Sylvain Desbureaux | 16bdf24 | 2020-12-07 10:28:24 +0100 | [diff] [blame] | 1 | # SPDX-License-Identifier: Apache-2.0 |
| 2 | |
| 3 | #!/bin/bash |
| 4 | |
| 5 | # |
| 6 | # Create root certificate CA (Certificate Authority) and its private key. |
| 7 | # Create the package certificate issued by CA |
| 8 | # Copy the stuff to SDC ONBOARDING and Robot pods. |
| 9 | # |
| 10 | |
| 11 | |
| 12 | |
| 13 | SDCVALID=sdc-valid |
| 14 | SDCINVALID=sdc-invalid |
| 15 | ROBOTPOD=$(kubectl -n $NAMESPACE get pods --no-headers=true -o custom-columns=:metadata.name | grep robot ) |
| 16 | SDCONBOARDINGPOD=$(kubectl -n $NAMESPACE get pods --no-headers=true -o custom-columns=:metadata.name | grep sdc-onboarding-be | grep -v cassandra) |
| 17 | |
| 18 | generate_ca_key_cert_and_package_cert_issued_by_CA () { |
| 19 | openssl req -batch -new -nodes -x509 -days 36500 -keyout rootCA-private-robot-$1.key -out rootCA-robot-$1.cert |
| 20 | openssl req -batch -new -nodes -keyout package-private-robot-$1.key -out package-robot-$1.csr |
| 21 | openssl x509 -req -CA rootCA-robot-$1.cert -CAkey rootCA-private-robot-$1.key -CAcreateserial -in package-robot-$1.csr -out package-robot-$1.cert |
| 22 | } |
| 23 | |
| 24 | |
| 25 | copy_root_cert_to_sdc_onboarding () { |
| 26 | kubectl cp $1/rootCA-robot-$5.cert $2/$3:$4 |
| 27 | } |
| 28 | |
| 29 | copy_package_certs_to_robot () { |
| 30 | for f in package-robot-$5.cert package-private-robot-$5.key |
| 31 | do |
| 32 | kubectl cp $1/$f $2/$3:$4 |
| 33 | done |
| 34 | } |
| 35 | |
| 36 | mkdir "$DIR/$SCRIPTDIR/tmp" |
| 37 | cd "$DIR/$SCRIPTDIR/tmp" |
| 38 | if [[ -f rootCA-robot-$SDCVALID.cert && -f package-robot-$SDCVALID.cert && -f package-robot-$SDCINVALID.cert && -f package-private-robot-$SDCVALID.key && -f package-private-robot-$SDCINVALID.key ]]; then |
| 39 | echo "All files are present"; |
| 40 | else |
| 41 | generate_ca_key_cert_and_package_cert_issued_by_CA $SDCVALID |
| 42 | generate_ca_key_cert_and_package_cert_issued_by_CA $SDCINVALID |
| 43 | |
| 44 | fi |
| 45 | cd ../../.. |
| 46 | copy_root_cert_to_sdc_onboarding "$DIR/$SCRIPTDIR/tmp" "$NAMESPACE" "$SDCONBOARDINGPOD" "/var/lib/jetty/cert" $SDCVALID |
| 47 | copy_package_certs_to_robot "$DIR/$SCRIPTDIR/tmp" "$NAMESPACE" "$ROBOTPOD" "/tmp" $SDCVALID |
| 48 | copy_package_certs_to_robot "$DIR/$SCRIPTDIR/tmp" "$NAMESPACE" "$ROBOTPOD" "/tmp" $SDCINVALID |
| 49 | |