commit 47d8a7d56a9e4c57a8960b184bac579ffef8dc3f
author Oleg Iurchenko <oiurchenko@mirantis.com> Wed Dec 13 00:14:17 2017 +0200
committer Oleg Iurchenko <oiurchenko@mirantis.com> Mon Dec 18 13:44:28 2017 +0200
tree e8bd7285e0b11ad8fe91c90ff89e821edb73a291
parent 167219c83a95c040ac763a25e4abfe598e35ebf0

Add a feature to export root cert to Salt Mine

This patch adds a posibility to export root cert pem file
to Salt Mine

Change-Id: I22309ec55ee83238b3dfca44ae723307dd20af5c
Related-PROD: PROD-16384

dogtag/server.sls

diff --git a/dogtag/server.sls b/dogtag/server.sls
index a55c39b..77f0537 100644
--- a/dogtag/server.sls
+++ b/dogtag/server.sls
@@ -61,13 +61,25 @@
 
 
 {%- if server.get('export_pem_file_path', False) %}
-openssl pkcs12 -in /root/.dogtag/pki-tomcat/ca_admin_cert.p12 -passin pass:{{ server.default_config_options.pki_client_pkcs12_password|default('PASSWORD') }} -out {{ server.export_pem_file_path }} -nodes:
+export_dogtag_root_cert_to_pem_file:
   cmd.run:
-  {%- if grains.get('noservices') %}
-  - onlyif: /bin/false
-  {%- endif %}
-  - require:
-    - file: /etc/dogtag/dogtag.cfg
+    - name: openssl pkcs12 -in /root/.dogtag/pki-tomcat/ca_admin_cert.p12 -passin pass:{{ server.default_config_options.get('pki_client_pkcs12_password', 'PASSWORD') }} -out {{ server.export_pem_file_path }} -nodes
+    - umask: 077
+    {%- if grains.get('noservices') %}
+    - onlyif: /bin/false
+    {%- endif %}
+    - unless: 'test -f {{ server.export_pem_file_path }}'
+
+mine_send_{{ server.export_pem_file_path }}:
+  module.run:
+    - name: mine.send
+    - func: dogtag_admin_cert
+    - kwargs:
+        mine_function: cmd.run
+    - args:
+      - 'cat {{ server.export_pem_file_path }}'
+    - onchanges:
+      - cmd: export_dogtag_root_cert_to_pem_file
 {%- endif %}
 
 {%- endif %}