Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
smoketest_new_certs
#!/bin/bash
killall -9 java
set -e
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cd $DIR
ES_VERSION=6.2.2
SG_VERSION=21.0
rm -rf elasticsearch-$ES_VERSION
if ! [ -f elasticsearch-$ES_VERSION.tar.gz ];then
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-$ES_VERSION.tar.gz
fi
tar -xzf elasticsearch-$ES_VERSION.tar.gz
elasticsearch-$ES_VERSION/bin/elasticsearch-plugin install -b "com.floragunn:search-guard-6:$ES_VERSION-$SG_VERSION"
RET=$?
if [ $RET -eq 0 ]; then
echo Installation ok
else
echo Installation failed
exit -1
fi
chmod +x elasticsearch-$ES_VERSION/plugins/search-guard-6/tools/install_demo_configuration.sh
./elasticsearch-$ES_VERSION/plugins/search-guard-6/tools/install_demo_configuration.sh -y -i
elasticsearch-$ES_VERSION/bin/elasticsearch &
while ! nc -z 127.0.0.1 9200; do
sleep 0.1 # wait for 1/10 of the second before check again
done
sleep 5
set +e #here we expect a expired certificate
./sgadmin_demo.sh
curl -vv --cacert elasticsearch-$ES_VERSION/config/root-ca.pem -XGET -u admin:admin 'https://127.0.0.1:9200/_searchguard/authinfo' -H'Content-Type: application/json'
set -e
killall java
cd ./elasticsearch-$ES_VERSION/config/
for filename in *.pem; do
shasum -a 256 $filename
if ! [[ $filename = *"key"* ]]; then
cat $filename | openssl x509 -noout -dates
fi
done
rm -rf certificates.zip
wget https://downloads.search-guard.com/resources/certificates/certificates.zip
unzip -o certificates.zip
for filename in *.pem; do
shasum -a 256 $filename
if ! [[ $filename = *"key"* ]]; then
cat $filename | openssl x509 -noout -dates
fi
done
cd -
elasticsearch-$ES_VERSION/bin/elasticsearch &
while ! nc -z 127.0.0.1 9200; do
sleep 0.1 # wait for 1/10 of the second before check again
done
sleep 5
./sgadmin_demo.sh
RES="$(curl -Ss --cacert elasticsearch-$ES_VERSION/config/root-ca.pem -XGET -u admin:admin 'https://127.0.0.1:9200/_searchguard/authinfo' -H'Content-Type: application/json' | grep roles)"
if [ -z "$RES" ]; then
echo "failed"
exit -1
else
echo "$RES"
echo ok
fi
killall java
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.