You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@openwhisk.apache.org by GitBox <gi...@apache.org> on 2018/03/16 17:56:52 UTC

[GitHub] dubee closed pull request #3447: Generate keystore without generating certificates

dubee closed pull request #3447: Generate keystore without generating certificates
URL: https://github.com/apache/incubator-openwhisk/pull/3447
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/ansible/files/genssl.sh b/ansible/files/genssl.sh
index a506a7ed40..fdf9642339 100755
--- a/ansible/files/genssl.sh
+++ b/ansible/files/genssl.sh
@@ -12,9 +12,8 @@ CN=$1
 TYPE=$2
 SCRIPTDIR=$3
 export TRUSTSTORE_PASSWORD=${4:-PASSWORD}
-GENKEY=$5
-NAME_PREFIX=$6
-
+NAME_PREFIX=$5
+GENKEY=$6
 
 
 ## generates a (self-signed) certificate
@@ -39,6 +38,14 @@ function gen_cert(){
       -days 365
 }
 
+function gen_p12_keystore(){
+  openssl pkcs12 -export -name $CN \
+       -passout pass:$TRUSTSTORE_PASSWORD \
+       -in "$SCRIPTDIR/${NAME_PREFIX}openwhisk-server-cert.pem" \
+       -inkey "$SCRIPTDIR/${NAME_PREFIX}openwhisk-server-key.pem" \
+       -out "$SCRIPTDIR/${NAME_PREFIX}openwhisk-keystore.p12"
+}
+
 if [ "$TYPE" == "server_with_JKS_keystore" ]; then
   gen_csr
   gen_cert
@@ -66,11 +73,10 @@ elif [ "$TYPE" == "server" ]; then
     gen_csr
     gen_cert
     echo generate keystore
-    openssl pkcs12 -export -name $CN \
-         -passout pass:$TRUSTSTORE_PASSWORD \
-         -in "$SCRIPTDIR/${NAME_PREFIX}openwhisk-server-cert.pem" \
-         -inkey "$SCRIPTDIR/${NAME_PREFIX}openwhisk-server-key.pem" \
-         -out "$SCRIPTDIR/${NAME_PREFIX}openwhisk-keystore.p12"
+    gen_p12_keystore
+elif [ "$TYPE" == "p12_keystore_only" ]; then
+    gen_csr
+    gen_p12_keystore
 else
     echo generating client ca key
     openssl genrsa -aes256 -passout pass:$PASSWORD -out "$SCRIPTDIR/openwhisk-client-ca-key.pem" 2048
diff --git a/ansible/setup.yml b/ansible/setup.yml
index c9769d0b2f..0ebc3fde9a 100644
--- a/ansible/setup.yml
+++ b/ansible/setup.yml
@@ -46,7 +46,7 @@
 
 
   - name: generate kafka certificates
-    local_action: shell "{{ playbook_dir }}/files/genssl.sh" "openwhisk-kafka" "server_with_JKS_keystore" "{{ playbook_dir }}/roles/kafka/files" openwhisk "generateKey" "kafka-"
+    local_action: shell "{{ playbook_dir }}/files/genssl.sh" "openwhisk-kafka" "server_with_JKS_keystore" "{{ playbook_dir }}/roles/kafka/files" openwhisk "kafka-" "generateKey"
     when: kafka_protocol_for_setup == 'SSL'
 
   - name: ensure controller files directory exists
@@ -59,4 +59,4 @@
 
   - name: generate controller certificates
     when: controllerProtocolForSetup == 'https'
-    local_action: shell "{{ playbook_dir }}/files/genssl.sh" "openwhisk-controllers" "server" "{{ playbook_dir }}/roles/controller/files" {{ controllerKeystorePassword }} "generateKey" {{ controllerKeyPrefix }}
+    local_action: shell "{{ playbook_dir }}/files/genssl.sh" "openwhisk-controllers" "server" "{{ playbook_dir }}/roles/controller/files" {{ controllerKeystorePassword }} {{ controllerKeyPrefix }} "generateKey"


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services