db292165c5
Keys are generated in astute prehook and saved in master node for further use. In current implementation only one key for haproxy is generated and then it will be used for all public OpenStack URLs. If self-signed certificates are created then new astute prehook task added will copy those certificates to apropriate nodes. Also this change adds new ssl modular task that checks if user uploaded certificate exists and saves it from yaml to local node filesystem. Implements: blueprint ssl-endpoints Depends-On: I2261dcfb55743b0fb31f4cbe42e7793176c8e1c0 Change-Id: Ifcd9194b51129ea262363196a9963a96cc5760bb
47 lines
942 B
Bash
Executable File
47 lines
942 B
Bash
Executable File
#!/bin/sh
|
|
|
|
while getopts ":i:o:s:p:" opt; do
|
|
case $opt in
|
|
i) cluster_id=$OPTARG
|
|
;;
|
|
o) open_ssl_keys=$OPTARG
|
|
;;
|
|
s) ssh_keys=$OPTARG
|
|
;;
|
|
p) keys_path=$OPTARG
|
|
;;
|
|
esac
|
|
done
|
|
BASE_PATH=$keys_path/$cluster_id/
|
|
|
|
function generate_open_ssl_keys {
|
|
for i in $open_ssl_keys
|
|
do
|
|
local dir_path=$BASE_PATH$i/
|
|
local key_path=$dir_path$i.key
|
|
mkdir -p $dir_path
|
|
if [ ! -f $key_path ]; then
|
|
openssl rand -base64 741 > $key_path 2>&1
|
|
else
|
|
echo 'Key $key_path already exists'
|
|
fi
|
|
done
|
|
}
|
|
|
|
function generate_ssh_keys {
|
|
for i in $ssh_keys
|
|
do
|
|
local dir_path=$BASE_PATH$i/
|
|
local key_path=$dir_path$i
|
|
mkdir -p $dir_path
|
|
if [ ! -f $key_path ]; then
|
|
ssh-keygen -b 2048 -t rsa -N '' -f $key_path 2>&1
|
|
else
|
|
echo 'Key $key_path already exists'
|
|
fi
|
|
done
|
|
}
|
|
|
|
generate_open_ssl_keys
|
|
generate_ssh_keys
|