samply
/
bridgehead
mirror of https://github.com/samply/bridgehead.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Certificate enrollment

This commit is contained in:
Martin Lablans 2022-10-17 10:01:01 +02:00
parent 36d5206259
commit 1a9d8bf17b
3 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
bridgehead
View File

@ -78,12 +78,16 @@ case "$ACTION" in
exec ./lib/remove-bridgehead-units.sh $PROJECT exec ./lib/remove-bridgehead-units.sh $PROJECT
;; ;;
enroll) enroll)
if [ -e /etc/pki/${SITE_ID}.pem ]; then if [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then
echo "Private key already exists at /etc/pki/${SITE_ID}.pem. Please delete first to proceed." echo "Private key already exists at /etc/bridgehead/pki/${SITE_ID}.priv.pem. Please delete first to proceed."
exit 1 exit 1
fi fi
docker run --rm -ti -v /etc/bridgehead/pki:/pki samply/beam-enroll:latest --admin-email $OPERATOR_EMAIL --output- OPTS=""
path /pki --proxy-id $PROXY_ID if [ -n "$OPERATOR_EMAIL" ]; then
OPTS+="--admin-email $OPERATOR_EMAIL"
fi
docker run --rm -ti -v /etc/bridgehead/pki:/pki samply/beam-enroll:latest --output-path /pki --proxy-id $PROXY_ID $OPTS
;;
preRun | preUpdate) preRun | preUpdate)
fixPermissions fixPermissions
;; ;;

2
lib/functions.sh
View File

@ -19,7 +19,7 @@ checkOwner(){
} }
printUsage() { printUsage() {
echo "Usage: bridgehead start|stop|update|install|uninstall PROJECTNAME" echo "Usage: bridgehead start|stop|update|install|uninstall|enroll PROJECTNAME"
echo "PROJECTNAME should be one of ccp|nngm|gbn" echo "PROJECTNAME should be one of ccp|nngm|gbn"
} }

11
lib/prerequisites.sh
View File

@ -43,7 +43,7 @@ fi
# TODO: Make sure you're in the right directory, or, even better, be independent from the working directory. # TODO: Make sure you're in the right directory, or, even better, be independent from the working directory.
log INFO "Checking ssl cert" log INFO "Checking ssl cert for accessing bridgehead via https"
if [ ! -d "certs" ]; then if [ ! -d "certs" ]; then
log WARN "TLS cert missing, we'll now create a self-signed one. Please consider getting an officially signed one (e.g. via Let's Encrypt ...)" log WARN "TLS cert missing, we'll now create a self-signed one. Please consider getting an officially signed one (e.g. via Let's Encrypt ...)"
@ -60,6 +60,15 @@ if [ -e /etc/bridgehead/vault.conf ]; then
fi fi
fi fi
log INFO "Checking your beam proxy private key"
if [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then
log INFO "Success - private key found."
else
log ERROR "Unable to find private key at /etc/bridgehead/pki/${SITE_ID}.priv.pem. To fix, please run bridgehead enroll ${PROJECT} and follow the instructions".
exit 1
fi
log INFO "Success - all prerequisites are met!" log INFO "Success - all prerequisites are met!"
hc_send log "Success - all prerequisites are met!" hc_send log "Success - all prerequisites are met!"