-
Notifications
You must be signed in to change notification settings - Fork 2
/
provision-certs.sh
executable file
·127 lines (111 loc) · 7 KB
/
provision-certs.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
#!/bin/bash
set -x #echo on
# To setup flocker you will need to install the cli tools on your local machine: https://docs.clusterhq.com/en/1.6.1/install/install-client.html
# Export MASTER/SLAVE{0..2} from the terraform apply step.
# Export your generated key
# export KEY=/Volumes/source/clusterhq/terraform/ssh_keys/key.pem
echo "Delete any old certificates and nodes"
rm -rf *.crt *.key ec2*
# Now run the certificate generation scripts
flocker-ca initialize flocker-cluster
flocker-ca create-control-certificate $MASTER
mv control-*.crt control-service.crt
mv control-*.key control-service.key
scp -oStrictHostKeyChecking=no -i $KEY control-service.crt ubuntu@$MASTER:/etc/flocker
scp -oStrictHostKeyChecking=no -i $KEY control-service.key ubuntu@$MASTER:/etc/flocker
scp -oStrictHostKeyChecking=no -i $KEY ./cluster.crt ubuntu@$MASTER:/etc/flocker
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$MASTER 'sudo chmod 0700 /etc/flocker'
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$MASTER 'chmod 0600 /etc/flocker/control-service.key'
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$MASTER 'sudo service flocker-control stop ; sudo service flocker-dataset-agent stop ; sudo service flocker-container-agent stop ; sudo service docker stop'
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$MASTER 'sudo rm /var/lib/docker/network/files/local-kv.db'
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$MASTER 'sudo service flocker-control start ; sudo service docker start'
flocker-ca create-api-certificate plugin
# Slaves, change the export name
export SLAVE=$SLAVE0
mkdir $SLAVE
cp cluster.crt $SLAVE/
cp cluster.key $SLAVE/
cd $SLAVE
flocker-ca create-node-certificate
rm cluster.*
mv *.crt node.crt
mv *.key node.key
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$SLAVE 'sudo chown ubuntu /etc/flocker'
scp -oStrictHostKeyChecking=no -i $KEY node.crt ubuntu@$SLAVE:/etc/flocker
scp -oStrictHostKeyChecking=no -i $KEY node.key ubuntu@$SLAVE:/etc/flocker
scp -oStrictHostKeyChecking=no -i $KEY ../cluster.crt ubuntu@$SLAVE:/etc/flocker
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$SLAVE 'sudo chmod 0700 /etc/flocker'
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$SLAVE 'chmod 0600 /etc/flocker/node.key'
cd ..
scp -oStrictHostKeyChecking=no -i $KEY ./plugin.crt ubuntu@$SLAVE:/etc/flocker/plugin.crt
scp -oStrictHostKeyChecking=no -i $KEY ./plugin.key ubuntu@$SLAVE:/etc/flocker/plugin.key
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$SLAVE 'sudo service flocker-control stop ; sudo service flocker-dataset-agent stop ; sudo service flocker-container-agent stop ; sudo service docker stop'
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$SLAVE 'sudo rm /var/lib/docker/network/files/local-kv.db'
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$SLAVE 'sudo service flocker-dataset-agent start'
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$SLAVE 'sudo service flocker-container-agent start'
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$SLAVE 'sudo service docker start'
export SLAVE=$SLAVE1
mkdir $SLAVE
cp cluster.crt $SLAVE/
cp cluster.key $SLAVE/
cd $SLAVE
flocker-ca create-node-certificate
rm cluster.*
mv *.crt node.crt
mv *.key node.key
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$SLAVE 'sudo chown ubuntu /etc/flocker'
scp -oStrictHostKeyChecking=no -i $KEY node.crt ubuntu@$SLAVE:/etc/flocker
scp -oStrictHostKeyChecking=no -i $KEY node.key ubuntu@$SLAVE:/etc/flocker
scp -oStrictHostKeyChecking=no -i $KEY ../cluster.crt ubuntu@$SLAVE:/etc/flocker
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$SLAVE 'sudo chmod 0700 /etc/flocker'
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$SLAVE 'chmod 0600 /etc/flocker/node.key'
cd ..
