379971af by Adam Heath

Update to no longer create registry.crt.

1 parent 5d421adc
1 subjectAltName = @alt_names
2
3 [alt_names]
4 DNS.1 = registry.uniquely-me.local
5 DNS.2 = registry.uniquely.me
1 [req]
2 default_bits = 2048
3 default_keyfile = registry.key
4 distinguished_name = req_distinguished_name
5 req_extensions = req_ext
6 prompt = no
7 encrypt_key = no
8
9 [req_distinguished_name]
10 countryName = US
11 stateOrProvinceName = Texas
12 localityName = Dallas
13 organizationName = UNIQUELY ME
14 organizationalUnitName = IT
15 commonName = registry.uniquely-me.local
16
17 [req_ext]
18 subjectAltName = @alt_names
19
20 [alt_names]
21 DNS.1 = registry.uniquely-me.local
22 DNS.2 = registry.uniquely.me
...@@ -2,25 +2,17 @@ ...@@ -2,25 +2,17 @@
2 2
3 set -e 3 set -e
4 4
5 TOP_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")" 5 APISERVER_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")"
6 export TOP_DIR 6 export APISERVER_DIR
7 7
8 mkdir -p "$TOP_DIR"/certs 8 CONTEXT_DIR="$1"
9 if ! [ -e "$TOP_DIR/certs/root.key" ]; then
10 openssl genrsa -out "$TOP_DIR/certs/root.key.tmp" 2048
11 mv "$TOP_DIR/certs/root.key.tmp" "$TOP_DIR/certs/root.key"
12 fi
13 if ! [ -e "$TOP_DIR/certs/root.crt" ]; then
14 openssl req -x509 -new -nodes -key "$TOP_DIR/certs/root.key" -subj "/CN=app.local" -days 1024 -reqexts v3_req -extensions v3_ca -out "$TOP_DIR/certs/root.crt.tmp"
15 mv "$TOP_DIR/certs/root.crt.tmp" "$TOP_DIR/certs/root.crt"
16 fi
17 9
18 if ! [ -e "$TOP_DIR/certs/registry.key" ]; then 10 mkdir -p "$CONTEXT_DIR"/certs
19 openssl genrsa -out "$TOP_DIR/certs/registry.key.tmp" 4096 11 if ! [ -e "$CONTEXT_DIR/certs/root.key" ]; then
20 mv "$TOP_DIR/certs/registry.key.tmp" "$TOP_DIR/certs/registry.key" 12 openssl genrsa -out "$CONTEXT_DIR/certs/root.key.tmp" 2048
13 mv "$CONTEXT_DIR/certs/root.key.tmp" "$CONTEXT_DIR/certs/root.key"
21 fi 14 fi
22 if ! [ -e "$TOP_DIR/certs/registry.crt" ]; then 15 if ! [ -e "$CONTEXT_DIR/certs/root.crt" ]; then
23 openssl req -new -key "$TOP_DIR/certs/registry.key" -config "$TOP_DIR/etc/ssl/registry.conf" -out "$TOP_DIR/certs/registry.csr" 16 openssl req -x509 -new -nodes -key "$CONTEXT_DIR/certs/root.key" -subj "/CN=app.local" -days 1024 -reqexts v3_req -extensions v3_ca -out "$CONTEXT_DIR/certs/root.crt.tmp"
24 openssl x509 -req -days 365 -in "$TOP_DIR/certs/registry.csr" -CA "$TOP_DIR/certs/root.crt" -CAkey "$TOP_DIR/certs/root.key" -CAcreateserial -out "$TOP_DIR/certs/registry.crt.tmp" -extfile "$TOP_DIR/etc/ssl/registry-sign.conf" 17 mv "$CONTEXT_DIR/certs/root.crt.tmp" "$CONTEXT_DIR/certs/root.crt"
25 mv "$TOP_DIR/certs/registry.crt.tmp" "$TOP_DIR/certs/registry.crt"
26 fi 18 fi
......
...@@ -20,7 +20,7 @@ case "$1" in ...@@ -20,7 +20,7 @@ case "$1" in
20 ;; 20 ;;
21 esac 21 esac
22 22
23 "$APISERVER_DIR/scripts/ensure-certs.sh" 23 "$APISERVER_DIR/scripts/ensure-certs.sh" "$CONTEXT_DIR"
24 "$APISERVER_DIR/scripts/wait-for-etcd.sh" "$CONTEXT_DIR" 24 "$APISERVER_DIR/scripts/wait-for-etcd.sh" "$CONTEXT_DIR"
25 25
26 _compose up -d k3s-master-1 26 _compose up -d k3s-master-1
......