xCAT/xcat-core
2
0
Fork 0
mirror of https://github.com/xcat2/xcat-core.git synced 2025-10-27 09:25:48 +00:00
Code Issues Releases Wiki Activity

enhance the xcatdockerhost certification transmitting process

Browse Source
This commit is contained in:
zhaoertao
2015-07-06 02:34:43 -04:00
parent c8497e2ff2
commit f320262f7c
3 changed files with 41 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
xCAT-server/lib/xcat/plugins/credentials.pm
View File

@@ -297,6 +297,15 @@ sub process_request
unlink "/tmp/xcat/client.cert.$$";
my $certcontents = join('',@certdata);
push @{$rsp->{'data'}},{content=>[$certcontents],desc=>[$parm]};
} elsif ($parm =~ /xcat_dockerhost_cert/) {
`logger -t xcat -p local4.info "credentials: sending $parm"` ;
unless (-r "/etc/xcatdockerca/cert/dockerhost-cert.pem") {
push @{$rsp->{'error'}},"Unable to read /etc/xcatdockerca/cert/dockerhost-cert.pem ";
`logger -t xcat -p local4.info "credentials: Unable to read /etc/xcatdockerca/cert/dockerhost-cert.pem"` ;
next;
}
$tfilename = "/etc/xcatdockerca/cert/dockerhost-cert.pem";
} else {
next;
}

15
xCAT-server/share/xcat/scripts/setup-dockerhost-cert.sh
View File

@@ -45,12 +45,14 @@ if [ ! -e $XCATDOCKERCADIR/openssl.cnf ]; then
fi
sed -i "s@^dir.*=.*/etc/xcat/ca@dir = $XCATDOCKERCADIR@g" $XCATDOCKERCADIR/openssl.cnf
if [ ! -e $XCATDOCKERCADIR/index ]; then
touch $XCATDOCKERCADIR/index
fi
if [ ! -e $XCATDOCKERCADIR/serial ]; then
echo "00" > $XCATDOCKERCADIR/serial
if [ -e $XCATDOCKERCADIR/index ]; then
rm -f $XCATDOCKERCADIR/index*
fi
touch $XCATDOCKERCADIR/index
echo "00" > $XCATDOCKERCADIR/serial
if [ ! -e $XCATDOCKERCADIR/certs ]; then
mkdir -p $XCATDOCKERCADIR/certs
fi
@@ -73,8 +75,7 @@ if [ -f $CNA\.cert ]; then
rm $CNA\.csr
fi
cp ca-cert.pem $XCATDOCKERDIR/cert/
mv $CNA\.cert $XCATDOCKERDIR/cert/dockerhost-cert.pem
mv dockerhost-key.pem $XCATDOCKERDIR/cert/
cat dockerhost-key.pem >> $XCATDOCKERDIR/cert/dockerhost-cert.pem
cd -

32
xCAT/postscripts/setupdockerhost
View File

@@ -12,6 +12,7 @@
#
#=cut
#-------------------------------------------------------------------------------
set -x
if [ "$(uname -s|tr 'A-Z' 'a-z')" = "linux" ];then
str_dir_name=`dirname $0`
. $str_dir_name/xcatlib.sh
@@ -67,6 +68,7 @@ else
sed -i "s@\ \{2,\}@@g" $docker_conf_file
sed -i "s@^\(DOCKER_OPTS\=\"[^\"]*\)@\1 -b=$dockerbr\"@" $docker_conf_file
sed -i "s/\"+$/\"/" $docker_conf_file
sed -i "s/\"\{2,\}/\"/" $docker_conf_file
fi
#Restart docker service
@@ -88,14 +90,28 @@ if [ ! -d /root/.docker ]; then
fi
HOST_CA_PEM="/root/.docker/ca-cert.pem"
HOST_KEY_PEM="/root/.docker/dockerhost-key.pem"
HOST_CERT_PEM="/root/.docker/dockerhost-cert.pem"
scp $master:/etc/xcatdockerca/cert/dockerhost-cert.pem $HOST_CERT_PEM
scp $master:/etc/xcatdockerca/cert/dockerhost-key.pem $HOST_KEY_PEM
scp $master:/etc/xcatdockerca/cert/ca-cert.pem $HOST_CA_PEM
allowcred.awk &
CREDPID=$!
sleep 1
if [ ! -e $HOST_CA_PEM -o ! -e $HOST_KEY_PEM -o ! -e $HOST_CERT_PEM ];then
getcredentials.awk xcat_dockerhost_cert | grep -E -v '</{0,1}xcatresponse>|</{0,1}serverdone>' | sed -e 's/&lt;/</' -e 's/&gt;/>/' -e 's/&amp;/&/' -e 's/&quot/"/' -e "s/&apos;/'/" > /tmp/xcat_dockerhost_cert
kill -9 $CREDPID
grep -E '<error>' /tmp/xcat_dockerhost_cert
if [ $? -ne 0 ]; then
cat /tmp/xcat_dockerhost_cert |
cat /tmp/xcat_dockerhost_cert | grep -E -v '</{0,1}errorcode>|/{0,1}data>|</{0,1}content>|</{0,1}desc>' >$HOST_CERT_PEM
else
echo "Can not get dockerhost certificate files"
exit 1
fi
cp /xcatpost/ca/ca-cert.pem $HOST_CA_PEM
if [ ! -e $HOST_CA_PEM -o ! -e $HOST_CERT_PEM ];then
echo "Can not get dockerhost certificate files"
exit 1
fi
@@ -106,7 +122,7 @@ if [ ! -f "$docker_conf_file" ]; then
exit 1
fi
if ! grep "^DOCKER_OPTS" $docker_conf_file > /dev/null 2>&1 ; then
echo "DOCKER_OPTS=\"-H tcp://`hostname`:2375 --tls --tlscacert=$HOST_CA_PEM --tlscert=$HOST_CERT_PEM --tlskey=$HOST_KEY_PEM --tlsverify=true\"" >> $docker_conf_file
echo "DOCKER_OPTS=\"-H tcp://`hostname`:2375 --tls --tlscacert=$HOST_CA_PEM --tlscert=$HOST_CERT_PEM --tlskey=$HOST_CERT_PEM --tlsverify=true\"" >> $docker_conf_file
else
if grep "^DOCKER_OPTS.*tlsverify" $docker_conf_file > /dev/null 2>&1; then
sed -i "s@-H [^ |^\"]*@@g" $docker_conf_file
@@ -117,8 +133,8 @@ else
sed -i "s@--tls@@g" $docker_conf_file
sed -i "s@\ \{2,\}@@g" $docker_conf_file
fi
sed -i "s@^\(DOCKER_OPTS\=\"[^\"]*\)@\1 -H tcp://`hostname`:2375 --tls --tlscacert=$HOST_CA_PEM --tlscert=$HOST_CERT_PEM --tlskey=$HOST_KEY_PEM --tlsverify=true\"@" $docker_conf_file
sed -i 's/\"\{2,\}/"/' $docker_conf_file
sed -i "s@^\(DOCKER_OPTS\=\"[^\"]*\)@\1 -H tcp://`hostname`:2375 --tls --tlscacert=$HOST_CA_PEM --tlscert=$HOST_CERT_PEM --tlskey=$HOST_CERT_PEM --tlsverify=true\"@" $docker_conf_file
sed -i 's/\"\{2,\}/\"/' $docker_conf_file
fi
#Restart docker service