "CONDITION": False},
+             "CONDITION": False,
+             "DEPRECATES": ['CONFIG_SELFSIGN_CACERT_SUBJECT_MAIL']},
         ]
     }
     update_params_usage(basedefs.PACKSTACK_DOC, params)
@@ -184,13 +189,6 @@ def initConfig(controller):
          "PRE_CONDITION_MATCH": "yes",
          "POST_CONDITION": False,
          "POST_CONDITION_MATCH": True},
-
-        {"GROUP_NAME": "SSL_SELFSIGN",
-         "DESCRIPTION": "SSL selfsigned CAcert Config parameters",
-         "PRE_CONDITION": 'CONFIG_SSL_CACERT_SELFSIGN',
-         "PRE_CONDITION_MATCH": "y",
-         "POST_CONDITION": False,
-         "POST_CONDITION_MATCH": True}
     ]
     for group in groups:
         controller.addGroup(group, params[group['GROUP_NAME']])
@@ -248,15 +246,15 @@ def create_self_signed_cert(config, messages):
         k.generate_key(crypto.TYPE_RSA, 4096)
 
         # create a self-signed cert
-        mail = config['CONFIG_SELFSIGN_CACERT_SUBJECT_MAIL']
+        mail = config['CONFIG_SSL_CERT_SUBJECT_MAIL']
         cert = crypto.X509()
         subject = cert.get_subject()
-        subject.C = config['CONFIG_SELFSIGN_CACERT_SUBJECT_C']
-        subject.ST = config['CONFIG_SELFSIGN_CACERT_SUBJECT_ST']
-        subject.L = config['CONFIG_SELFSIGN_CACERT_SUBJECT_L']
-        subject.O = config['CONFIG_SELFSIGN_CACERT_SUBJECT_O']
-        subject.OU = config['CONFIG_SELFSIGN_CACERT_SUBJECT_OU']
-        subject.CN = config['CONFIG_SELFSIGN_CACERT_SUBJECT_CN']
+        subject.C = config['CONFIG_SSL_CERT_SUBJECT_C']
+        subject.ST = config['CONFIG_SSL_CERT_SUBJECT_ST']
+        subject.L = config['CONFIG_SSL_CERT_SUBJECT_L']
+        subject.O = config['CONFIG_SSL_CERT_SUBJECT_O']
+        subject.OU = config['CONFIG_SSL_CERT_SUBJECT_OU']
+        subject.CN = config['CONFIG_SSL_CERT_SUBJECT_CN']
         subject.emailAddress = mail
         cert.set_serial_number(1000)
         cert.gmtime_adj_notBefore(0)

releasenotes/notes/renamed-ssl-subject-parameters-c2a52d17c349a59f.yaml

@@ -0,0 +1,36 @@
+---
+upgrade:
+  - |
+    Parameters names for SSL certificates subjects have
+    been changed. While old parameters names still works
+    when using answers files, they will not work when
+    passed with packstack cli. For users using them, they
+    are required to move to new CLI parameters, see ``packstack -h``
+    for details of new names.
+
+deprecations:
+  - |
+    SSL certificates subject parameters can be used now
+    both to create a new selfsigned CA certificate or
+    to generate new server certificates using an existing
+    CA certificate. In order to provide a more accurate
+    usage description for SSL certificates subject parameters,
+    they have been renamed as follows:
+
+      * CONFIG_SELFSIGN_CACERT_SUBJECT_C is renamed to
+        CONFIG_SSL_CERT_SUBJECT_C
+      * CONFIG_SELFSIGN_CACERT_SUBJECT_ST is renamed to
+        CONFIG_SSL_CERT_SUBJECT_ST
+      * CONFIG_SELFSIGN_CACERT_SUBJECT_L is renamed to
+        CONFIG_SSL_CERT_SUBJECT_L
+      * CONFIG_SELFSIGN_CACERT_SUBJECT_O is renamed to
+        CONFIG_SSL_CERT_SUBJECT_O
+      * CONFIG_SELFSIGN_CACERT_SUBJECT_OU is renamed to
+        CONFIG_SSL_CERT_SUBJECT_OU
+      * CONFIG_SELFSIGN_CACERT_SUBJECT_CN is renamed to
+        CONFIG_SSL_CERT_SUBJECT_CN
+      * CONFIG_SELFSIGN_CACERT_SUBJECT_MAIL is renamed to
+        CONFIG_SSL_CERT_SUBJECT_MAIL
+
+    Old parameters names in answer files will still work
+    but it's recomended to move to new ones.