You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by om...@apache.org on 2019/11/04 12:39:05 UTC
[incubator-dlab] branch DLAB-1158 updated: fixed issue with getting
step token
This is an automated email from the ASF dual-hosted git repository.
omartushevskyi pushed a commit to branch DLAB-1158
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
The following commit(s) were added to refs/heads/DLAB-1158 by this push:
new 65efdef fixed issue with getting step token
65efdef is described below
commit 65efdef916a22f6e0319f2c9c6afc84d17744a9d
Author: Oleh Martushevskyi <Ol...@epam.com>
AuthorDate: Mon Nov 4 14:38:54 2019 +0200
fixed issue with getting step token
---
infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py | 8 ++++----
infrastructure-provisioning/src/general/lib/os/redhat/edge_lib.py | 8 ++++----
infrastructure-provisioning/src/ssn/scripts/configure_ssn_node.py | 5 +++--
infrastructure-provisioning/terraform/bin/deploy/endpoint_fab.py | 7 ++++---
4 files changed, 15 insertions(+), 13 deletions(-)
diff --git a/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py b/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py
index 61c76f7..d3a272d 100644
--- a/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py
+++ b/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py
@@ -76,10 +76,10 @@ def install_nginx_ldap(edge_ip, nginx_version, ldap_ip, ldap_dn, ldap_ou, ldap_s
os.environ['conf_stepcerts_kid_password'], user))
sans = "--san localhost --san 127.0.0.1 --san {0}".format(step_cert_sans)
cn = edge_ip
- token = sudo('step ca token {3} --kid {0} --ca-url "{1}" --root /home/{2}/keys/root_ca.crt '
- '--password-file /home/{2}/keys/provisioner_password {4} '.format(
- os.environ['conf_stepcerts_kid'], os.environ['conf_stepcerts_ca_url'],
- user, cn, sans))
+ sudo('step ca token {3} --kid {0} --ca-url "{1}" --root /home/{2}/keys/root_ca.crt '
+ '--password-file /home/{2}/keys/provisioner_password {4} --output-file /tmp/step_token'.format(
+ os.environ['conf_stepcerts_kid'], os.environ['conf_stepcerts_ca_url'], user, cn, sans))
+ token = sudo('cat /tmp/step_token')
sudo('step ca certificate "{0}" /home/{2}/keys/dlab.crt /home/{2}/keys/dlab.key '
'--token "{1}" --kty=RSA --size 2048 --provisioner {3} '.format(cn, token, user,
os.environ['conf_stepcerts_kid']))
diff --git a/infrastructure-provisioning/src/general/lib/os/redhat/edge_lib.py b/infrastructure-provisioning/src/general/lib/os/redhat/edge_lib.py
index d71b921..f9fc26e 100644
--- a/infrastructure-provisioning/src/general/lib/os/redhat/edge_lib.py
+++ b/infrastructure-provisioning/src/general/lib/os/redhat/edge_lib.py
@@ -82,10 +82,10 @@ def install_nginx_ldap(edge_ip, nginx_version, ldap_ip, ldap_dn, ldap_ou, ldap_s
os.environ['conf_stepcerts_kid_password'], user))
sans = "--san localhost --san 127.0.0.1 --san {0}".format(step_cert_sans)
cn = edge_ip
- token = sudo('step ca token {3} --kid {0} --ca-url "{1}" --root /home/{2}/keys/root_ca.crt '
- '--password-file /home/{2}/keys/provisioner_password {4} '.format(
- os.environ['conf_stepcerts_kid'], os.environ['conf_stepcerts_ca_url'],
- user, cn, sans))
+ sudo('step ca token {3} --kid {0} --ca-url "{1}" --root /home/{2}/keys/root_ca.crt '
+ '--password-file /home/{2}/keys/provisioner_password {4} --output-file /tmp/step_token'.format(
+ os.environ['conf_stepcerts_kid'], os.environ['conf_stepcerts_ca_url'], user, cn, sans))
+ token = sudo('cat /tmp/step_token')
sudo('step ca certificate "{0}" /home/{2}/keys/dlab.crt /home/{2}/keys/dlab.key '
'--token "{1}" --kty=RSA --size 2048 --provisioner {3} '.format(cn, token, user,
os.environ['conf_stepcerts_kid']))
diff --git a/infrastructure-provisioning/src/ssn/scripts/configure_ssn_node.py b/infrastructure-provisioning/src/ssn/scripts/configure_ssn_node.py
index 397e487..9960ee0 100644
--- a/infrastructure-provisioning/src/ssn/scripts/configure_ssn_node.py
+++ b/infrastructure-provisioning/src/ssn/scripts/configure_ssn_node.py
@@ -143,10 +143,11 @@ def configure_ssl_certs(hostname, custom_ssl_cert):
os.environ['conf_stepcerts_kid_password'], args.os_user))
sans = "--san localhost --san 127.0.0.1 {0}".format(args.step_cert_sans)
cn = hostname
- token = sudo('step ca token {3} --kid {0} --ca-url "{1}" --root /home/{2}/keys/root_ca.crt '
- '--password-file /home/{2}/keys/provisioner_password {4} '.format(
+ sudo('step ca token {3} --kid {0} --ca-url "{1}" --root /home/{2}/keys/root_ca.crt '
+ '--password-file /home/{2}/keys/provisioner_password {4} --output-file /tmp/step_token'.format(
os.environ['conf_stepcerts_kid'], os.environ['conf_stepcerts_ca_url'],
args.os_user, cn, sans))
+ token = sudo('cat /tmp/step_token')
sudo('step ca certificate "{0}" /home/{2}/keys/dlab.crt /home/{2}/keys/dlab.key '
'--token "{1}" --kty=RSA --size 2048 --provisioner {3} '.format(cn, token, args.os_user,
os.environ['conf_stepcerts_kid']))
diff --git a/infrastructure-provisioning/terraform/bin/deploy/endpoint_fab.py b/infrastructure-provisioning/terraform/bin/deploy/endpoint_fab.py
index 02e39c4..d4cd1da 100644
--- a/infrastructure-provisioning/terraform/bin/deploy/endpoint_fab.py
+++ b/infrastructure-provisioning/terraform/bin/deploy/endpoint_fab.py
@@ -123,9 +123,10 @@ def ensure_step_certs():
if public_ip_address:
sans += "--san {0}".format(public_ip_address)
cn = public_ip_address
- token = conn.sudo('step ca token {3} --kid {0} --ca-url "{1}" --root /home/{2}/keys/root_ca.crt '
- '--password-file /home/{2}/keys/provisioner_password {4} '.format(
- args.step_kid, args.step_ca_url, args.os_user, cn, sans)).stdout.replace('\n', '')
+ conn.sudo('step ca token {3} --kid {0} --ca-url "{1}" --root /home/{2}/keys/root_ca.crt '
+ '--password-file /home/{2}/keys/provisioner_password {4} --output-file /tmp/step_token'.format(
+ args.step_kid, args.step_ca_url, args.os_user, cn, sans))
+ token = conn.sudo('cat /tmp/step_token').stdout.replace('\n', '')
conn.sudo('step ca certificate "{0}" /home/{2}/keys/endpoint.crt /home/{2}/keys/endpoint.key '
'--token "{1}" --kty=RSA --size 2048 --provisioner {3} '.format(cn, token, args.os_user,
args.step_kid))
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org