fuel-library/deployment/puppet/osnailyfacter/modular/astute/generate_haproxy_keys.sh
Stanislaw Bogatkin db292165c5 Implement SSL keys generation
Keys are generated in astute prehook and saved in master
node for further use. In current implementation only
one key for haproxy is generated and then it will be used
for all public OpenStack URLs.
If self-signed certificates are created then new astute
prehook task added will copy those certificates to
apropriate nodes.

Also this change adds new ssl modular task that checks
if user uploaded certificate exists and saves it from
yaml to local node filesystem.

Implements: blueprint ssl-endpoints
Depends-On: I2261dcfb55743b0fb31f4cbe42e7793176c8e1c0
Change-Id: Ifcd9194b51129ea262363196a9963a96cc5760bb
2015-07-14 09:13:31 -05:00

35 lines
906 B
Bash
Executable File

#!/bin/sh
while getopts ":i:h:o:p:" opt; do
case $opt in
i) cluster_id=$OPTARG
;;
h) cn_name=$OPTARG
;;
o) open_ssl_keys=$OPTARG
;;
p) keys_path=$OPTARG
;;
esac
done
BASE_PATH="$keys_path/$cluster_id"
CONF_PATH=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
function generate_open_ssl_keys {
for i in $open_ssl_keys
do
local dir_path="$BASE_PATH/$i"
local key_path="$dir_path/public_$i.key"
local crt_path="$dir_path/public_$i.crt"
mkdir -p $dir_path
if [ ! -f $key_path ]; then
env SSL_CN_NAME="$cn_name" bash -c "openssl req -newkey rsa:2048 -nodes -keyout $key_path -x509 -days 3650 -out $crt_path -config $CONF_PATH/openssl.cnf 2>&1"
cat "$crt_path" "$key_path" > "$dir_path/public_$i.pem"
else
echo "Key $key_path already exists"
fi
done
}
generate_open_ssl_keys