verbis-admin
/
bridgehead
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Certificate enrollment (#24)

This commit is contained in:
Martin Lablans 2022-10-17 14:38:34 +02:00 committed by GitHub
parent ca45a3dbe9
commit e273e97d9c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
bridgehead
View File

@ -77,6 +77,14 @@ case "$ACTION" in
uninstall)
exec ./lib/remove-bridgehead-units.sh $PROJECT
;;
enroll)
if [ -e $PRIVATEKEYFILENAME ]; then
echo "Private key already exists at $PRIVATEKEYFILENAME. Please delete first to proceed."
exit 1
fi
docker run --rm -ti -v /etc/bridgehead/pki:/etc/bridgehead/pki samply/beam-enroll:latest --output-file $PRIVATEKEYFILENAME --proxy-id $PROXY_ID --admin-email $SUPPORT_EMAIL
chmod 600 $PRIVATEKEYFILENAME
;;
preRun | preUpdate)
fixPermissions
;;

2
ccp/vars
View File

@ -5,3 +5,5 @@ SPOT_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | he
SPOT_BEAM_SECRET_LONG="ApiKey spot.${PROXY_ID} ${SPOT_BEAM_SECRET_SHORT}"
REPORTHUB_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
REPORTHUB_BEAM_SECRET_LONG="ApiKey report-hub.${PROXY_ID} ${REPORTHUB_BEAM_SECRET_SHORT}"
SUPPORT_EMAIL=support-ccp@dkfz-heidelberg.de
PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem

2
lib/functions.sh
View File

@ -19,7 +19,7 @@ checkOwner(){
}
printUsage() {
echo "Usage: bridgehead start|stop|update|install|uninstall PROJECTNAME"
echo "Usage: bridgehead start|stop|update|install|uninstall|enroll PROJECTNAME"
echo "PROJECTNAME should be one of ccp|nngm|gbn"
}

11
lib/prerequisites.sh
View File

@ -43,7 +43,7 @@ fi
# TODO: Make sure you're in the right directory, or, even better, be independent from the working directory.
log INFO "Checking ssl cert"
log INFO "Checking ssl cert for accessing bridgehead via https"
if [ ! -d "certs" ]; then
log WARN "TLS cert missing, we'll now create a self-signed one. Please consider getting an officially signed one (e.g. via Let's Encrypt ...)"
@ -60,6 +60,15 @@ if [ -e /etc/bridgehead/vault.conf ]; then
fi
fi
log INFO "Checking your beam proxy private key"
if [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then
log INFO "Success - private key found."
else
log ERROR "Unable to find private key at /etc/bridgehead/pki/${SITE_ID}.priv.pem. To fix, please run bridgehead enroll ${PROJECT} and follow the instructions".
exit 1
fi
log INFO "Success - all prerequisites are met!"
hc_send log "Success - all prerequisites are met!"