jollyroger · July 19, 2013 08:42
diff --git a/ca.py b/ca.py
 """
 Custom pillar module to retrieve certificates and private keys based on the
 server id.

 Configuring the CA ext_pillar
 =============================

 The CA ext_pillar configuration needs a path to the PKI directory and a Pillar
 variable name to populate the data into. In the end ext_pillar configuration
 will look like:

 .. code-block:: yaml

  ext_pillar:
    - ca:
      - pillar_key: capath


 where ``capath`` is an absolute path to PKI directory with directories named
 ``private`` and ``certs`` to store hosts private key and certificate
 respectively. All private keys should end with ``.key`` extension while all
 certificates - with ``.crt``. The only exception is CA certificate which has
 ``.pem`` extension by default and is called ``cacert.pem``.

 It is possible to specify multiple pairs of key/directory by just adding
 more lines similar to the last one in the example above.
 """

 import logging
 LOG = logging.getLogger(__name__)

 import os.path

 __opts__ = {}

 def ext_pillar( pillar, **kwargs ):
    """Provide certificate information to the minion"""
    ca_pillar = {}
    host_id = __opts__['id']
    for pillar_key, ca_dir in kwargs.iteritems():
        cacert_path = os.path.join(ca_dir, 'cacert.pem')
        cert_path = os.path.join(ca_dir, 'certs', "".join([host_id, '.crt']))
        key_path = os.path.join(ca_dir, 'private', "".join([host_id, '.key']))
        try:
            cacert = open(cacert_path,'r').read()
            key = open(key_path,'r').read()
            cert = open(cert_path, 'r').read()

            ca_pillar[pillar_key] = {
                "cacert": cacert,
                "key": key,
                "cert": cert 
                }

        except IOError:
            continue

    return ca_pillar
	"""
	Custom pillar module to retrieve certificates and private keys based on the
	server id.

	Configuring the CA ext_pillar
	=============================

	The CA ext_pillar configuration needs a path to the PKI directory and a Pillar
	variable name to populate the data into. In the end ext_pillar configuration
	will look like:

	.. code-block:: yaml

	ext_pillar:
	- ca:
	- pillar_key: capath


	where ``capath`` is an absolute path to PKI directory with directories named
	``private`` and ``certs`` to store hosts private key and certificate
	respectively. All private keys should end with ``.key`` extension while all
	certificates - with ``.crt``. The only exception is CA certificate which has
	``.pem`` extension by default and is called ``cacert.pem``.

	It is possible to specify multiple pairs of key/directory by just adding
	more lines similar to the last one in the example above.
	"""

	import logging
	LOG = logging.getLogger(__name__)

	import os.path

	__opts__ = {}

	def ext_pillar( pillar, **kwargs ):
	"""Provide certificate information to the minion"""
	ca_pillar = {}
	host_id = __opts__['id']
	for pillar_key, ca_dir in kwargs.iteritems():
	cacert_path = os.path.join(ca_dir, 'cacert.pem')
	cert_path = os.path.join(ca_dir, 'certs', "".join([host_id, '.crt']))
	key_path = os.path.join(ca_dir, 'private', "".join([host_id, '.key']))
	try:
	cacert = open(cacert_path,'r').read()
	key = open(key_path,'r').read()
	cert = open(cert_path, 'r').read()

	ca_pillar[pillar_key] = {
	"cacert": cacert,
	"key": key,
	"cert": cert
	}

	except IOError:
	continue

	return ca_pillar