diff options
author | Petr Ospalý <p.ospaly@partner.samsung.com> | 2018-12-20 09:22:21 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2018-12-20 09:22:21 +0000 |
commit | 4ec8c338c2f6cd038acee1c0c0d34ea6f1b9d868 (patch) | |
tree | 755b6a6089b41de9f157beb0081587705c77f8d2 | |
parent | 74d308bfd0eb68fac7207492fc739980082c04af (diff) | |
parent | 94fb571669bf471bf1c7e857e686fdb0db3e7fac (diff) |
Merge "Add certificate extraction and generation"
-rwxr-xr-x | bash/tools/certificates/2create_cert_for_nginx.sh | 47 | ||||
-rwxr-xr-x | bash/tools/certificates/self_extract_cacert.sh | 55 |
2 files changed, 102 insertions, 0 deletions
diff --git a/bash/tools/certificates/2create_cert_for_nginx.sh b/bash/tools/certificates/2create_cert_for_nginx.sh new file mode 100755 index 00000000..a9adb520 --- /dev/null +++ b/bash/tools/certificates/2create_cert_for_nginx.sh @@ -0,0 +1,47 @@ +#! /usr/bin/env bash + +# COPYRIGHT NOTICE STARTS HERE +# +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# COPYRIGHT NOTICE ENDS HERE + + +# fail fast +set -e + +# boilerplate +RELATIVE_PATH=../ # relative path from this script to 'common-functions.sh' +if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then + SCRIPT_DIR=$(dirname "${0}") + LOCAL_PATH=$(readlink -f "$SCRIPT_DIR") + . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh +fi + +message info "Reading configuration" +get_configuration + +update_hosts + +message info "Restarting dnsmasq" +systemctl enable dnsmasq +systemctl restart dnsmasq + +message info "Configure ssl certificates" +create_cert "nexus" + +message info "** Certificates finished **" + +docker restart nginx diff --git a/bash/tools/certificates/self_extract_cacert.sh b/bash/tools/certificates/self_extract_cacert.sh new file mode 100755 index 00000000..1e7a5abc --- /dev/null +++ b/bash/tools/certificates/self_extract_cacert.sh @@ -0,0 +1,55 @@ +#! /bin/sh + +# COPYRIGHT NOTICE STARTS HERE +# +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# COPYRIGHT NOTICE ENDS HERE + + + +extract_ca() { + cpath=$1 + sed '0,/^#EOF#$/d' $0 > $cpath; + echo "Certificate installed into: $cpath" +} + +OS_ID=$(awk -F= '/^ID=/{print $2}' /etc/os-release) +OS_ID="${OS_ID%\"}" +OS_ID="${OS_ID#\"}" + +if [ "$OS_ID" = "rhel" -o "$OS_ID" = "centos" ]; then + # for centos/ rhel + echo "Detected rhel like distribution" + + update-ca-trust force-enable + extract_ca /etc/pki/ca-trust/source/anchors/rootCAcert.crt + update-ca-trust extract + +elif [ "$OS_ID" = "ubuntu" ]; then + echo "Detected ubuntu distribution" + + mkdir -p /usr/local/share/ca-certificates/extra + extract_ca /usr/local/share/ca-certificates/extra/rootCAcert.crt + update-ca-certificates +else + echo "OS $OS_ID is not supported" + exit -2 +fi + +echo "** Please restart docker (because of reload new CA) **" + +exit 0 +#EOF# |