You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by om...@apache.org on 2020/01/24 11:46:53 UTC

[incubator-dlab] branch DLAB-1462 updated: [DLAB-1462]: Fixed issue with Step certificates

This is an automated email from the ASF dual-hosted git repository.

omartushevskyi pushed a commit to branch DLAB-1462
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git


The following commit(s) were added to refs/heads/DLAB-1462 by this push:
     new 4c43dee  [DLAB-1462]: Fixed issue with Step certificates
4c43dee is described below

commit 4c43dee9a56530cd89838fefbe8fec4c3fdb8672
Author: Oleh Martushevskyi <Ol...@epam.com>
AuthorDate: Fri Jan 24 13:46:41 2020 +0200

    [DLAB-1462]: Fixed issue with Step certificates
---
 infrastructure-provisioning/src/general/lib/os/debian/ssn_lib.py      | 4 ++--
 infrastructure-provisioning/src/general/lib/os/redhat/ssn_lib.py      | 4 ++--
 .../src/general/templates/os/manage_step_certs.sh                     | 3 +--
 .../src/general/templates/os/renew_certificates.sh                    | 4 ++--
 infrastructure-provisioning/terraform/bin/deploy/manage_step_certs.sh | 3 +--
 .../terraform/bin/deploy/renew_certificates.sh                        | 4 ++--
 6 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/infrastructure-provisioning/src/general/lib/os/debian/ssn_lib.py b/infrastructure-provisioning/src/general/lib/os/debian/ssn_lib.py
index 079b091..371a568 100644
--- a/infrastructure-provisioning/src/general/lib/os/debian/ssn_lib.py
+++ b/infrastructure-provisioning/src/general/lib/os/debian/ssn_lib.py
@@ -316,9 +316,9 @@ def start_ss(keyfile, host_string, dlab_conf_dir, web_path,
                     sudo('keytool -keystore /home/{0}/keys/ssn.keystore.jks -alias CARoot -import -file '
                          '/etc/ssl/certs/root_ca.crt  -deststorepass "{1}" -srcstorepass "{1}" -noprompt'.format(
                           os_user, keystore_passwd))
-                    sudo('keytool -importcert -trustcacerts -alias step-ca -file /etc/ssl/certs/root_ca.crt '
+                    sudo('keytool -importcert -trustcacerts -alias CARoot -file /etc/ssl/certs/root_ca.crt '
                          '-noprompt -storepass changeit -keystore {1}/lib/security/cacerts'.format(os_user, java_path))
-                    sudo('keytool -importcert -trustcacerts -alias step-crt -file /etc/ssl/certs/dlab.crt -noprompt '
+                    sudo('keytool -importcert -trustcacerts -alias ssn -file /etc/ssl/certs/dlab.crt -noprompt '
                          '-storepass changeit -keystore {0}/lib/security/cacerts'.format(java_path))
                 else:
                     sudo('keytool -genkeypair -alias ssn -keyalg RSA -validity 730 -storepass {1} -keypass {1} \
diff --git a/infrastructure-provisioning/src/general/lib/os/redhat/ssn_lib.py b/infrastructure-provisioning/src/general/lib/os/redhat/ssn_lib.py
index d91c303..8f45bb0 100644
--- a/infrastructure-provisioning/src/general/lib/os/redhat/ssn_lib.py
+++ b/infrastructure-provisioning/src/general/lib/os/redhat/ssn_lib.py
@@ -343,9 +343,9 @@ def start_ss(keyfile, host_string, dlab_conf_dir, web_path,
                     sudo('keytool -keystore /home/{0}/keys/ssn.keystore.jks -alias CARoot -import -file '
                          '/home/{0}/keys/root_ca.crt  -deststorepass "{1}" -srcstorepass "{1}" -noprompt'.format(
                           os_user, keystore_passwd))
-                    sudo('keytool -importcert -trustcacerts -alias step-ca -file /home/{0}/keys/root_ca.crt '
+                    sudo('keytool -importcert -trustcacerts -alias CARoot -file /home/{0}/keys/root_ca.crt '
                          '-noprompt -storepass changeit -keystore {1}/lib/security/cacerts'.format(os_user, java_path))
-                    sudo('keytool -importcert -trustcacerts -alias step-crt -file /etc/ssl/certs/dlab.crt -noprompt '
+                    sudo('keytool -importcert -trustcacerts -alias ssn -file /etc/ssl/certs/dlab.crt -noprompt '
                          '-storepass changeit -keystore {0}/lib/security/cacerts'.format(java_path))
 
