diff options
author | Chen, Tingjie <tingjie.chen@intel.com> | 2020-05-25 14:26:26 +0800 |
---|---|---|
committer | Chen, Tingjie <tingjie.chen@intel.com> | 2020-05-30 11:48:31 +0800 |
commit | 22f755508a107c689f325042c4abaa98c5bd450e (patch) | |
tree | 669bf0079f12b96f156d7cfc7041f7ee5c8b9f2f /kud/deployment_infra/playbooks/setup-ca.sh | |
parent | 079d214800484b0bfedd22fc72f4b3c61ecc6f83 (diff) |
Add support for pmem-csi plugin and e2e test
Issue-ID: MULTICLOUD-1046
Change-Id: I1853e071a99702c5e6f7ba9ca819746576fd0aca
Signed-off-by: Chen, Tingjie <tingjie.chen@intel.com>
Diffstat (limited to 'kud/deployment_infra/playbooks/setup-ca.sh')
-rwxr-xr-x | kud/deployment_infra/playbooks/setup-ca.sh | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/kud/deployment_infra/playbooks/setup-ca.sh b/kud/deployment_infra/playbooks/setup-ca.sh new file mode 100755 index 00000000..77addc71 --- /dev/null +++ b/kud/deployment_infra/playbooks/setup-ca.sh @@ -0,0 +1,51 @@ +#!/bin/sh + +# Directory to use for storing intermediate files. +CA=${CA:="pmem-ca"} +WORKDIR=${WORKDIR:-$(mktemp -d -u -t pmem-XXXX)} +mkdir -p $WORKDIR +cd $WORKDIR + +# Check for cfssl utilities. +cfssl_found=1 +(command -v cfssl 2>&1 >/dev/null && command -v cfssljson 2>&1 >/dev/null) || cfssl_found=0 +if [ $cfssl_found -eq 0 ]; then + echo "cfssl tools not found, Please install cfssl and cfssljson." + exit 1 +fi + +# Generate CA certificates. +<<EOF cfssl -loglevel=3 gencert -initca - | cfssljson -bare ca +{ + "CN": "$CA", + "key": { + "algo": "rsa", + "size": 2048 + } +} +EOF + +# Generate server and client certificates. +DEFAULT_CNS="pmem-registry pmem-node-controller" +CNS="${DEFAULT_CNS} ${EXTRA_CNS:=""}" +for name in ${CNS}; do + <<EOF cfssl -loglevel=3 gencert -ca=ca.pem -ca-key=ca-key.pem - | cfssljson -bare $name +{ + "CN": "$name", + "hosts": [ + $(if [ "$name" = "pmem-registry" ]; then + # Some extra names needed for scheduler extender and webhook. + echo '"pmem-csi-scheduler", "pmem-csi-scheduler.default", "pmem-csi-scheduler.default.svc", "127.0.0.1",' + # And for metrics server. + echo '"pmem-csi-metrics", "pmem-csi-metrics.default", "pmem-csi-metrics.default.svc",' + fi + ) + "$name" + ], + "key": { + "algo": "ecdsa", + "size": 256 + } +} +EOF +done |