From 5f75ffa180f6418f58a87e008978234ffe782d93 Mon Sep 17 00:00:00 2001 From: Tin Lam Date: Mon, 27 Sep 2021 09:28:34 -0500 Subject: [PATCH] fix(ssl): fixes libvirt ssl job Changes the override to use dynamically generated certs for the libvirt-ssl jobs so they don't expire in the future. Also, changes it so it is voting again like before. Signed-off-by: Tin Lam Change-Id: If7215961b0b9a7cad75afd7f78592515b74a7b58 --- .../openstack-support/051-libvirt-ssl.sh | 209 ++---------------- zuul.d/jobs.yaml | 3 - zuul.d/project.yaml | 4 +- 3 files changed, 24 insertions(+), 192 deletions(-) diff --git a/tools/deployment/openstack-support/051-libvirt-ssl.sh b/tools/deployment/openstack-support/051-libvirt-ssl.sh index a7234209f..bdc6e1373 100755 --- a/tools/deployment/openstack-support/051-libvirt-ssl.sh +++ b/tools/deployment/openstack-support/051-libvirt-ssl.sh @@ -15,7 +15,21 @@ set -xe : ${OSH_INFRA_EXTRA_HELM_ARGS_LIBVIRT:="$(./tools/deployment/common/get-values-overrides.sh libvirt)"} -# NOTE(Alex): Use static certs and key for test +CERT_DIR=$(mktemp -d) +cd ${CERT_DIR} +openssl req -x509 -new -nodes -days 1 -newkey rsa:2048 -keyout cacert.key -out cacert.pem -subj "/CN=libvirt.org" +openssl req -newkey rsa:2048 -days 1 -nodes -keyout client-key.pem -out client-req.pem -subj "/CN=libvirt.org" +openssl rsa -in client-key.pem -out client-key.pem +openssl x509 -req -in client-req.pem -days 1 \ + -CA cacert.pem -CAkey cacert.key -set_serial 01 \ + -out client-cert.pem +openssl req -newkey rsa:2048 -days 1 -nodes -keyout server-key.pem -out server-req.pem -subj "/CN=libvirt.org" +openssl rsa -in server-key.pem -out server-key.pem +openssl x509 -req -in server-req.pem -days 1 \ + -CA cacert.pem -CAkey cacert.key -set_serial 01 \ + -out server-cert.pem +cd - + cat <