2020-08-20 22:39:17 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
2020-09-11 09:07:51 -07:00
|
|
|
# This is the path inside the ramdisk, referenced in config files
|
|
|
|
|
INSIDEDIR=/etc/ironic-python-agent.d/
|
|
|
|
|
|
|
|
|
|
# but when copying files from outside the ramdisk, we have to use the mounted
|
|
|
|
|
# DIB filesystems
|
|
|
|
|
KEYDIR=$TMP_BUILD_DIR/mnt/$INSIDEDIR
|
|
|
|
|
|
2020-09-09 14:54:48 -07:00
|
|
|
CONFFILE=$KEYDIR/10-configure-tls.conf
|
|
|
|
|
CACONFFILE=$KEYDIR/11-configure-client-cert-ca.conf
|
2020-08-20 22:39:17 +00:00
|
|
|
|
|
|
|
|
if [[ -z $DIB_IPA_CERT_FILE ]] && [[ -z $DIB_IPA_KEY_FILE ]]; then
|
|
|
|
|
echo "Both DIB_IPA_CERT_FILE and DIB_IPA_KEY_FILE are not set; generating self-signed cert"
|
2020-09-09 14:54:48 -07:00
|
|
|
sudo openssl req -new -nodes -newkey rsa:4096 -days ${DIB_IPA_CERT_EXPIRATION:-1095} -x509 -subj "/C=US/ST=NA/L=NA/O=NA/CN=${DIB_IPA_CERT_HOSTNAME:-ipa-ramdisk.example.com}" -keyout $KEYDIR/agent.key -out $KEYDIR/agent.crt
|
2020-08-20 22:39:17 +00:00
|
|
|
else
|
|
|
|
|
sudo cp $DIB_IPA_CERT_FILE $KEYDIR/agent.crt
|
|
|
|
|
sudo cp $DIB_IPA_KEY_FILE $KEYDIR/agent.key
|
|
|
|
|
fi
|
|
|
|
|
|
2020-09-09 14:54:48 -07:00
|
|
|
cat <<EOF | sudo tee $CONFFILE
|
2020-08-20 22:39:17 +00:00
|
|
|
[DEFAULT]
|
|
|
|
|
listen_tls = True
|
2020-09-18 09:36:56 -07:00
|
|
|
advertise_protocol = https
|
2020-08-20 22:39:17 +00:00
|
|
|
|
|
|
|
|
[ssl]
|
2020-09-11 09:07:51 -07:00
|
|
|
cert_file = $INSIDEDIR/agent.crt
|
|
|
|
|
key_file = $INSIDEDIR/agent.key
|
2020-08-20 22:39:17 +00:00
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
if [[ -n $DIB_IPA_CA_FILE ]]; then
|
|
|
|
|
echo "DIB_IPA_CA_FILE set, configuring IPA to validate client certificates"
|
2020-09-09 14:54:48 -07:00
|
|
|
sudo cp $DIB_IPA_CA_FILE $KEYDIR/agent.cacert.pem
|
|
|
|
|
cat <<EOF | sudo tee $CACONFFILE
|
2020-08-20 22:39:17 +00:00
|
|
|
[ssl]
|
2020-09-11 09:07:51 -07:00
|
|
|
ca_file = $INSIDEDIR/agent.cacert.pem
|
2020-08-20 22:39:17 +00:00
|
|
|
EOF
|
2020-09-09 14:54:48 -07:00
|
|
|
fi
|
