This is an automated email from the ASF dual-hosted git repository.
omartushevskyi pushed a commit to branch DLAB-1158
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
The following commit(s) were added to refs/heads/DLAB-1158 by this push:
new 701bc8e added step-ca
701bc8e is described below
commit 701bc8e3eeadd31ef2d90deced3a04ccf1a9c953
Author: Oleh Martushevskyi <[email protected]>
AuthorDate: Thu Dec 5 12:11:31 2019 +0200
added step-ca
---
.../terraform/bin/deploy/endpoint_fab.py | 73 ++++++++++------------
.../terraform/gcp/endpoint/main/buckets.tf | 35 +++++++++++
.../terraform/gcp/endpoint/main/instance.tf | 8 ---
.../terraform/gcp/endpoint/main/variables.tf | 8 +--
4 files changed, 73 insertions(+), 51 deletions(-)
diff --git a/infrastructure-provisioning/terraform/bin/deploy/endpoint_fab.py
b/infrastructure-provisioning/terraform/bin/deploy/endpoint_fab.py
index 3dc30e5..53596e7 100644
--- a/infrastructure-provisioning/terraform/bin/deploy/endpoint_fab.py
+++ b/infrastructure-provisioning/terraform/bin/deploy/endpoint_fab.py
@@ -111,12 +111,26 @@ def ensure_step_certs():
conn.sudo('step ca bootstrap --fingerprint {0} --ca-url
"{1}"'.format(fingerprint,
args.step_ca_url))
conn.sudo('echo "{0}" >
/home/{1}/keys/provisioner_password'.format(args.step_kid_password,
args.os_user))
- local_ip_address = conn.sudo('curl -s '
-
'http://169.254.169.254/latest/meta-data/local-ipv4').stdout.replace('\n', '')
- try:
- public_ip_address = conn.sudo('curl -s
http://169.254.169.254/latest/meta-data/'
-
'public-ipv4').stdout.replace('\n', '')
- except:
+ if args.cloud_provider == 'aws':
+ local_ip_address = conn.sudo('curl -s '
+
'http://169.254.169.254/latest/meta-data/local-ipv4').stdout.replace('\n', '')
+ try:
+ public_ip_address = conn.sudo('curl -s
http://169.254.169.254/latest/meta-data/'
+
'public-ipv4').stdout.replace('\n', '')
+ except:
+ public_ip_address = None
+ elif args.cloud_provider == 'gcp':
+ local_ip_address = conn.sudo('curl -H "Metadata-Flavor:
Google" '
+
'http://metadata/computeMetadata/v1/instance/network-interfaces/0/'
+
'access-configs/0/external-ip').stdout.replace('\n', '')
+ try:
+ public_ip_address = conn.sudo('curl -H "Metadata-Flavor:
Google" '
+
'http://metadata/computeMetadata/v1/instance/network-interfaces/0/ip'
+
'access-configs/0/external-ip').stdout.replace('\n', '')
+ except:
+ public_ip_address = None
+ else:
+ local_ip_address = None
public_ip_address = None
sans = "--san localhost --san {0} --san 127.0.0.1
".format(local_ip_address)
cn = local_ip_address
@@ -221,39 +235,20 @@ def create_key_dir_endpoint():
def configure_keystore_endpoint(os_user, endpoint_keystore_password):
try:
- if args.cloud_provider == "aws":
- conn.sudo('openssl pkcs12 -export -in /home/{0}/keys/endpoint.crt
-inkey '
- '/home/{0}/keys/endpoint.key -name endpoint -out
/home/{0}/keys/endpoint.p12 '
- '-password pass:{1}'.format(args.os_user,
endpoint_keystore_password))
- conn.sudo('keytool -importkeystore -srckeystore
/home/{0}/keys/endpoint.p12 -srcstoretype PKCS12 '
- '-alias endpoint -destkeystore
/home/{0}/keys/endpoint.keystore.jks -deststorepass "{1}" '
- '-srcstorepass "{1}"'.format(args.os_user,
endpoint_keystore_password))
- conn.sudo('keytool -keystore /home/{0}/keys/endpoint.keystore.jks
-alias CARoot -import -file '
- '/home/{0}/keys/root_ca.crt -deststorepass "{1}"
-noprompt'.format(
- args.os_user, endpoint_keystore_password))
- conn.sudo('keytool -importcert -trustcacerts -alias endpoint -file
/home/{0}/keys/endpoint.crt -noprompt '
- '-storepass changeit -keystore
{1}/lib/security/cacerts'.format(os_user, java_home))
- conn.sudo('keytool -importcert -trustcacerts -file
/home/{0}/keys/root_ca.crt -noprompt '
- '-storepass changeit -keystore
{1}/lib/security/cacerts'.format(os_user, java_home))
- conn.sudo('touch
/home/{0}/.ensure_dir/cert_imported'.format(args.os_user))
- elif args.cloud_provider == "gcp":
- if not exists(conn, '/home/' + args.os_user +
'/keys/endpoint.keystore.jks'):
- conn.sudo('gsutil -m cp -r
gs://{0}/dlab/certs/endpoint/endpoint.keystore.jks '
- '/home/{1}/keys/'
- .format(args.ssn_bucket_name, args.os_user))
- if not exists(conn, '/home/' + args.os_user + '/keys/dlab.crt'):
- conn.sudo('gsutil -m cp -r
gs://{0}/dlab/certs/endpoint/endpoint.crt'
