phosphor-certificate-manager: Add recipe and certificate service

Add recipe and service files to start/stop nginx and nslcd services

To start/stop nginx service use
systemctl stop phosphor-certificate-manager@nginx.service
systemctl start phosphor-certificate-manager@nginx.service

To start/stop nslcd service use
systemctl stop phosphor-certificate-manager@nslcd.service
systemctl start phosphor-certificate-manager@nslcd.service

(From meta-phosphor rev: 08b55912f01f7a2b53ccc11fb8e508c9c8bc8a14)

Change-Id: Ie55613f8da061f9f948d645086db12be8239beea
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>

6 files changed, 95 insertions, 0 deletions

diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service b/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service
new file mode 100644
index 000000000..d661b75c4
--- /dev/null
+++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager/phosphor-certificate-manager@.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Phosphor certificate manager for %I
+
+[Service]
+EnvironmentFile={envfiledir}/obmc/cert/%I
+ExecStart=/usr/bin/env phosphor-certificate-manager --endpoint=${{ENDPOINT}} --path=${{CERTPATH}} --unit=${{UNIT}} --type=${{TYPE}}
+SyslogIdentifier=phosphor-certificate-manager
+Restart=always
+
+[Install]
+WantedBy={SYSTEMD_DEFAULT_TARGET}
diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager_git.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager_git.bb
new file mode 100644
index 000000000..9dd6739dc
--- /dev/null
+++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager_git.bb
@@ -0,0 +1,30 @@
+SUMMARY = "Phosphor Certificate Manager"
+DESCRIPTION = "Manages client and server certificates"
+HOMEPAGE = "https://github.com/openbmc/phosphor-certificate-manager"
+
+PR = "r1"
+PV = "0.1+git${SRCPV}"
+
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327"
+
+SRC_URI = "git://github.com/openbmc/phosphor-certificate-manager"
+SRCREV = "0aa0d11489cc8cfe4bf2662d138909eba96ccd04"
+
+inherit autotools \
+        pkgconfig \
+        obmc-phosphor-systemd
+
+DEPENDS = " \
+        phosphor-logging \
+        autoconf-archive-native \
+        phosphor-dbus-interfaces \
+        phosphor-dbus-interfaces-native \
+        sdbusplus \
+        sdbusplus-native \
+        "
+
+S = "${WORKDIR}/git"
+
+CERT_TMPL = "phosphor-certificate-manager@.service"
+SYSTEMD_SERVICE_${PN} = "${CERT_TMPL}"
diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-nginx-cert-config.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-nginx-cert-config.bb
new file mode 100644
index 000000000..d34ea7ef1
--- /dev/null
+++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-nginx-cert-config.bb
@@ -0,0 +1,15 @@
+SUMMARY = "Phosphor certificate manager configuration for an nginx certificate"
+
+PR = "r1"
+
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://${PHOSPHORBASE}/LICENSE;md5=784eea0404d452a8b0d1966b14c37b5c"
+
+RRECOMMENDS_${PN} = "phosphor-certificate-manager"
+
+inherit allarch
+inherit obmc-phosphor-systemd
+
+SYSTEMD_SERVICE_${PN} = ""
+SYSTEMD_ENVIRONMENT_FILE_${PN} = "obmc/cert/nginx"
+SYSTEMD_LINK_${PN} = "../phosphor-certificate-manager@.service:${SYSTEMD_DEFAULT_TARGET}.wants/phosphor-certificate-manager@nginx.service"
diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-nginx-cert-config/obmc/cert/nginx b/meta-phosphor/recipes-phosphor/certificate/phosphor-nginx-cert-config/obmc/cert/nginx
new file mode 100644
index 000000000..62d8760fe
--- /dev/null
+++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-nginx-cert-config/obmc/cert/nginx
@@ -0,0 +1,12 @@
+#REST URI endpoint
+#example: /xyz/openbmc_project/certs/server/https
+ENDPOINT=https
+
+#Path for the certificate file
+CERTPATH=/etc/ssl/certs/nginx/cert.pem
+
+#Units to restart
+UNIT=nginx.service
+
+#Type of the service client/server
+TYPE=server
diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-cert-config.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-cert-config.bb
new file mode 100644
index 000000000..d6f579953
--- /dev/null
+++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-cert-config.bb
@@ -0,0 +1,15 @@
+SUMMARY = "Phosphor certificate manager configuration for an nslcd certificate"
+
+PR = "r1"
+
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://${PHOSPHORBASE}/LICENSE;md5=784eea0404d452a8b0d1966b14c37b5c"
+
+RRECOMMENDS_${PN} = "phosphor-certificate-manager"
+
+inherit allarch
+inherit obmc-phosphor-systemd
+
+SYSTEMD_SERVICE_${PN} = ""
+SYSTEMD_ENVIRONMENT_FILE_${PN} = "obmc/cert/nslcd"
+SYSTEMD_LINK_${PN} = "../phosphor-certificate-manager@.service:${SYSTEMD_DEFAULT_TARGET}.wants/phosphor-certificate-manager@nslcd.service"
diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-cert-config/obmc/cert/nslcd b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-cert-config/obmc/cert/nslcd
new file mode 100644
index 000000000..03fbec1a5
--- /dev/null
+++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-nslcd-cert-config/obmc/cert/nslcd
@@ -0,0 +1,12 @@
+#REST URI endpoint
+#example: /xyz/openbmc_project/certs/client/ldap
+ENDPOINT=ldap
+
+#Path for the certificate file
+CERTPATH=/etc/nslcd/certs/cert.pem
+
+#Units to restart
+UNIT=nslcd.service
+
+#Type of the service client/server
+TYPE=client