Last active
December 19, 2015 11:14
-
-
Save kevinmeziere/987ef39a59117bb389ca to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
AWK=/usr/bin/awk | |
SED=/usr/bin/sed | |
CERTDIR="/var/db/fifo" | |
CERTPREFIX="fifo" | |
DAYS=1825 # 5 years | |
CERTSUBJECT=" | |
C=AU | |
ST=Victoria | |
O=Company | |
localityName=Melbourne | |
commonName=my.fifo-docker | |
organizationalUnitName=None | |
emailAddress=admin@my.fifo-docker | |
subjectAltName=${IP} | |
" | |
SNARLCONF="/opt/local/fifo-snarl/etc/snarl.conf" | |
KENNELCONF="/opt/local/fifo-kennel/etc/kennel.conf" | |
HOWLCONF="/opt/local/fifo-howl/etc/howl.conf" | |
fail_if_error() { | |
[ $1 != 0 ] && { | |
echo "Error prior to line $2" | |
exit 10 | |
} | |
} | |
# before doing anything backup the current cert dir | |
mkdir -p $CERTDIR/backups | |
find $CERTDIR -maxdepth 1 -type f -exec basename {} \; | \ | |
xargs -n1 -I{} cp $CERTDIR/{} $CERTDIR/backups/{}.$(date +"%d%m%y-%H%M") | |
if ifconfig net1 > /dev/null 2>&1 | |
then | |
IP=`ifconfig net1 | grep inet | $AWK '{print $2}'` | |
else | |
IP=`ifconfig net0 | grep inet | $AWK '{print $2}'` | |
fi | |
# Generate CA key pair | |
openssl genrsa -out $CERTDIR/$CERTPREFIX-ca.key 2048 >/dev/null 2>&1 | |
fail_if_error $? $LINENO | |
openssl req -new -x509 -nodes -batch -subj "$(echo -n "$CERTSUBJECT" | tr "\n" "/")" \ | |
-key $CERTDIR/$CERTPREFIX-ca.key -out $CERTDIR/$CERTPREFIX-ca.pem >/dev/null 2>&1 | |
fail_if_error $? $LINENO | |
# Create client key pair for howl/kennel | |
openssl genrsa -out $CERTDIR/$CERTPREFIX.key 2048 >/dev/null 2>&1 | |
fail_if_error $? $LINENO | |
openssl req -new -batch -subj "$(echo -n "$CERTSUBJECT" | tr "\n" "/")" \ | |
-key $CERTDIR/$CERTPREFIX.key -out $CERTDIR/$CERTPREFIX.csr -nodes >/dev/null 2>&1 | |
fail_if_error $? $LINENO | |
openssl x509 -extfile <(printf "subjectAltName = IP:${IP}") \ | |
-req -in $CERTDIR/$CERTPREFIX.csr -CA $CERTDIR/$CERTPREFIX-ca.pem \ | |
-CAkey $CERTDIR/$CERTPREFIX-ca.key -CAcreateserial \ | |
-out $CERTDIR/$CERTPREFIX.crt -days $DAYS >/dev/null 2>&1 | |
fail_if_error $? $LINENO | |
cat $CERTDIR/$CERTPREFIX.key $CERTDIR/$CERTPREFIX.crt > $CERTDIR/$CERTPREFIX.pem | |
# Config Snarl | |
$SED -i "" "s,^\(ssl\.ca_cert\s*=\s*\).*$,\1${CERTDIR}/${CERTPREFIX}-ca.pem," $SNARLCONF | |
$SED -i "" 's,^\(ssl\.ca_key\s*=\s*\).*$,\1'$CERTDIR'/'$CERTPREFIX'-ca.key,' $SNARLCONF | |
# Config Kennel | |
$SED -i "" 's,^\(ssl\.cacertfile\s*=\s*\).*$,\1'$CERTDIR'/'$CERTPREFIX'-ca.pem,' $KENNELCONF | |
$SED -i "" 's,^\(ssl\.certfile\s*=\s*\).*$,\1'$CERTDIR'/'$CERTPREFIX'-ca.key,' $KENNELCONF | |
$SED -i "" 's,^\(ssl\.keyfile\s*=\s*\).*$,\1'$CERTDIR'/'$CERTPREFIX'.key,' $KENNELCONF | |
# Config Howl | |
$SED -i "" 's,^\(ssl\.cacertfile\s*=\s*\).*$,\1'$CERTDIR'/'$CERTPREFIX'-ca.pem,' $HOWLCONF | |
$SED -i "" 's,^\(ssl\.certfile\s*=\s*\).*$,\1'$CERTDIR'/'$CERTPREFIX'-ca.key,' $HOWLCONF | |
$SED -i "" 's,^\(ssl\.keyfile\s*=\s*\).*$,\1'$CERTDIR'/'$CERTPREFIX'.key,' $HOWLCONF | |
echo " | |
***************************************************************************** | |
* * | |
* CA Setup complete. * | |
* * | |
* Howl, Kennel, and Snarl configurations have been updated. * | |
* * | |
* Please restart with: * | |
* svcadm restart howl * | |
* svcadm restart kennel * | |
* svcadm restart snarl * | |
* svcs snarl kennel * | |
* * | |
***************************************************************************** | |
" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment