This is an automated email from the ASF dual-hosted git repository.
dubeejw pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk.git
The following commit(s) were added to refs/heads/master by this push:
new 5a0b615 Generate keystore without generating certificates (#3447)
5a0b615 is described below
commit 5a0b6155ff3f509e80d801ec7efa100ad42e6c15
Author: Vadim Raskin <[email protected]>
AuthorDate: Fri Mar 16 18:56:50 2018 +0100
Generate keystore without generating certificates (#3447)
---
ansible/files/genssl.sh | 22 ++++++++++++++--------
ansible/setup.yml | 4 ++--
2 files changed, 16 insertions(+), 10 deletions(-)
diff --git a/ansible/files/genssl.sh b/ansible/files/genssl.sh
index a506a7e..fdf9642 100755
--- a/ansible/files/genssl.sh
+++ b/ansible/files/genssl.sh
@@ -12,9 +12,8 @@ CN=$1
TYPE=$2
SCRIPTDIR=$3
export TRUSTSTORE_PASSWORD=${4:-PASSWORD}
-GENKEY=$5
-NAME_PREFIX=$6
-
+NAME_PREFIX=$5
+GENKEY=$6
## generates a (self-signed) certificate
@@ -39,6 +38,14 @@ function gen_cert(){
-days 365
}
+function gen_p12_keystore(){
+ openssl pkcs12 -export -name $CN \
+ -passout pass:$TRUSTSTORE_PASSWORD \
+ -in "$SCRIPTDIR/${NAME_PREFIX}openwhisk-server-cert.pem" \
+ -inkey "$SCRIPTDIR/${NAME_PREFIX}openwhisk-server-key.pem" \
+ -out "$SCRIPTDIR/${NAME_PREFIX}openwhisk-keystore.p12"
+}
+
if [ "$TYPE" == "server_with_JKS_keystore" ]; then
gen_csr
gen_cert
@@ -66,11 +73,10 @@ elif [ "$TYPE" == "server" ]; then
gen_csr
gen_cert
echo generate keystore
- openssl pkcs12 -export -name $CN \
- -passout pass:$TRUSTSTORE_PASSWORD \
- -in "$SCRIPTDIR/${NAME_PREFIX}openwhisk-server-cert.pem" \
- -inkey "$SCRIPTDIR/${NAME_PREFIX}openwhisk-server-key.pem" \
- -out "$SCRIPTDIR/${NAME_PREFIX}openwhisk-keystore.p12"
+ gen_p12_keystore
+elif [ "$TYPE" == "p12_keystore_only" ]; then
+ gen_csr
+ gen_p12_keystore
else
echo generating client ca key
openssl genrsa -aes256 -passout pass:$PASSWORD -out
"$SCRIPTDIR/openwhisk-client-ca-key.pem" 2048
diff --git a/ansible/setup.yml b/ansible/setup.yml
index c9769d0..0ebc3fd 100644
--- a/ansible/setup.yml
+++ b/ansible/setup.yml
@@ -46,7 +46,7 @@
- name: generate kafka certificates
- local_action: shell "{{ playbook_dir }}/files/genssl.sh" "openwhisk-kafka"
"server_with_JKS_keystore" "{{ playbook_dir }}/roles/kafka/files" openwhisk
"generateKey" "kafka-"
+ local_action: shell "{{ playbook_dir }}/files/genssl.sh" "openwhisk-kafka"
"server_with_JKS_keystore" "{{ playbook_dir }}/roles/kafka/files" openwhisk
"kafka-" "generateKey"
when: kafka_protocol_for_setup == 'SSL'
- name: ensure controller files directory exists
@@ -59,4 +59,4 @@
- name: generate controller certificates
when: controllerProtocolForSetup == 'https'
- local_action: shell "{{ playbook_dir }}/files/genssl.sh"
"openwhisk-controllers" "server" "{{ playbook_dir }}/roles/controller/files" {{
controllerKeystorePassword }} "generateKey" {{ controllerKeyPrefix }}
+ local_action: shell "{{ playbook_dir }}/files/genssl.sh"
"openwhisk-controllers" "server" "{{ playbook_dir }}/roles/controller/files" {{
controllerKeystorePassword }} {{ controllerKeyPrefix }} "generateKey"
--
To stop receiving notification emails like this one, please contact
[email protected].
