Merge "Disable cert checks while talking to endpoints"

2016-10-07 20:34:06 +00:00 · 2016-10-07 20:34:06 +00:00 · 7c8da9338f
parent e858b7b7dd 4c0850731d
commit 7c8da9338f
8 changed files with 16 additions and 16 deletions
--- a/magnum/drivers/common/templates/kubernetes/fragments/make-cert-client.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/make-cert-client.sh
@ -64,11 +64,11 @@ EOF
 AUTH_URL=${AUTH_URL/v2.0/v3}
 content_type='Content-Type: application/json'
 url="$AUTH_URL/auth/tokens"
-USER_TOKEN=`curl -s -i -X POST -H "$content_type" -d "$auth_json" $url \
+USER_TOKEN=`curl -k -s -i -X POST -H "$content_type" -d "$auth_json" $url \
    | grep X-Subject-Token | awk '{print $2}' | tr -d '[[:space:]]'`

 # Get CA certificate for this cluster
-curl -X GET \
+curl -k -X GET \
  -H "X-Auth-Token: $USER_TOKEN" \
  $MAGNUM_URL/certificates/$CLUSTER_UUID | python -c 'import sys, json; print json.load(sys.stdin)["pem"]' > $CA_CERT

@ -101,7 +101,7 @@ openssl req -new -days 1000 \

 # Send csr to Magnum to have it signed
 csr_req=$(python -c "import json; fp = open('${CLIENT_CSR}'); print json.dumps({'cluster_uuid': '$CLUSTER_UUID', 'csr': fp.read()}); fp.close()")
-curl -X POST \
+curl -k -X POST \
    -H "X-Auth-Token: $USER_TOKEN" \
    -H "Content-Type: application/json" \
    -d "$csr_req" \
--- a/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
@ -86,11 +86,11 @@ EOF
 AUTH_URL=${AUTH_URL/v2.0/v3}
 content_type='Content-Type: application/json'
 url="$AUTH_URL/auth/tokens"
-USER_TOKEN=`curl -s -i -X POST -H "$content_type" -d "$auth_json" $url \
+USER_TOKEN=`curl -k -s -i -X POST -H "$content_type" -d "$auth_json" $url \
    | grep X-Subject-Token | awk '{print $2}' | tr -d '[[:space:]]'`

 # Get CA certificate for this cluster
-curl -X GET \
+curl -k -X GET \
  -H "X-Auth-Token: $USER_TOKEN" \
  $MAGNUM_URL/certificates/$CLUSTER_UUID | python -c 'import sys, json; print json.load(sys.stdin)["pem"]' > ${CA_CERT}

@ -118,7 +118,7 @@ openssl req -new -days 1000 \

 # Send csr to Magnum to have it signed
 csr_req=$(python -c "import json; fp = open('${SERVER_CSR}'); print json.dumps({'cluster_uuid': '$CLUSTER_UUID', 'csr': fp.read()}); fp.close()")
-curl -X POST \
+curl -k -X POST \
    -H "X-Auth-Token: $USER_TOKEN" \
    -H "Content-Type: application/json" \
    -d "$csr_req" \
--- a/magnum/drivers/common/templates/swarm/fragments/cfn-signal.sh
+++ b/magnum/drivers/common/templates/swarm/fragments/cfn-signal.sh
@ -10,6 +10,6 @@ DATA="OK"

 data=$(echo '{"Status": "'${STATUS}'", "Reason": "'$REASON'", "Data": "'${DATA}'", "UniqueId": "00000"}')

-curl -i -X POST -H "Content-Type: application/json" -H "X-Auth-Token: $WAIT_HANDLE_TOKEN" \
+curl -k -i -X POST -H "Content-Type: application/json" -H "X-Auth-Token: $WAIT_HANDLE_TOKEN" \
    --data-binary "'$data'" \
    "$WAIT_HANDLE_ENDPOINT"
--- a/magnum/drivers/common/templates/swarm/fragments/write-cluster-failure-service.yaml
+++ b/magnum/drivers/common/templates/swarm/fragments/write-cluster-failure-service.yaml
@ -11,6 +11,6 @@ write_files:
      [Service]
      Type=simple
      TimeoutStartSec=0
-      ExecStart=/usr/bin/curl -i -X POST -H 'Content-Type: application/json' -H 'X-Auth-Token: $WAIT_HANDLE_TOKEN' \
+      ExecStart=/usr/bin/curl -k -i -X POST -H 'Content-Type: application/json' -H 'X-Auth-Token: $WAIT_HANDLE_TOKEN' \
        --data-binary "'"'{"Status": "FAILURE", "Reason": "$SERVICE service failed to start.", "Data": "OK", "UniqueId": "00000"}'"'" \
        "$WAIT_HANDLE_ENDPOINT"
--- a/magnum/drivers/common/templates/swarm/fragments/write-swarm-agent-service.sh
+++ b/magnum/drivers/common/templates/swarm/fragments/write-swarm-agent-service.sh
@ -50,7 +50,7 @@ do
    sleep 5
 done