                 else:
diff --git a/infrastructure-provisioning/src/general/templates/os/manage_step_certs.sh b/infrastructure-provisioning/src/general/templates/os/manage_step_certs.sh
index 16321c3..bc194a9 100644
--- a/infrastructure-provisioning/src/general/templates/os/manage_step_certs.sh
+++ b/infrastructure-provisioning/src/general/templates/os/manage_step_certs.sh
@@ -44,8 +44,7 @@ function renew_cert() {
   elif [ $resource_type = 'endpoint' ]; then
     step ca renew ${crt_path} ${key_path} --exec "/usr/local/bin/renew_certificates.sh" --ca-url ${ca_url} --root ${root_crt_path} --force --expires-in 8h
   elif [ $resource_type = 'ssn' ]; then
-    step ca renew ${crt_path} ${key_path} --exec "/usr/local/bin/renew_certificates.sh" --ca-url ${ca_url} --root ${root_crt_path} --force --expires-in 8h
-    nginx -s reload
+    step ca renew ${crt_path} ${key_path} --exec "/usr/local/bin/renew_certificates.sh" --ca-url ${ca_url} --root ${root_crt_path} --force --expires-in 8h && nginx -s reload
   else
     log "Wrong resource type. Aborting..."
     exit 1
diff --git a/infrastructure-provisioning/src/general/templates/os/renew_certificates.sh b/infrastructure-provisioning/src/general/templates/os/renew_certificates.sh
index e25f7d6..43477bc 100644
--- a/infrastructure-provisioning/src/general/templates/os/renew_certificates.sh
+++ b/infrastructure-provisioning/src/general/templates/os/renew_certificates.sh
@@ -26,7 +26,7 @@ KEYSTORE_PASS=$(cat /opt/dlab/conf/CONF_FILE.yml  | grep '<#assign KEY_STORE_PAS
 # Removing old certificates
 keytool -delete -alias RESOURCE_TYPE -keystore /home/OS_USER/keys/RESOURCE_TYPE.keystore.jks -storepass "${KEYSTORE_PASS}"
 keytool -delete -alias CARoot -keystore /home/OS_USER/keys/RESOURCE_TYPE.keystore.jks -storepass "${KEYSTORE_PASS}"
-keytool -delete -alias mykey -keystore JAVA_HOME/lib/security/cacerts -storepass changeit
+keytool -delete -alias CARoot -keystore JAVA_HOME/lib/security/cacerts -storepass changeit
 keytool -delete -alias RESOURCE_TYPE -keystore JAVA_HOME/lib/security/cacerts -storepass changeit
 
 # Importing new certificates to keystore
@@ -37,7 +37,7 @@ keytool -keystore /home/OS_USER/keys/RESOURCE_TYPE.keystore.jks -alias CARoot -i
 
 # Adding new certificates
 keytool -importcert -trustcacerts -alias RESOURCE_TYPE -file /etc/ssl/certs/dlab.crt -noprompt -storepass changeit -keystore JAVA_HOME/lib/security/cacerts
-keytool -importcert -trustcacerts -file /etc/ssl/certs/root_ca.crt -noprompt -storepass changeit -keystore JAVA_HOME/lib/security/cacerts
+keytool -importcert -trustcacerts -alias CARoot -file /etc/ssl/certs/root_ca.crt -noprompt -storepass changeit -keystore JAVA_HOME/lib/security/cacerts
 
 # Restarting service
 supervisorctl restart provserv
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/bin/deploy/manage_step_certs.sh b/infrastructure-provisioning/terraform/bin/deploy/manage_step_certs.sh
index 16321c3..bc194a9 100644
--- a/infrastructure-provisioning/terraform/bin/deploy/manage_step_certs.sh
+++ b/infrastructure-provisioning/terraform/bin/deploy/manage_step_certs.sh
@@ -44,8 +44,7 @@ function renew_cert() {
   elif [ $resource_type = 'endpoint' ]; then
     step ca renew ${crt_path} ${key_path} --exec "/usr/local/bin/renew_certificates.sh" --ca-url ${ca_url} --root ${root_crt_path} --force --expires-in 8h
   elif [ $resource_type = 'ssn' ]; then
-    step ca renew ${crt_path} ${key_path} --exec "/usr/local/bin/renew_certificates.sh" --ca-url ${ca_url} --root ${root_crt_path} --force --expires-in 8h
-    nginx -s reload
+    step ca renew ${crt_path} ${key_path} --exec "/usr/local/bin/renew_certificates.sh" --ca-url ${ca_url} --root ${root_crt_path} --force --expires-in 8h && nginx -s reload
   else
     log "Wrong resource type. Aborting..."
     exit 1
diff --git a/infrastructure-provisioning/terraform/bin/deploy/renew_certificates.sh b/infrastructure-provisioning/terraform/bin/deploy/renew_certificates.sh
index e25f7d6..43477bc 100644
--- a/infrastructure-provisioning/terraform/bin/deploy/renew_certificates.sh
+++ b/infrastructure-provisioning/terraform/bin/deploy/renew_certificates.sh
@@ -26,7 +26,7 @@ KEYSTORE_PASS=$(cat /opt/dlab/conf/CONF_FILE.yml  | grep '<#assign KEY_STORE_PAS
 # Removing old certificates
 keytool -delete -alias RESOURCE_TYPE -keystore /home/OS_USER/keys/RESOURCE_TYPE.keystore.jks -storepass "${KEYSTORE_PASS}"
 keytool -delete -alias CARoot -keystore /home/OS_USER/keys/RESOURCE_TYPE.keystore.jks -storepass "${KEYSTORE_PASS}"
-keytool -delete -alias mykey -keystore JAVA_HOME/lib/security/cacerts -storepass changeit
+keytool -delete -alias CARoot -keystore JAVA_HOME/lib/security/cacerts -storepass changeit
 keytool -delete -alias RESOURCE_TYPE -keystore JAVA_HOME/lib/security/cacerts -storepass changeit
 
 # Importing new certificates to keystore
@@ -37,7 +37,7 @@ keytool -keystore /home/OS_USER/keys/RESOURCE_TYPE.keystore.jks -alias CARoot -i
 
 # Adding new certificates
 keytool -importcert -trustcacerts -alias RESOURCE_TYPE -file /etc/ssl/certs/dlab.crt -noprompt -storepass changeit -keystore JAVA_HOME/lib/security/cacerts
-keytool -importcert -trustcacerts -file /etc/ssl/certs/root_ca.crt -noprompt -storepass changeit -keystore JAVA_HOME/lib/security/cacerts
+keytool -importcert -trustcacerts -alias CARoot -file /etc/ssl/certs/root_ca.crt -noprompt -storepass changeit -keystore JAVA_HOME/lib/security/cacerts
 
 # Restarting service
 supervisorctl restart provserv
\ No newline at end of file


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org