diff options
author | Juraci Paixão Kröhling <juraci@kroehling.de> | 2017-03-15 10:23:20 +0100 |
---|---|---|
committer | Juraci Paixão Kröhling <juraci@kroehling.de> | 2017-03-15 17:35:36 +0100 |
commit | 6d7ca91fc4ddd7b40c8b7e9983a9a4b475f72214 (patch) | |
tree | 990fa21a31aec17357ee2b6b9e4ff78e2f92508b /roles/openshift_metrics/files | |
parent | 15130f01c9c80b67528d4e76b237822921a0a0c9 (diff) | |
download | openshift-6d7ca91fc4ddd7b40c8b7e9983a9a4b475f72214.tar.gz openshift-6d7ca91fc4ddd7b40c8b7e9983a9a4b475f72214.tar.bz2 openshift-6d7ca91fc4ddd7b40c8b7e9983a9a4b475f72214.tar.xz openshift-6d7ca91fc4ddd7b40c8b7e9983a9a4b475f72214.zip |
Switched Cassandra to use certificates generated by OpenShift
Diffstat (limited to 'roles/openshift_metrics/files')
-rwxr-xr-x | roles/openshift_metrics/files/import_jks_certs.sh | 55 |
1 files changed, 1 insertions, 54 deletions
diff --git a/roles/openshift_metrics/files/import_jks_certs.sh b/roles/openshift_metrics/files/import_jks_certs.sh index c8d5bb3d2..b2537f448 100755 --- a/roles/openshift_metrics/files/import_jks_certs.sh +++ b/roles/openshift_metrics/files/import_jks_certs.sh @@ -21,11 +21,7 @@ set -ex function import_certs() { dir=$CERT_DIR hawkular_metrics_keystore_password=$(echo $METRICS_KEYSTORE_PASSWD | base64 -d) - hawkular_cassandra_keystore_password=$(echo $CASSANDRA_KEYSTORE_PASSWD | base64 -d) hawkular_metrics_truststore_password=$(echo $METRICS_TRUSTSTORE_PASSWD | base64 -d) - hawkular_cassandra_truststore_password=$(echo $CASSANDRA_TRUSTSTORE_PASSWD | base64 -d) - - cassandra_alias=`keytool -noprompt -list -keystore $dir/hawkular-cassandra.truststore -storepass ${hawkular_cassandra_truststore_password} | sed -n '7~2s/,.*$//p'` hawkular_alias=`keytool -noprompt -list -keystore $dir/hawkular-metrics.truststore -storepass ${hawkular_metrics_truststore_password} | sed -n '7~2s/,.*$//p'` if [ ! -f $dir/hawkular-metrics.keystore ]; then @@ -39,56 +35,7 @@ function import_certs() { -deststorepass $hawkular_metrics_keystore_password fi - if [ ! -f $dir/hawkular-cassandra.keystore ]; then - echo "Creating the Hawkular Cassandra keystore from the PEM file" - keytool -importkeystore -v \ - -srckeystore $dir/hawkular-cassandra.pkcs12 \ - -destkeystore $dir/hawkular-cassandra.keystore \ - -srcstoretype PKCS12 \ - -deststoretype JKS \ - -srcstorepass $hawkular_cassandra_keystore_password \ - -deststorepass $hawkular_cassandra_keystore_password - fi - - if [[ ! ${cassandra_alias[*]} =~ hawkular-metrics ]]; then - echo "Importing the Hawkular Certificate into the Cassandra Truststore" - keytool -noprompt -import -v -trustcacerts -alias hawkular-metrics \ - -file $dir/hawkular-metrics.crt \ - -keystore $dir/hawkular-cassandra.truststore \ - -trustcacerts \ - -storepass $hawkular_cassandra_truststore_password - fi - - if [[ ! ${hawkular_alias[*]} =~ hawkular-cassandra ]]; then - echo "Importing the Cassandra Certificate into the Hawkular Truststore" - keytool -noprompt -import -v -trustcacerts -alias hawkular-cassandra \ - -file $dir/hawkular-cassandra.crt \ - -keystore $dir/hawkular-metrics.truststore \ - -trustcacerts \ - -storepass $hawkular_metrics_truststore_password - fi - - if [[ ! ${cassandra_alias[*]} =~ hawkular-cassandra ]]; then - echo "Importing the Hawkular Cassandra Certificate into the Cassandra Truststore" - keytool -noprompt -import -v -trustcacerts -alias hawkular-cassandra \ - -file $dir/hawkular-cassandra.crt \ - -keystore $dir/hawkular-cassandra.truststore \ - -trustcacerts \ - -storepass $hawkular_cassandra_truststore_password - fi - - cert_alias_names=(ca metricca cassandraca) - - for cert_alias in ${cert_alias_names[*]}; do - if [[ ! ${cassandra_alias[*]} =~ "$cert_alias" ]]; then - echo "Importing the CA Certificate with alias $cert_alias into the Cassandra Truststore" - keytool -noprompt -import -v -trustcacerts -alias $cert_alias \ - -file ${dir}/ca.crt \ - -keystore $dir/hawkular-cassandra.truststore \ - -trustcacerts \ - -storepass $hawkular_cassandra_truststore_password - fi - done + cert_alias_names=(ca metricca) for cert_alias in ${cert_alias_names[*]}; do if [[ ! ${hawkular_alias[*]} =~ "$cert_alias" ]]; then |