From e7063472af571da7a88a2c5d63b34ec6a2053f96 Mon Sep 17 00:00:00 2001 From: mrichomme Date: Thu, 14 May 2020 10:08:03 +0200 Subject: Create hvves-ci to include setup step hvves setup (certificate creation and propagation) is needed priori to run hvves. Issue-ID: INT-1594 Signed-off-by: mrichomme Change-Id: I4ecd1522dce36cb46b09e290d1ac0ea065c828b4 Signed-off-by: mrichomme --- setup-hvves.sh | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100755 setup-hvves.sh (limited to 'setup-hvves.sh') diff --git a/setup-hvves.sh b/setup-hvves.sh new file mode 100755 index 00000000..040b2fb2 --- /dev/null +++ b/setup-hvves.sh @@ -0,0 +1,63 @@ +#!/bin/bash + +# +# Generate HV-VES SSL related certs. +# Copy the stuff to HV-VES and Robot pods. +# +NAMESPACE=${NAMESPACE:-onap} +DIR=${DIR:"/tmp"} + +HVVESPOD=$(kubectl -n $NAMESPACE get pods --no-headers=true -o custom-columns=:metadata.name | grep hv-ves) + + +generate_ca_key_cert () { +openssl genrsa -out $1/ca.key 2048 +openssl req -new -x509 -days 36500 -key $1/ca.key -out $1/ca.pem -subj /CN=dcae-hv-ves-ca.onap +} + +generate_server_key_csr () { +openssl genrsa -out $1/server.key 2048 +openssl req -new -key $1/server.key -out $1/server.csr -subj /CN=dcae-hv-ves-collector.onap +} + +generate_client_key_csr () { +openssl genrsa -out $1/client.key 2048 +openssl req -new -key $1/client.key -out $1/client.csr -subj /CN=dcae-hv-ves-client.onap +} + +sign_server_and_client_cert () { +openssl x509 -req -days 36500 -in $1/server.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/server.pem -set_serial 00 +openssl x509 -req -days 36500 -in $1/client.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/client.pem -set_serial 00 +} + +create_pkcs12_ca_and_server () { +openssl pkcs12 -export -out $1/ca.p12 -inkey $1/ca.key -in $1/ca.pem -passout pass: +openssl pkcs12 -export -out $1/server.p12 -inkey $1/server.key -in $1/server.pem -passout pass: +} + +copy_server_certs_to_hvves () { +for f in {ca.p12,server.p12} +do +kubectl cp $1/$f $2/$3:$4 +done +} + +copy_client_certs_to_robot () { +for f in {ca.pem,client.key,client.pem} +do +kubectl cp $1/$f $2/$3:$4 +done +} + +cleanup () { +rm -f $1/{ca,server,client}.??? +} + + +generate_ca_key_cert "$DIR" +generate_server_key_csr "$DIR" +generate_client_key_csr "$DIR" +sign_server_and_client_cert "$DIR" +create_pkcs12_ca_and_server "$DIR" +copy_server_certs_to_hvves "$DIR" "$NAMESPACE" "$HVVESPOD" "$DIR" +cleanup "$DIR" -- cgit 1.2.3-korg