starlingx/utilities
Code Issues Proposed changes

Merge "Fail fast improvement to show-certs"

Browse Source
This commit is contained in:
Zuul 2024-02-02 16:56:56 +00:00 committed by Gerrit Code Review
commit a272f7c247
1 changed files with 21 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
utilities/platform-util/scripts/show-certs.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# #
# Copyright (c) 2021-2023 Wind River Systems, Inc. # Copyright (c) 2021-2024 Wind River Systems, Inc.
# #
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
@ -399,13 +399,26 @@ PrintCertInfo-fromFile "DC-AdminEp-Server" "/etc/ssl/private/admin-ep-cert.pem"
PrintCertInfo-fromFile "openstack" "/etc/ssl/private/openstack/cert.pem" "${RED}Manual${RESET}" PrintCertInfo-fromFile "openstack" "/etc/ssl/private/openstack/cert.pem" "${RED}Manual${RESET}"
PrintCertInfo-fromFile "openstack CA" "/etc/ssl/private/openstack/ca-cert.pem" "${RED}Manual${RESET}" PrintCertInfo-fromFile "openstack CA" "/etc/ssl/private/openstack/ca-cert.pem" "${RED}Manual${RESET}"
# OIDC # works with stable and experimental certs subcommand
PrintCertInfo-for-OIDC-Certificates kubeadm certs -h &> /dev/null
if [ $? -eq 0 ]; then
CERTS_CMD='certs'
else
CERTS_CMD='alpha certs'
fi
# analytics certificates K8S_CERTS_OUTPUT=$(kubeadm $CERTS_CMD check-expiration 2> /dev/null)
PrintCertInfo-fromGenericSecret "Internal Analytics CA Certificate" "monitor" "mon-elastic-services-secrets" "ca.crt" K8S_CERTS_RC=$?
PrintCertInfo-fromGenericSecret "External Analytics CA Certificate" "monitor" "mon-elastic-services-secrets" "ext-ca.crt"
PrintCertInfo-fromGenericSecret "External Kibana Certificate" "monitor" "mon-elastic-services-secrets" "kibana.crt" if [ $K8S_CERTS_RC -eq 0 ]; then
# OIDC
PrintCertInfo-for-OIDC-Certificates
# analytics certificates
PrintCertInfo-fromGenericSecret "Internal Analytics CA Certificate" "monitor" "mon-elastic-services-secrets" "ca.crt"
PrintCertInfo-fromGenericSecret "External Analytics CA Certificate" "monitor" "mon-elastic-services-secrets" "ext-ca.crt"
PrintCertInfo-fromGenericSecret "External Kibana Certificate" "monitor" "mon-elastic-services-secrets" "kibana.crt"
fi
# Kubernetes Certificates # Kubernetes Certificates
echo echo
@ -415,13 +428,7 @@ echo "Note: 'CERTIFICATES' are Renewal: ${GREEN}Automatic${RESET}"
echo "Note: 'CERTIFICATE AUTHORITIES' are Renewal: ${RED}Manual${RESET}" echo "Note: 'CERTIFICATE AUTHORITIES' are Renewal: ${RED}Manual${RESET}"
echo echo
# works with stable and experimenal certs subcommand echo "$K8S_CERTS_OUTPUT"
kubeadm certs -h &> /dev/null
if [ $? -eq 0 ]; then
kubeadm certs check-expiration
else
kubeadm alpha certs check-expiration
fi
# ETCD certificates # ETCD certificates
# ETCD certificates are automatically renewed by kube_root_ca_rotation cron job # ETCD certificates are automatically renewed by kube_root_ca_rotation cron job