49 lines
1.8 KiB
Bash
Executable File
49 lines
1.8 KiB
Bash
Executable File
#!/bin/bash
|
|
set -x
|
|
# Currently action is unused, but it will be.
|
|
action=$1
|
|
overcloud_container_name=$2
|
|
|
|
if [[ "$action" == 'request' || "$action" == 'resubmit' ]]; then
|
|
overcloud_fqdn=$3
|
|
|
|
OVERCLOUD_CERT_PATH="/etc/pki/tls/certs/overcloud-${overcloud_container_name}-cert.pem"
|
|
OVERCLOUD_KEY_PATH="/etc/pki/tls/private/overcloud-${overcloud_container_name}-key.pem"
|
|
|
|
# This validates that overcloud_fqdn is actually an FQDN
|
|
if [[ ! $(echo "$overcloud_fqdn" | grep -P '(?=^.{1,254}$)(^(?>(?!\d+\.)[a-zA-Z0-9_\-]{1,63}\.?)+(?:[a-zA-Z]{2,})$)') ]]
|
|
then
|
|
exit 1
|
|
fi
|
|
|
|
# Skip request if the request already exists
|
|
/usr/bin/getcert list -c local -i "overcloud-${overcloud_container_name}-cert" > /dev/null
|
|
request_exists=$?
|
|
if [[ $request_exists != 0 || "$action" == 'resubmit' ]];
|
|
then
|
|
if [[ "$action" == "request" ]]; then
|
|
/usr/bin/getcert request -c local \
|
|
-I "overcloud-${overcloud_container_name}-cert" \
|
|
-f $OVERCLOUD_CERT_PATH \
|
|
-k $OVERCLOUD_KEY_PATH \
|
|
-N "CN=${overcloud_fqdn}" \
|
|
-D "$overcloud_fqdn" \
|
|
-C "/usr/bin/chown mistral:mistral $OVERCLOUD_CERT_PATH $OVERCLOUD_KEY_PATH" \
|
|
-w -v
|
|
else
|
|
/usr/bin/getcert resubmit -c local \
|
|
-i "overcloud-${overcloud_container_name}-cert" \
|
|
-f $OVERCLOUD_CERT_PATH \
|
|
-N "CN=${overcloud_fqdn}" \
|
|
-D "$overcloud_fqdn" \
|
|
-C "/usr/bin/chown mistral:mistral $OVERCLOUD_CERT_PATH $OVERCLOUD_KEY_PATH" \
|
|
-w -v
|
|
fi
|
|
fi
|
|
elif [[ "$action" == 'query' ]]; then
|
|
/usr/bin/getcert list -c local -i "overcloud-${overcloud_container_name}-cert"
|
|
else
|
|
echo "Unkown action $action"
|
|
exit 1
|
|
fi
|