-curl -i -X POST -H 'Content-Type: application/json' -H 'X-Auth-Token: $WAIT_HANDLE_TOKEN' \
+curl -k -i -X POST -H 'Content-Type: application/json' -H 'X-Auth-Token: $WAIT_HANDLE_TOKEN' \
    --data-binary "'"'{"Status": "SUCCESS", "Reason": "Swarm agent ready", "Data": "OK", "UniqueId": "00000"}'"'" \
    "$WAIT_HANDLE_ENDPOINT"
 EOF
--- a/magnum/drivers/common/templates/swarm/fragments/write-swarm-master-service.sh
+++ b/magnum/drivers/common/templates/swarm/fragments/write-swarm-master-service.sh
@ -38,7 +38,7 @@ fi
 cat >> /etc/systemd/system/swarm-manager.service << END_SERVICE_BOTTOM
                                  etcd://$ETCD_SERVER_IP:2379/v2/keys/swarm/
 ExecStop=/usr/bin/docker stop swarm-manager
-ExecStartPost=/usr/bin/curl -i -X POST -H 'Content-Type: application/json' -H 'X-Auth-Token: $WAIT_HANDLE_TOKEN' \\
+ExecStartPost=/usr/bin/curl -k -i -X POST -H 'Content-Type: application/json' -H 'X-Auth-Token: $WAIT_HANDLE_TOKEN' \\
  --data-binary "'"'{"Status": "SUCCESS", "Reason": "Setup complete", "Data": "OK", "UniqueId": "00000"}'"'" \\
  "$WAIT_HANDLE_ENDPOINT"

--- a/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert-client.yaml
+++ b/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert-client.yaml
@ -78,12 +78,12 @@ write_files:

      #trust is introduced in Keystone v3 version
      AUTH_URL=${AUTH_URL/v2.0/v3}
-      USER_TOKEN=`curl -s -i -X POST -H "Content-Type: application/json" -d @auth.json \
+      USER_TOKEN=`curl -k -s -i -X POST -H "Content-Type: application/json" -d @auth.json \
                       $AUTH_URL/auth/tokens | grep X-Subject-Token | awk '{print $2}'`

      rm -rf auth.json

-      ca_cert_json=$(curl -X GET \
+      ca_cert_json=$(curl -k -X GET \
        -H "X-Auth-Token: $USER_TOKEN" \
        $MAGNUM_URL/certificates/$CLUSTER_UUID)
      parse_json_response "${ca_cert_json}" > ${CA_CERT}
@ -119,7 +119,7 @@ write_files:
      csr=$(cat $CLIENT_CSR | sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/\\n/g')
      csr_req="{\"cluster_uuid\": \"$CLUSTER_UUID\", \"csr\": \"$csr\"}"
      # Send csr to Magnum to have it signed
-      client_cert_json=$(curl -X POST \
+      client_cert_json=$(curl -k -X POST \
          -H "X-Auth-Token: $USER_TOKEN" \
          -H "Content-Type: application/json" \
          -d "$csr_req" \
--- a/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert.yaml
+++ b/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert.yaml
@ -101,13 +101,13 @@ write_files:

      #trust is introduced in Keystone v3 version
      AUTH_URL=${AUTH_URL/v2.0/v3}
-      USER_TOKEN=`curl -s -i -X POST -H "Content-Type: application/json" -d @auth.json \
+      USER_TOKEN=`curl -k -s -i -X POST -H "Content-Type: application/json" -d @auth.json \
                       $AUTH_URL/auth/tokens | grep X-Subject-Token | awk '{print $2}'`

      rm -rf auth.json

      # Get CA certificate for this cluster
-      ca_cert_json=$(curl -X GET \
+      ca_cert_json=$(curl -k -X GET \
        -H "X-Auth-Token: $USER_TOKEN" \
        $MAGNUM_URL/certificates/$CLUSTER_UUID)
      parse_json_response "${ca_cert_json}" > ${CA_CERT}
@ -138,7 +138,7 @@ write_files:
      csr=$(cat $SERVER_CSR | sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/\\n/g')
      csr_req="{\"cluster_uuid\": \"$CLUSTER_UUID\", \"csr\": \"$csr\"}"
      # Send csr to Magnum to have it signed
-      server_cert_json=$(curl -X POST \
+      server_cert_json=$(curl -k -X POST \
          -H "X-Auth-Token: $USER_TOKEN" \
          -H "Content-Type: application/json" \
          -d "$csr_req" \