Separate CA/ dir into code and state.

14 files changed, 20 insertions, 6 deletions

diff --git a/MANIFEST.in b/MANIFEST.in
index bf30d1546..e7a6e7da4 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -1,7 +1,7 @@
 include HACKING LICENSE run_tests.py run_tests.sh
 include README builddeb.sh exercise_rsapi.py
 include ChangeLog MANIFEST.in pylintrc Authors
-graft CA
+graft nova/CA
 graft doc
 graft smoketests
 graft tools
diff --git a/CA/.gitignore b/nova/CA/.gitignore
index fae0922bf..fae0922bf 100644
--- a/CA/.gitignore
+++ b/nova/CA/.gitignore
diff --git a/CA/geninter.sh b/nova/CA/geninter.sh
index 1fbcc9e73..4b7f5a55c 100755
--- a/CA/geninter.sh
+++ b/nova/CA/geninter.sh
@@ -23,7 +23,7 @@ mkdir -p projects/$NAME
 cd projects/$NAME
 cp ../../openssl.cnf.tmpl openssl.cnf
 sed -i -e s/%USERNAME%/$NAME/g openssl.cnf
-mkdir certs crl newcerts private
+mkdir -p certs crl newcerts private
 openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf -batch -nodes
 echo "10" > serial
 touch index.txt
diff --git a/CA/genrootca.sh b/nova/CA/genrootca.sh
index 8f2c3ee3f..091cf17fc 100755
--- a/CA/genrootca.sh
+++ b/nova/CA/genrootca.sh
@@ -20,8 +20,9 @@ if [ -f "cacert.pem" ];
 then
     echo "Not installing, it's already done."
 else
-    cp openssl.cnf.tmpl openssl.cnf
+    cp "$(dirname $0)/openssl.cnf.tmpl" openssl.cnf
     sed -i -e s/%USERNAME%/ROOT/g openssl.cnf
+    mkdir -p certs crl newcerts private
     openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf -batch -nodes
     touch index.txt
     echo "10" > serial
diff --git a/CA/genvpn.sh b/nova/CA/genvpn.sh
index 7e7db185d..7e7db185d 100755
--- a/CA/genvpn.sh
+++ b/nova/CA/genvpn.sh
diff --git a/CA/newcerts/.placeholder b/nova/CA/newcerts/.placeholder
index e69de29bb..e69de29bb 100644
--- a/CA/newcerts/.placeholder
+++ b/nova/CA/newcerts/.placeholder
diff --git a/CA/openssl.cnf.tmpl b/nova/CA/openssl.cnf.tmpl
index dd81f1c2b..dd81f1c2b 100644
--- a/CA/openssl.cnf.tmpl
+++ b/nova/CA/openssl.cnf.tmpl
diff --git a/CA/private/.placeholder b/nova/CA/private/.placeholder
index e69de29bb..e69de29bb 100644
--- a/CA/private/.placeholder
+++ b/nova/CA/private/.placeholder
diff --git a/CA/projects/.gitignore b/nova/CA/projects/.gitignore
index 72e8ffc0d..72e8ffc0d 100644
--- a/CA/projects/.gitignore
+++ b/nova/CA/projects/.gitignore
diff --git a/CA/projects/.placeholder b/nova/CA/projects/.placeholder
index e69de29bb..e69de29bb 100644
--- a/CA/projects/.placeholder
+++ b/nova/CA/projects/.placeholder
diff --git a/CA/reqs/.gitignore b/nova/CA/reqs/.gitignore
index 72e8ffc0d..72e8ffc0d 100644
--- a/CA/reqs/.gitignore
+++ b/nova/CA/reqs/.gitignore
diff --git a/CA/reqs/.placeholder b/nova/CA/reqs/.placeholder
index e69de29bb..e69de29bb 100644
--- a/CA/reqs/.placeholder
+++ b/nova/CA/reqs/.placeholder
diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py
index 425784e8a..5d6d9537a 100644
--- a/nova/api/ec2/cloud.py
+++ b/nova/api/ec2/cloud.py
@@ -103,10 +103,17 @@ class CloudController(object):
         # Gen root CA, if we don't have one
         root_ca_path = os.path.join(FLAGS.ca_path, FLAGS.ca_file)
         if not os.path.exists(root_ca_path):
+            genrootca_sh_path = os.path.join(os.path.dirname(__file__),
+                                             os.path.pardir,
+                                             os.path.pardir,
+                                             'CA',
+                                             'genrootca.sh')
+
             start = os.getcwd()
+            os.makedirs(FLAGS.ca_path)
             os.chdir(FLAGS.ca_path)
             # TODO(vish): Do this with M2Crypto instead
-            utils.runthis(_("Generating root CA: %s"), "sh", "genrootca.sh")
+            utils.runthis(_("Generating root CA: %s"), "sh", genrootca_sh_path)
             os.chdir(start)
 
     def _get_mpi_data(self, context, project_id):
diff --git a/nova/crypto.py b/nova/crypto.py
index b112e5b92..2b122e560 100644
--- a/nova/crypto.py
+++ b/nova/crypto.py
@@ -215,9 +215,12 @@ def generate_x509_cert(user_id, project_id, bits=1024):
 
 def _ensure_project_folder(project_id):
     if not os.path.exists(ca_path(project_id)):
+        geninter_sh_path = os.path.join(os.path.dirname(__file__),
+                                        'CA',
+                                        'geninter.sh')
         start = os.getcwd()
         os.chdir(ca_folder())
-        utils.execute('sh', 'geninter.sh', project_id,
+        utils.execute('sh', geninter_sh_path, project_id,
                       _project_cert_subject(project_id))
         os.chdir(start)
 
@@ -227,13 +230,16 @@ def generate_vpn_files(project_id):
     csr_fn = os.path.join(project_folder, "server.csr")
     crt_fn = os.path.join(project_folder, "server.crt")
 
+    genvpn_sh_path = os.path.join(os.path.dirname(__file__),
+                                  'CA',
+                                  'geninter.sh')
     if os.path.exists(crt_fn):
         return
     _ensure_project_folder(project_id)
     start = os.getcwd()
     os.chdir(ca_folder())
     # TODO(vish): the shell scripts could all be done in python
-    utils.execute('sh', 'genvpn.sh',
+    utils.execute('sh', genvpn_sh_path,
                   project_id, _vpn_cert_subject(project_id))
     with open(csr_fn, "r") as csrfile:
         csr_text = csrfile.read()