scp -oStrictHostKeyChecking=no -i $KEY ./plugin.crt ubuntu@$SLAVE:/etc/flocker/plugin.crt
scp -oStrictHostKeyChecking=no -i $KEY ./plugin.key ubuntu@$SLAVE:/etc/flocker/plugin.key
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$SLAVE 'sudo service flocker-control stop ; sudo service flocker-dataset-agent stop ; sudo service flocker-container-agent stop ; sudo service docker stop'
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$SLAVE 'sudo rm /var/lib/docker/network/files/local-kv.db'
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$SLAVE 'sudo service flocker-dataset-agent start'
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$SLAVE 'sudo service flocker-container-agent start'
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$SLAVE 'sudo service docker start'
export SLAVE=$SLAVE2
mkdir $SLAVE
cp cluster.crt $SLAVE/
cp cluster.key $SLAVE/
cd $SLAVE
flocker-ca create-node-certificate
rm cluster.*
mv *.crt node.crt
mv *.key node.key
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$SLAVE 'sudo chown ubuntu /etc/flocker'
scp -oStrictHostKeyChecking=no -i $KEY node.crt ubuntu@$SLAVE:/etc/flocker
scp -oStrictHostKeyChecking=no -i $KEY node.key ubuntu@$SLAVE:/etc/flocker
scp -oStrictHostKeyChecking=no -i $KEY ../cluster.crt ubuntu@$SLAVE:/etc/flocker
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$SLAVE 'sudo chmod 0700 /etc/flocker'
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$SLAVE 'chmod 0600 /etc/flocker/node.key'
cd ..
scp -oStrictHostKeyChecking=no -i $KEY ./plugin.crt ubuntu@$SLAVE:/etc/flocker/plugin.crt
scp -oStrictHostKeyChecking=no -i $KEY ./plugin.key ubuntu@$SLAVE:/etc/flocker/plugin.key
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$SLAVE 'sudo service flocker-control stop ; sudo service flocker-dataset-agent stop ; sudo service flocker-container-agent stop ; sudo service docker stop'
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$SLAVE 'sudo rm /var/lib/docker/network/files/local-kv.db'
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$SLAVE 'sudo service flocker-dataset-agent start'
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$SLAVE 'sudo service flocker-container-agent start'
ssh -f -oStrictHostKeyChecking=no -i $KEY ubuntu@$SLAVE 'sudo service docker start'
echo "Now please wait for two minutes whilst the flocker cluster converges (required, sorry)"
sleep 120
echo "Generating user api keys"
flocker-ca create-api-certificate user
# Check it worked (Note, it takes a while for the flocker nodes to join the cluster)
if [[ "$OSTYPE" == "linux-gnu" ]]; then
# LINUX
curl --cacert $PWD/cluster.crt --cert $PWD/user.crt --key $PWD/user.key https://$MASTER:4523/v1/version
curl --cacert $PWD/cluster.crt --cert $PWD/user.crt --key $PWD/user.key https://$MASTER:4523/v1/state/nodes
curl --cacert $PWD/cluster.crt --cert $PWD/user.crt --key $PWD/user.key https://$MASTER:4523/v1/state/datasets
curl --cacert $PWD/cluster.crt --cert $PWD/user.crt --key $PWD/user.key https://$MASTER:4523/v1/configuration/datasets
elif [[ "$OSTYPE" == "darwin"* ]]; then
# MAC (due to a bug in mac curl)
openssl pkcs12 -export -inkey $PWD/user.key -in $PWD/user.crt -name user -out user.p12 -password pass:password
curl -k --cert user.p12:password https://$MASTER:4523/v1/version
curl -k --cert user.p12:password https://$MASTER:4523/v1/state/nodes
curl -k --cert user.p12:password https://$MASTER:4523/v1/configuration/datasets
curl -k --cert user.p12:password https://$MASTER:4523/v1/state/datasets
fi