summaryrefslogtreecommitdiffstats
path: root/roles/openshift_metrics/files
diff options
context:
space:
mode:
authorJeff Cantrill <jcantrill@users.noreply.github.com>2017-01-17 11:42:23 -0500
committerJeff Cantrill <jcantril@redhat.com>2017-01-17 13:49:11 -0500
commit65eb7e43faf38698b22b90ad3c743d1fecdc0961 (patch)
treebb690323269d929c9582756b4a77c8189217dcf4 /roles/openshift_metrics/files
parente96de3d7eb0b0ce6a8df96d4e3afa02f0859b94b (diff)
downloadopenshift-65eb7e43faf38698b22b90ad3c743d1fecdc0961.tar.gz
openshift-65eb7e43faf38698b22b90ad3c743d1fecdc0961.tar.bz2
openshift-65eb7e43faf38698b22b90ad3c743d1fecdc0961.tar.xz
openshift-65eb7e43faf38698b22b90ad3c743d1fecdc0961.zip
use pod to generate keystores (#14)
Diffstat (limited to 'roles/openshift_metrics/files')
-rwxr-xr-xroles/openshift_metrics/files/import_jks_certs.sh118
1 files changed, 118 insertions, 0 deletions
diff --git a/roles/openshift_metrics/files/import_jks_certs.sh b/roles/openshift_metrics/files/import_jks_certs.sh
new file mode 100755
index 000000000..bb046df87
--- /dev/null
+++ b/roles/openshift_metrics/files/import_jks_certs.sh
@@ -0,0 +1,118 @@
+#!/bin/bash
+#
+# Copyright 2014-2015 Red Hat, Inc. and/or its affiliates
+# and other contributors as indicated by the @author tags.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+set -ex
+
+function import_certs() {
+ dir=$CERT_DIR
+ hawkular_metrics_keystore_password=$(echo $METRICS_KEYSTORE_PASSWD | base64 -d)
+ hawkular_cassandra_keystore_password=$(echo $CASSANDRA_KEYSTORE_PASSWD | base64 -d)
+ hawkular_metrics_truststore_password=$(echo $METRICS_TRUSTSTORE_PASSWD | base64 -d)
+ hawkular_cassandra_truststore_password=$(echo $CASSANDRA_TRUSTSTORE_PASSWD | base64 -d)
+ hawkular_jgroups_password=$(echo $JGROUPS_PASSWD | base64 -d)
+
+ cassandra_alias=`keytool -noprompt -list -keystore $dir/hawkular-cassandra.truststore -storepass ${hawkular_cassandra_truststore_password} | sed -n '7~2s/,.*$//p'`
+ hawkular_alias=`keytool -noprompt -list -keystore $dir/hawkular-metrics.truststore -storepass ${hawkular_metrics_truststore_password} | sed -n '7~2s/,.*$//p'`
+
+ if [ ! -f $dir/hawkular-metrics.keystore ]; then
+ echo "Creating the Hawkular Metrics keystore from the PEM file"
+ keytool -importkeystore -v \
+ -srckeystore $dir/hawkular-metrics.pkcs12 \
+ -destkeystore $dir/hawkular-metrics.keystore \
+ -srcstoretype PKCS12 \
+ -deststoretype JKS \
+ -srcstorepass $hawkular_metrics_keystore_password \
+ -deststorepass $hawkular_metrics_keystore_password
+ fi
+
+ if [ ! -f $dir/hawkular-cassandra.keystore ]; then
+ echo "Creating the Hawkular Cassandra keystore from the PEM file"
+ keytool -importkeystore -v \
+ -srckeystore $dir/hawkular-cassandra.pkcs12 \
+ -destkeystore $dir/hawkular-cassandra.keystore \
+ -srcstoretype PKCS12 \
+ -deststoretype JKS \
+ -srcstorepass $hawkular_cassandra_keystore_password \
+ -deststorepass $hawkular_cassandra_keystore_password
+ fi
+
+ if [[ ! ${cassandra_alias[*]} =~ hawkular-metrics ]]; then
+ echo "Importing the Hawkular Certificate into the Cassandra Truststore"
+ keytool -noprompt -import -v -trustcacerts -alias hawkular-metrics \
+ -file $dir/hawkular-metrics.crt \
+ -keystore $dir/hawkular-cassandra.truststore \
+ -trustcacerts \
+ -storepass $hawkular_cassandra_truststore_password
+ fi
+
+ if [[ ! ${hawkular_alias[*]} =~ hawkular-cassandra ]]; then
+ echo "Importing the Cassandra Certificate into the Hawkular Truststore"
+ keytool -noprompt -import -v -trustcacerts -alias hawkular-cassandra \
+ -file $dir/hawkular-cassandra.crt \
+ -keystore $dir/hawkular-metrics.truststore \
+ -trustcacerts \
+ -storepass $hawkular_metrics_truststore_password
+ fi
+
+ if [[ ! ${cassandra_alias[*]} =~ hawkular-cassandra ]]; then
+ echo "Importing the Hawkular Cassandra Certificate into the Cassandra Truststore"
+ keytool -noprompt -import -v -trustcacerts -alias hawkular-cassandra \
+ -file $dir/hawkular-cassandra.crt \
+ -keystore $dir/hawkular-cassandra.truststore \
+ -trustcacerts \
+ -storepass $hawkular_cassandra_truststore_password
+ fi
+
+ cert_alias_names=(ca metricca cassandraca)
+
+ for cert_alias in ${cert_alias_names[*]}; do
+ if [[ ! ${cassandra_alias[*]} =~ "$cert_alias" ]]; then
+ echo "Importing the CA Certificate with alias $cert_alias into the Cassandra Truststore"
+ keytool -noprompt -import -v -trustcacerts -alias $cert_alias \
+ -file ${dir}/ca.crt \
+ -keystore $dir/hawkular-cassandra.truststore \
+ -trustcacerts \
+ -storepass $hawkular_cassandra_truststore_password
+ fi
+ done
+
+ for cert_alias in ${cert_alias_names[*]}; do
+ if [[ ! ${hawkular_alias[*]} =~ "$cert_alias" ]]; then
+ echo "Importing the CA Certificate with alias $cert_alias into the Hawkular Metrics Truststore"
+ keytool -noprompt -import -v -trustcacerts -alias $cert_alias \
+ -file ${dir}/ca.crt \
+ -keystore $dir/hawkular-metrics.truststore \
+ -trustcacerts \
+ -storepass $hawkular_metrics_truststore_password
+ fi
+ done
+
+ if [ ! -f $dir/hawkular-jgroups.keystore ]; then
+ echo "Generating the jgroups keystore"
+ keytool -genseckey -alias hawkular -keypass ${hawkular_jgroups_password} \
+ -storepass ${hawkular_jgroups_password} \
+ -keyalg Blowfish \
+ -keysize 56 \
+ -keystore $dir/hawkular-jgroups.keystore \
+ -storetype JCEKS
+ fi
+}
+
+import_certs
+
+exit 0