diff options
| -rw-r--r-- | ansible/roles/certificates/tasks/generate-certificates.yml | 34 | ||||
| -rw-r--r-- | ansible/roles/certificates/templates/v3.ext.j2 | 9 | ||||
| -rwxr-xr-x | build/package.sh | 29 | ||||
| -rw-r--r-- | docs/BuildGuide.rst | 2 |
4 files changed, 38 insertions, 36 deletions
diff --git a/ansible/roles/certificates/tasks/generate-certificates.yml b/ansible/roles/certificates/tasks/generate-certificates.yml index ac8fe1e3..9bf75fff 100644 --- a/ansible/roles/certificates/tasks/generate-certificates.yml +++ b/ansible/roles/certificates/tasks/generate-certificates.yml @@ -66,25 +66,19 @@ extended_key_usage: - serverAuth subject_alt_name: - "{{ simulated_hosts | map('regex_replace', '(.*)', 'DNS:\\1') | list }}" + "{{ all_simulated_hosts | map('regex_replace', '(.*)', 'DNS:\\1') | list }}" -- name: Generate v3 extension config file - template: - src: v3.ext.j2 - dest: "{{ certificates_local_dir }}/v3.ext" - -# Signing certificate is added to Ansible in version 2.7 (release date 04.10.2018) -# Currently using 2.6.3 - name: Sign Nexus certificate - command: > - openssl - x509 - -req - -in "{{ certificates_local_dir }}/nexus_server.csr" - -extfile "{{ certificates_local_dir }}/v3.ext" - -CA "{{ certificates_local_dir }}/rootCA.crt" - -CAkey "{{ certificates_local_dir }}/rootCA.key" - -CAcreateserial - -out "{{ certificates_local_dir }}/nexus_server.crt" - -days 3650 - -sha256 + openssl_certificate: + provider: ownca + path: "{{ certificates_local_dir }}/nexus_server.crt" + csr_path: "{{ certificates_local_dir }}/nexus_server.csr" + ownca_path: "{{ certificates_local_dir }}/rootCA.crt" + ownca_privatekey_path: "{{ certificates_local_dir }}/rootCA.key" + key_usage: + - digitalSignature + - nonRepudiation + - keyEncipherment + - dataEncipherment + subject_alt_name: + "{{ all_simulated_hosts | map('regex_replace', '(.*)', 'DNS:\\1') | list }}" diff --git a/ansible/roles/certificates/templates/v3.ext.j2 b/ansible/roles/certificates/templates/v3.ext.j2 deleted file mode 100644 index 7be946fd..00000000 --- a/ansible/roles/certificates/templates/v3.ext.j2 +++ /dev/null @@ -1,9 +0,0 @@ -authorityKeyIdentifier=keyid,issuer -basicConstraints=CA:FALSE -keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment -subjectAltName = @alt_names - -[alt_names] -{% for name in all_simulated_hosts -%} - DNS.{{ loop.index }} = {{ name }} -{% endfor %} diff --git a/build/package.sh b/build/package.sh index cd2531c4..c527db2e 100755 --- a/build/package.sh +++ b/build/package.sh @@ -33,8 +33,15 @@ crash () { usage () { echo "Usage:" - echo " ./$(basename $0) <project_name> <version> <packaging_target_dir> [--conf <file>]" - echo "Example: ./$(basename $0) myproject 1.0.1 /tmp/package --conf ~/myproject.conf" + echo " ./$(basename $0) <project_name> <version> <packaging_target_dir> [--conf <file>] [--force]" + echo "" + echo "Options:" + echo " --force Remove packaging_target_dir if exists prior to script execution" + echo " --conf Custom configuration file path for script" + echo "" + echo "Example:" + echo " ./$(basename $0) myproject 1.0.1 /tmp/package --conf ~/myproject.conf" + echo "" echo "packaging_target_dir will be created if does not exist. All tars will be produced into it." } @@ -194,17 +201,20 @@ APPLICATION_FILES_IN_PACKAGE="ansible/application" HELM_CHARTS_DIR_IN_PACKAGE="${APPLICATION_FILES_IN_PACKAGE}/helm_charts" if [ "$#" -lt 3 ]; then - echo "Missing some mandatory parameter!" + echo "Missing some mandatory arguments!" usage exit 1 fi CONF_FILE="" +FORCE_REMOVE=0 for arg in "$@"; do shift case "$arg" in -c|--conf) CONF_FILE="$1" ;; + --force) + FORCE_REMOVE=1 ;; *) set -- "$@" "$arg" esac @@ -224,10 +234,17 @@ pushd ${LOCAL_PATH} # checking bash capability of parsing arrays whotest[0]='test' || (crash 3 "Arrays not supported in this version of bash.") +# Prepare output directory for our packaging +# Check target dir exists and is not empty +if [ -d ${PACKAGING_TARGET_DIR} ] && [ "$(ls -A ${PACKAGING_TARGET_DIR})" ]; then + if [ ${FORCE_REMOVE} -eq 0 ]; then + crash 1 "Target directory not empty. Use --force to overwrite it." + else + rm -rf ${PACKAGING_TARGET_DIR} + fi +fi -# Prepare output directory for our packaging and create all tars - -rm -rf ${PACKAGING_TARGET_DIR} +# Create all tars build_sw_artifacts create_sw_package create_resource_package diff --git a/docs/BuildGuide.rst b/docs/BuildGuide.rst index 96c1fbf2..8857945c 100644 --- a/docs/BuildGuide.rst +++ b/docs/BuildGuide.rst @@ -62,7 +62,7 @@ Then it is necessary to clone all installer and build related repositories and p # prepare the onap build directory structure cd /tmp - git clone -b casablanca https://gerrit.onap.org/r/oom/offline-installer + git clone https://gerrit.onap.org/r/oom/offline-installer onap-offline cd onap-offline Part 2. Download artifacts for offline installer |