aboutsummaryrefslogtreecommitdiffstats
path: root/plans/oom-platform-cert-service/certservice/setup.sh
blob: 0e2a4653ec870d24e3389f7b4fa9e3ede62d15b8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
#!/bin/bash
#
# Copyright 2020 Nokia.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

# ------------------------------------
# Resolve path to script's directory and cmp servers configuration

SCRIPT=`realpath $0`
CURRENT_WORKDIR_PATH=`dirname $SCRIPT`
PROJECT_DIRECTORY="plans/oom-platform-cert-service/certservice"

RESOURCES_DIRECTORY="resources"

JENKINS_RESOURCES_PATH="$CURRENT_WORKDIR_PATH/$PROJECT_DIRECTORY/$RESOURCES_DIRECTORY"
LOCAL_RESOURCES_PATH="$CURRENT_WORKDIR_PATH/$RESOURCES_DIRECTORY"

# ------------------------------------
#Prepare enviroment for client
#install docker sdk
echo "Uninstall docker-py and reinstall docker."
pip uninstall -y docker-py
pip uninstall -y docker
pip install -U docker==2.7.0

#reinstall pyopenssl library
echo "Reinstall pyopenssl library."
pip uninstall pyopenssl -y
pip install pyopenssl==17.5.0

#install pyjks for .jks files management
pip install pyjks

#Disable proxy - for local run
unset http_proxy https_proxy

#export container name
export ClientContainerName=CertServiceClient
# ------------------------------------

if test -d "$JENKINS_RESOURCES_PATH"; then
    RESOURCES_PATH=$JENKINS_RESOURCES_PATH
else test -f "$LOCAL_RESOURCES_PATH";
    RESOURCES_PATH=$LOCAL_RESOURCES_PATH
fi
echo "Use resources from: $RESOURCES_PATH"

CONFIGURATION_FILE="cmpServers.json"

JENKINS_CONFIGURATION_PATH="$CURRENT_WORKDIR_PATH/$PROJECT_DIRECTORY/$CONFIGURATION_FILE"
LOCAL_CONFIGURATION_PATH="$CURRENT_WORKDIR_PATH/$CONFIGURATION_FILE"

if test -f "$JENKINS_CONFIGURATION_PATH"; then
    CONFIGURATION_PATH="$JENKINS_CONFIGURATION_PATH"
else test -f "$LOCAL_CONFIGURATION_PATH";
    CONFIGURATION_PATH=$LOCAL_CONFIGURATION_PATH
fi
echo "Use configuration from: $CONFIGURATION_PATH"

# -------------------------------------

export CONFIGURATION_PATH=${CONFIGURATION_PATH}
export RESOURCES_PATH=${RESOURCES_PATH}

#Generate keystores, truststores, certificates and keys
mkdir -p ${WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/
make all -C ./certs/
cp ${WORKSPACE}/plans/oom-platform-cert-service/certservice/certs/root.crt ${WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/root.crt
echo "Generated keystores"
openssl pkcs12 -in ${WORKSPACE}/plans/oom-platform-cert-service/certservice/certs/certServiceServer-keystore.p12 -clcerts -nokeys -password pass:secret | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ${WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/certServiceServer.crt
echo "Generated server certificate"
openssl pkcs12 -in ${WORKSPACE}/plans/oom-platform-cert-service/certservice/certs/certServiceServer-keystore.p12 -nocerts -nodes -password pass:secret| sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > ${WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/certServiceServer.key
echo "Generated server key"

docker-compose up -d

OOMCERT_IP='none'
# Wait container ready
for i in {1..9}
do
   OOMCERT_IP=`get-instance-ip.sh oomcert-service`
   RESP_CODE=$(curl -s https://localhost:8443/actuator/health --cacert ./certs/root.crt --cert-type p12 --cert ./certs/certServiceServer-keystore.p12 --pass secret | \
   python2 -c 'import json,sys;obj=json.load(sys.stdin);print obj["status"]')
   if [[ "$RESP_CODE" == "UP" ]]; then
       echo 'OOM Cert Service is ready'
       export OOMCERT_IP=${OOMCERT_IP}
       docker exec oomcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh
       break
   fi
   echo 'Waiting for OOM Cert Service to start up...'
   sleep 30s
done

if [ "$OOMCERT_IP" == 'none' -o "$OOMCERT_IP" == '' ]; then
    echo "OOM Cert Service is not ready!"
    exit 1 # Return error code
fi