- ' /home/{1}/keys/'.format(args.ssn_bucket_name,
args.os_user))
- if not exists(conn, '/home/' + args.os_user + '/keys/ssn.crt'):
- conn.sudo('gsutil -m cp -r '
- 'gs://{0}/dlab/certs/ssn/ssn.crt /home/{1}/keys/'
- .format(args.ssn_bucket_name, args.os_user))
- if not exists(conn, '/home/' + args.os_user +
'/.ensure_dir/cert_imported'):
- conn.sudo('keytool -importcert -trustcacerts -alias dlab -file
/home/{0}/keys/endpoint.crt -noprompt \
- -storepass changeit -keystore
{1}/lib/security/cacerts'.format(os_user, java_home))
- conn.sudo('keytool -importcert -trustcacerts -file
/home/{0}/keys/ssn.crt -noprompt \
- -storepass changeit -keystore
{1}/lib/security/cacerts'.format(os_user, java_home))
- conn.sudo('touch /home/' + args.os_user +
'/.ensure_dir/cert_imported')
+ conn.sudo('openssl pkcs12 -export -in /home/{0}/keys/endpoint.crt
-inkey '
+ '/home/{0}/keys/endpoint.key -name endpoint -out
/home/{0}/keys/endpoint.p12 '
+ '-password pass:{1}'.format(args.os_user,
endpoint_keystore_password))
+ conn.sudo('keytool -importkeystore -srckeystore
/home/{0}/keys/endpoint.p12 -srcstoretype PKCS12 '
+ '-alias endpoint -destkeystore
/home/{0}/keys/endpoint.keystore.jks -deststorepass "{1}" '
+ '-srcstorepass "{1}"'.format(args.os_user,
endpoint_keystore_password))
+ conn.sudo('keytool -keystore /home/{0}/keys/endpoint.keystore.jks
-alias CARoot -import -file '
+ '/home/{0}/keys/root_ca.crt -deststorepass "{1}"
-noprompt'.format(
+ args.os_user, endpoint_keystore_password))
+ conn.sudo('keytool -importcert -trustcacerts -alias endpoint -file
/home/{0}/keys/endpoint.crt -noprompt '
+ '-storepass changeit -keystore
{1}/lib/security/cacerts'.format(os_user, java_home))
+ conn.sudo('keytool -importcert -trustcacerts -file
/home/{0}/keys/root_ca.crt -noprompt '
+ '-storepass changeit -keystore
{1}/lib/security/cacerts'.format(os_user, java_home))
+ conn.sudo('touch
/home/{0}/.ensure_dir/cert_imported'.format(args.os_user))
print("Certificates are imported.")
except Exception as err:
print('Failed to configure Keystore certificates: ', str(err))
diff --git a/infrastructure-provisioning/terraform/gcp/endpoint/main/buckets.tf
b/infrastructure-provisioning/terraform/gcp/endpoint/main/buckets.tf
new file mode 100644
index 0000000..d864abe
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/endpoint/main/buckets.tf
@@ -0,0 +1,35 @@
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+#
******************************************************************************
+
+locals {
+ shared_bucket_name =
"${var.service_base_name}-${var.endpoint_id}-shared-bucket"
+ additional_tag = split(":", var.additional_tag)
+}
+
+resource "google_storage_bucket" "ssn_bucket" {
+ name = local.shared_bucket_name
+ force_destroy = true
+ labels = {
+ name = local.shared_bucket_name
+ "${local.additional_tag[0]}" = local.additional_tag[1]
+ "${var.service_base_name}-tag" = local.shared_bucket_name
+ }
+}
\ No newline at end of file
diff --git
a/infrastructure-provisioning/terraform/gcp/endpoint/main/instance.tf
b/infrastructure-provisioning/terraform/gcp/endpoint/main/instance.tf
index 56e6b12..343998a 100644
--- a/infrastructure-provisioning/terraform/gcp/endpoint/main/instance.tf
+++ b/infrastructure-provisioning/terraform/gcp/endpoint/main/instance.tf
@@ -63,12 +63,4 @@ resource "google_compute_instance" "endpoint" {
resource "google_compute_address" "static" {
name = local.endpoint_instance_ip
- count = var.static_ip == "" ? 1 : 0
-}
-
-resource "google_storage_bucket" "image-store" {
- name = "${var.service_base_name}-${var.endpoint_id}-shared-bucket"
- location = var.bucket_region
- force_destroy = true
- project = var.project_id
}
diff --git
a/infrastructure-provisioning/terraform/gcp/endpoint/main/variables.tf
b/infrastructure-provisioning/terraform/gcp/endpoint/main/variables.tf
index b4bfc54..eaaf702 100644
--- a/infrastructure-provisioning/terraform/gcp/endpoint/main/variables.tf
+++ b/infrastructure-provisioning/terraform/gcp/endpoint/main/variables.tf
@@ -140,10 +140,10 @@ variable "product" {
default = "dlab"
}
-variable "static_ip" {
- default = ""
-}
-
variable "bucket_region" {
default = "US" # Allowed US, EU, ASIA
}
+
+variable "additional_tag" {
+ default = "product:dlab"
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
