summaryrefslogtreecommitdiffstats
path: root/roles/openshift_metrics/files
diff options
context:
space:
mode:
authorJuraci Paixão Kröhling <juraci@kroehling.de>2017-03-15 10:23:20 +0100
committerJuraci Paixão Kröhling <juraci@kroehling.de>2017-03-15 17:35:36 +0100
commit6d7ca91fc4ddd7b40c8b7e9983a9a4b475f72214 (patch)
tree990fa21a31aec17357ee2b6b9e4ff78e2f92508b /roles/openshift_metrics/files
parent15130f01c9c80b67528d4e76b237822921a0a0c9 (diff)
downloadopenshift-6d7ca91fc4ddd7b40c8b7e9983a9a4b475f72214.tar.gz
openshift-6d7ca91fc4ddd7b40c8b7e9983a9a4b475f72214.tar.bz2
openshift-6d7ca91fc4ddd7b40c8b7e9983a9a4b475f72214.tar.xz
openshift-6d7ca91fc4ddd7b40c8b7e9983a9a4b475f72214.zip
Switched Cassandra to use certificates generated by OpenShift
Diffstat (limited to 'roles/openshift_metrics/files')
-rwxr-xr-xroles/openshift_metrics/files/import_jks_certs.sh55
1 files changed, 1 insertions, 54 deletions
diff --git a/roles/openshift_metrics/files/import_jks_certs.sh b/roles/openshift_metrics/files/import_jks_certs.sh
index c8d5bb3d2..b2537f448 100755
--- a/roles/openshift_metrics/files/import_jks_certs.sh
+++ b/roles/openshift_metrics/files/import_jks_certs.sh
@@ -21,11 +21,7 @@ set -ex
function import_certs() {
dir=$CERT_DIR
hawkular_metrics_keystore_password=$(echo $METRICS_KEYSTORE_PASSWD | base64 -d)
- hawkular_cassandra_keystore_password=$(echo $CASSANDRA_KEYSTORE_PASSWD | base64 -d)
hawkular_metrics_truststore_password=$(echo $METRICS_TRUSTSTORE_PASSWD | base64 -d)
- hawkular_cassandra_truststore_password=$(echo $CASSANDRA_TRUSTSTORE_PASSWD | base64 -d)
-
- cassandra_alias=`keytool -noprompt -list -keystore $dir/hawkular-cassandra.truststore -storepass ${hawkular_cassandra_truststore_password} | sed -n '7~2s/,.*$//p'`
hawkular_alias=`keytool -noprompt -list -keystore $dir/hawkular-metrics.truststore -storepass ${hawkular_metrics_truststore_password} | sed -n '7~2s/,.*$//p'`
if [ ! -f $dir/hawkular-metrics.keystore ]; then
@@ -39,56 +35,7 @@ function import_certs() {
-deststorepass $hawkular_metrics_keystore_password
fi
- if [ ! -f $dir/hawkular-cassandra.keystore ]; then
- echo "Creating the Hawkular Cassandra keystore from the PEM file"
- keytool -importkeystore -v \
- -srckeystore $dir/hawkular-cassandra.pkcs12 \
- -destkeystore $dir/hawkular-cassandra.keystore \
- -srcstoretype PKCS12 \
- -deststoretype JKS \
- -srcstorepass $hawkular_cassandra_keystore_password \
- -deststorepass $hawkular_cassandra_keystore_password
- fi
-
- if [[ ! ${cassandra_alias[*]} =~ hawkular-metrics ]]; then
- echo "Importing the Hawkular Certificate into the Cassandra Truststore"
- keytool -noprompt -import -v -trustcacerts -alias hawkular-metrics \
- -file $dir/hawkular-metrics.crt \
- -keystore $dir/hawkular-cassandra.truststore \
- -trustcacerts \
- -storepass $hawkular_cassandra_truststore_password
- fi
-
- if [[ ! ${hawkular_alias[*]} =~ hawkular-cassandra ]]; then
- echo "Importing the Cassandra Certificate into the Hawkular Truststore"
- keytool -noprompt -import -v -trustcacerts -alias hawkular-cassandra \
- -file $dir/hawkular-cassandra.crt \
- -keystore $dir/hawkular-metrics.truststore \
- -trustcacerts \
- -storepass $hawkular_metrics_truststore_password
- fi
-
- if [[ ! ${cassandra_alias[*]} =~ hawkular-cassandra ]]; then
- echo "Importing the Hawkular Cassandra Certificate into the Cassandra Truststore"
- keytool -noprompt -import -v -trustcacerts -alias hawkular-cassandra \
- -file $dir/hawkular-cassandra.crt \
- -keystore $dir/hawkular-cassandra.truststore \
- -trustcacerts \
- -storepass $hawkular_cassandra_truststore_password
- fi
-
- cert_alias_names=(ca metricca cassandraca)
-
- for cert_alias in ${cert_alias_names[*]}; do
- if [[ ! ${cassandra_alias[*]} =~ "$cert_alias" ]]; then
- echo "Importing the CA Certificate with alias $cert_alias into the Cassandra Truststore"
- keytool -noprompt -import -v -trustcacerts -alias $cert_alias \
- -file ${dir}/ca.crt \
- -keystore $dir/hawkular-cassandra.truststore \
- -trustcacerts \
- -storepass $hawkular_cassandra_truststore_password
- fi
- done
+ cert_alias_names=(ca metricca)
for cert_alias in ${cert_alias_names[*]}; do
if [[ ! ${hawkular_alias[*]} =~ "$cert_alias" ]]; then