summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTomáš Levora <t.levora@partner.samsung.com>2018-12-20 09:02:23 +0100
committerTomáš Levora <t.levora@partner.samsung.com>2018-12-20 09:02:23 +0100
commit94fb571669bf471bf1c7e857e686fdb0db3e7fac (patch)
tree2cb7b58b6058ed00ddf3c733f69802c73c20898f
parent918c5707e29424bfdcf7e37cef3182cd3a8c8448 (diff)
Add certificate extraction and generation
Adding extraction and generation of certificates for nginx to handle SSL connection to nexus repository in bash installer Issue-ID: OOM-1551 Change-Id: Icf24bea5204c62f398a025178ff6d8a51d6bbb78 Signed-off-by: Tomáš Levora <t.levora@partner.samsung.com>
-rwxr-xr-xbash/tools/certificates/2create_cert_for_nginx.sh47
-rwxr-xr-xbash/tools/certificates/self_extract_cacert.sh55
2 files changed, 102 insertions, 0 deletions
diff --git a/bash/tools/certificates/2create_cert_for_nginx.sh b/bash/tools/certificates/2create_cert_for_nginx.sh
new file mode 100755
index 00000000..a9adb520
--- /dev/null
+++ b/bash/tools/certificates/2create_cert_for_nginx.sh
@@ -0,0 +1,47 @@
+#! /usr/bin/env bash
+
+# COPYRIGHT NOTICE STARTS HERE
+#
+# Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# COPYRIGHT NOTICE ENDS HERE
+
+
+# fail fast
+set -e
+
+# boilerplate
+RELATIVE_PATH=../ # relative path from this script to 'common-functions.sh'
+if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then
+ SCRIPT_DIR=$(dirname "${0}")
+ LOCAL_PATH=$(readlink -f "$SCRIPT_DIR")
+ . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh
+fi
+
+message info "Reading configuration"
+get_configuration
+
+update_hosts
+
+message info "Restarting dnsmasq"
+systemctl enable dnsmasq
+systemctl restart dnsmasq
+
+message info "Configure ssl certificates"
+create_cert "nexus"
+
+message info "** Certificates finished **"
+
+docker restart nginx
diff --git a/bash/tools/certificates/self_extract_cacert.sh b/bash/tools/certificates/self_extract_cacert.sh
new file mode 100755
index 00000000..1e7a5abc
--- /dev/null
+++ b/bash/tools/certificates/self_extract_cacert.sh
@@ -0,0 +1,55 @@
+#! /bin/sh
+
+# COPYRIGHT NOTICE STARTS HERE
+#
+# Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# COPYRIGHT NOTICE ENDS HERE
+
+
+
+extract_ca() {
+ cpath=$1
+ sed '0,/^#EOF#$/d' $0 > $cpath;
+ echo "Certificate installed into: $cpath"
+}
+
+OS_ID=$(awk -F= '/^ID=/{print $2}' /etc/os-release)
+OS_ID="${OS_ID%\"}"
+OS_ID="${OS_ID#\"}"
+
+if [ "$OS_ID" = "rhel" -o "$OS_ID" = "centos" ]; then
+ # for centos/ rhel
+ echo "Detected rhel like distribution"
+
+ update-ca-trust force-enable
+ extract_ca /etc/pki/ca-trust/source/anchors/rootCAcert.crt
+ update-ca-trust extract
+
+elif [ "$OS_ID" = "ubuntu" ]; then
+ echo "Detected ubuntu distribution"
+
+ mkdir -p /usr/local/share/ca-certificates/extra
+ extract_ca /usr/local/share/ca-certificates/extra/rootCAcert.crt
+ update-ca-certificates
+else
+ echo "OS $OS_ID is not supported"
+ exit -2
+fi
+
+echo "** Please restart docker (because of reload new CA) **"
+
+exit 0
+#EOF#