From 6e2865982d72f82a9869738010e5529d3f667849 Mon Sep 17 00:00:00 2001 From: caes Date: Fri, 29 May 2020 00:02:23 -0400 Subject: [PATCH] Added data and new functions for ssl creation and other things. --- .gitignore | 1 + broker.sh | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- data.json | 35 ++++++++++++++++++++++++---------- 3 files changed, 80 insertions(+), 12 deletions(-) diff --git a/.gitignore b/.gitignore index af2efba..6ed8787 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ errors .eslintrc.json gitlab_read.pat +ssl.* diff --git a/broker.sh b/broker.sh index b13460e..f5a36c1 100755 --- a/broker.sh +++ b/broker.sh @@ -409,6 +409,48 @@ setup_local () { setup_env $* } +###################################################################### +# Security + +# $1: string to generate key +# $2: fully-qualified domain name of host +cert_gen_self_signed () { + local pass_str="$1" + local fqdn="$2" + local dir="ssl.$fqdn" + local owd=`pwd` + mkdir -p $dir + cd $dir + if [[ $(basename $(pwd)) == "$dir" ]]; then + openssl genrsa -des3 \ + -passout pass:$pass_str \ + -out $fqdn.pass.key 2048 + openssl rsa \ + -passin pass:$pass_str \ + -in $fqdn.pass.key \ + -out $fqdn.key + rm $fqdn.pass.key + # writing RSA key + openssl req -new \ + -key $fqdn.key \ + -out $fqdn.csr + # ... + openssl x509 -req -sha256 -days 365 \ + -in $fqdn.csr \ + -signkey $fqdn.key \ + -out server.crt + rm $fqdn.csr + else + echo "Problem accessing subdir." + fi + cd $owd + return +} + + + + + ###################################################################### # Global constructions. @@ -489,7 +531,6 @@ construct_deal_info () { return 0 } - clear_host_list () { unset cluster_name cluster_size host_list=() @@ -916,7 +957,7 @@ run_apt () { } docker_run_from_data () { - dealkeypath="$*" + local dealkeypath="$*" # env exported here since this is for bootstrapping export_env if construct_deal_info $dealkeypath; then @@ -1157,6 +1198,7 @@ scp_contents_to_host () { if [[ $TESTING_MODE == "TRUE" ]]; then : else + ssh_tty_to_host $host "mkdir -p ${target_dir}" scp -r -o port=${port} $source_dir/* \ "${user}@${fqdn}:${target_dir}/" fi @@ -1253,6 +1295,16 @@ execute_on_nodes () { done } +# $1: host deal +# $2: docker deal +docker_bash_on_host () { + local host=$1; shift + local dealkeypath="$*" + if construct_deal_info $dealkeypath; then + ssh_tty_to_host $host "docker exec -it $deal_name /bin/bash" + fi +} + docker_run_from_data_on_host () { local host=$1 shift diff --git a/data.json b/data.json index 6bca8dc..fc36346 100644 --- a/data.json +++ b/data.json @@ -52,7 +52,7 @@ ["--hostname","gitlab.adamo.network"], [ "-e", - "GITLAB_OMNIBUS_CONFIG=\"external_url 'http://gitlab.adamo.network:45080'; gitlab_rails['gitlab_shell_ssh_port'] = 45022\"" + "GITLAB_OMNIBUS_CONFIG=\"external_url 'https://gitlab.adamo.network:45443'; gitlab_rails['gitlab_shell_ssh_port'] = 45022\"" ] ] }, @@ -166,17 +166,32 @@ ] }, "adamonet": { - "britannia": { - "remote": { - "host": "britannia.adamonet", - "ports": { - "ssh": 22, - "znc": 31415 + "atlas": { + "britannia": { + "remote": { + "host": "britannia.adamonet", + "ports": { + "ssh": 22, + "znc": 31415 + } + }, + "local": { + "host": "localhost", + "ipv4": "207.148.15.96" } }, - "local": { - "host": "localhost", - "ipv4": "207.148.15.96" + "espana": { + "remote": { + "host": "espana", + "ports": { + "ssh": 22 + }, + "user": "rancher" + }, + "local": { + "ipv4": "10.", + "host": "localhost" + } } }, "internum": {