aboutsummaryrefslogtreecommitdiffstats
path: root/setup-hvves.sh
diff options
context:
space:
mode:
authormrichomme <morgan.richomme@orange.com>2020-05-14 10:08:03 +0200
committermrichomme <morgan.richomme@orange.com>2020-05-14 10:16:37 +0200
commite7063472af571da7a88a2c5d63b34ec6a2053f96 (patch)
treee91496054d1b9e5c3eaf268a9fae26be4e5c19ec /setup-hvves.sh
parent8786091cf65f2f525c0f365bd1eb42efd0511ca9 (diff)
Create hvves-ci to include setup step
hvves setup (certificate creation and propagation) is needed priori to run hvves. Issue-ID: INT-1594 Signed-off-by: mrichomme <morgan.richomme@orange.com> Change-Id: I4ecd1522dce36cb46b09e290d1ac0ea065c828b4 Signed-off-by: mrichomme <morgan.richomme@orange.com>
Diffstat (limited to 'setup-hvves.sh')
-rwxr-xr-xsetup-hvves.sh63
1 files changed, 63 insertions, 0 deletions
diff --git a/setup-hvves.sh b/setup-hvves.sh
new file mode 100755
index 00000000..040b2fb2
--- /dev/null
+++ b/setup-hvves.sh
@@ -0,0 +1,63 @@
+#!/bin/bash
+
+#
+# Generate HV-VES SSL related certs.
+# Copy the stuff to HV-VES and Robot pods.
+#
+NAMESPACE=${NAMESPACE:-onap}
+DIR=${DIR:"/tmp"}
+
+HVVESPOD=$(kubectl -n $NAMESPACE get pods --no-headers=true -o custom-columns=:metadata.name | grep hv-ves)
+
+
+generate_ca_key_cert () {
+openssl genrsa -out $1/ca.key 2048
+openssl req -new -x509 -days 36500 -key $1/ca.key -out $1/ca.pem -subj /CN=dcae-hv-ves-ca.onap
+}
+
+generate_server_key_csr () {
+openssl genrsa -out $1/server.key 2048
+openssl req -new -key $1/server.key -out $1/server.csr -subj /CN=dcae-hv-ves-collector.onap
+}
+
+generate_client_key_csr () {
+openssl genrsa -out $1/client.key 2048
+openssl req -new -key $1/client.key -out $1/client.csr -subj /CN=dcae-hv-ves-client.onap
+}
+
+sign_server_and_client_cert () {
+openssl x509 -req -days 36500 -in $1/server.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/server.pem -set_serial 00
+openssl x509 -req -days 36500 -in $1/client.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/client.pem -set_serial 00
+}
+
+create_pkcs12_ca_and_server () {
+openssl pkcs12 -export -out $1/ca.p12 -inkey $1/ca.key -in $1/ca.pem -passout pass:
+openssl pkcs12 -export -out $1/server.p12 -inkey $1/server.key -in $1/server.pem -passout pass:
+}
+
+copy_server_certs_to_hvves () {
+for f in {ca.p12,server.p12}
+do
+kubectl cp $1/$f $2/$3:$4
+done
+}
+
+copy_client_certs_to_robot () {
+for f in {ca.pem,client.key,client.pem}
+do
+kubectl cp $1/$f $2/$3:$4
+done
+}
+
+cleanup () {
+rm -f $1/{ca,server,client}.???
+}
+
+
+generate_ca_key_cert "$DIR"
+generate_server_key_csr "$DIR"
+generate_client_key_csr "$DIR"
+sign_server_and_client_cert "$DIR"
+create_pkcs12_ca_and_server "$DIR"
+copy_server_certs_to_hvves "$DIR" "$NAMESPACE" "$HVVESPOD" "$DIR"
+cleanup "$DIR"