Ability to define SSL certificates duration and SSL key size (#3482)

* Ability to specify ssl certificate duration and ssl key size - etcd/secrets * Ability to specify ssl certificate duration and ssl key size - helm/contiv + fix contiv missing copy certs generation script
2026-03-04 09:58:20 +03:00 · 2018-10-09 13:43:30 +02:00
parent c825f4d180
commit 2ab2f3a0a3
9 changed files with 42 additions and 28 deletions
--- a/roles/network_plugin/contiv/templates/generate-certificate.sh.j2
+++ b/roles/network_plugin/contiv/templates/generate-certificate.sh.j2
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+set -euo pipefail
+
+PREFIX="/var/contiv"
+KEY_PATH="$PREFIX/auth_proxy_key.pem"
+CERT_PATH="$PREFIX/auth_proxy_cert.pem"
+
+# if both files exist, just exit
+if [[ -f $KEY_PATH && -f $CERT_PATH ]]; then
+	exit 0
+fi
+
+mkdir -p "$PREFIX"
+
+rm -f $KEY_PATH
+rm -f $CERT_PATH
+
+openssl genrsa -out $KEY_PATH {{certificates_key_size}} >/dev/null 2>&1
+openssl req -new -x509 -sha256 -days {{certificates_duration}} \
+	-key $KEY_PATH \
+	-out $CERT_PATH \
+	-subj "/C=US/ST=CA/L=San Jose/O=CPSG/OU=IT Department/CN=auth-local.cisco.com"