samply
/
bridgehead
mirror of https://github.com/samply/bridgehead.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Certificate enrollment (#24)

This commit is contained in:
Martin Lablans 2022-10-17 14:38:34 +02:00 committed by GitHub
parent ca45a3dbe9
commit e273e97d9c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
bridgehead
View File

@ -77,6 +77,14 @@ case "$ACTION" in
uninstall) uninstall)
exec ./lib/remove-bridgehead-units.sh $PROJECT exec ./lib/remove-bridgehead-units.sh $PROJECT
;; ;;
enroll)
if [ -e $PRIVATEKEYFILENAME ]; then
echo "Private key already exists at $PRIVATEKEYFILENAME. Please delete first to proceed."
exit 1
fi
docker run --rm -ti -v /etc/bridgehead/pki:/etc/bridgehead/pki samply/beam-enroll:latest --output-file $PRIVATEKEYFILENAME --proxy-id $PROXY_ID --admin-email $SUPPORT_EMAIL
chmod 600 $PRIVATEKEYFILENAME
;;
preRun | preUpdate) preRun | preUpdate)
fixPermissions fixPermissions
;; ;;

2
ccp/vars
View File

@ -5,3 +5,5 @@ SPOT_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | he
SPOT_BEAM_SECRET_LONG="ApiKey spot.${PROXY_ID} ${SPOT_BEAM_SECRET_SHORT}" SPOT_BEAM_SECRET_LONG="ApiKey spot.${PROXY_ID} ${SPOT_BEAM_SECRET_SHORT}"
REPORTHUB_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" REPORTHUB_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
REPORTHUB_BEAM_SECRET_LONG="ApiKey report-hub.${PROXY_ID} ${REPORTHUB_BEAM_SECRET_SHORT}" REPORTHUB_BEAM_SECRET_LONG="ApiKey report-hub.${PROXY_ID} ${REPORTHUB_BEAM_SECRET_SHORT}"
SUPPORT_EMAIL=support-ccp@dkfz-heidelberg.de
PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem

2
lib/functions.sh
View File

@ -19,7 +19,7 @@ checkOwner(){
} }
printUsage() { printUsage() {
echo "Usage: bridgehead start|stop|update|install|uninstall PROJECTNAME" echo "Usage: bridgehead start|stop|update|install|uninstall|enroll PROJECTNAME"
echo "PROJECTNAME should be one of ccp|nngm|gbn" echo "PROJECTNAME should be one of ccp|nngm|gbn"
} }

11
lib/prerequisites.sh
View File

@ -43,7 +43,7 @@ fi
# TODO: Make sure you're in the right directory, or, even better, be independent from the working directory. # TODO: Make sure you're in the right directory, or, even better, be independent from the working directory.
log INFO "Checking ssl cert" log INFO "Checking ssl cert for accessing bridgehead via https"
if [ ! -d "certs" ]; then if [ ! -d "certs" ]; then
log WARN "TLS cert missing, we'll now create a self-signed one. Please consider getting an officially signed one (e.g. via Let's Encrypt ...)" log WARN "TLS cert missing, we'll now create a self-signed one. Please consider getting an officially signed one (e.g. via Let's Encrypt ...)"
@ -60,6 +60,15 @@ if [ -e /etc/bridgehead/vault.conf ]; then
fi fi
fi fi
log INFO "Checking your beam proxy private key"
if [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then
log INFO "Success - private key found."
else
log ERROR "Unable to find private key at /etc/bridgehead/pki/${SITE_ID}.priv.pem. To fix, please run bridgehead enroll ${PROJECT} and follow the instructions".
exit 1
fi
log INFO "Success - all prerequisites are met!" log INFO "Success - all prerequisites are met!"
hc_send log "Success - all prerequisites are met!" hc_send log "Success - all prerequisites are met!"