From 092b388768cca3f51e4191a183842287e5947fd0 Mon Sep 17 00:00:00 2001 From: Arvind Patel Date: Tue, 28 Jul 2020 15:45:30 +0530 Subject: [PATCH] Removed extra space and code changes done Change-Id: I3a7d94807a802712c55bf587d9c253ffb3ff2a28 --- .../files/deploy/applcm-broker-deployment.yaml | 6 ++-- .../roles/applcm/files/deploy/applcmScript.sh | 16 ++++----- .../roles/mepserver/files/deploy/kongScript.sh | 20 +++++------ .../roles/mepserver/files/deploy/mepScript.sh | 18 +++++----- .../roles/mepserver/tasks/install-ssl.yml | 42 ++++++++++++++++------ 5 files changed, 62 insertions(+), 40 deletions(-) diff --git a/ocd/infra/playbooks/roles/applcm/files/deploy/applcm-broker-deployment.yaml b/ocd/infra/playbooks/roles/applcm/files/deploy/applcm-broker-deployment.yaml index 7d7bb00..9d889a4 100644 --- a/ocd/infra/playbooks/roles/applcm/files/deploy/applcm-broker-deployment.yaml +++ b/ocd/infra/playbooks/roles/applcm/files/deploy/applcm-broker-deployment.yaml @@ -64,8 +64,8 @@ spec: value: /Artifacts/Deployment/ - name: PACKAGE_PATH value: /go/release/application/packages/ - - name: APLCM_SSL_MODE - value: false + - name: HTTPS_FLAG + value: "false" - name: CERTIFICATE_PATH value: /go/release/certificates/server.cer - name: KEY_PATH @@ -78,7 +78,7 @@ spec: resources: {} #volumeMounts: #- mountPath: /go/release/certificates/ - # name: server-cert + #name: server-cert restartPolicy: Always serviceAccountName: "" #volumes: diff --git a/ocd/infra/playbooks/roles/applcm/files/deploy/applcmScript.sh b/ocd/infra/playbooks/roles/applcm/files/deploy/applcmScript.sh index feab49b..16fc242 100755 --- a/ocd/infra/playbooks/roles/applcm/files/deploy/applcmScript.sh +++ b/ocd/infra/playbooks/roles/applcm/files/deploy/applcmScript.sh @@ -13,11 +13,11 @@ # limitations under the License. #Server is running on https port -sed -i 's/value: false/value: true/g' applcm-broker-deployment.yaml -sed -i 's/#volumeMounts/ volumeMounts/g' applcm-broker-deployment.yaml -sed -i 's/#- mountPath/ - mountPath/g' applcm-broker-deployment.yaml -sed -i 's/#name/ name/g' applcm-broker-deployment.yaml -sed -i 's/#volumes/ volumes/g' applcm-broker-deployment.yaml -sed -i 's/#- name/ - name/g' applcm-broker-deployment.yaml -sed -i 's/#secret/ secret/g' applcm-broker-deployment.yaml -sed -i 's/#secretName/ secretName/g' applcm-broker-deployment.yaml +sed -i 's/value: \"false\"/value: \"true"/g' applcm-broker-deployment-ssl.yaml +sed -i 's/#volumeMounts/volumeMounts/g' applcm-broker-deployment-ssl.yaml +sed -i 's/#- mountPath/ - mountPath/g' applcm-broker-deployment-ssl.yaml +sed -i 's/#name/ name/g' applcm-broker-deployment-ssl.yaml +sed -i 's/#volumes/volumes/g' applcm-broker-deployment-ssl.yaml +sed -i 's/#- name/ - name/g' applcm-broker-deployment-ssl.yaml +sed -i 's/#secret/ secret/g' applcm-broker-deployment-ssl.yaml +sed -i 's/#secretName/ secretName/g' applcm-broker-deployment-ssl.yaml diff --git a/ocd/infra/playbooks/roles/mepserver/files/deploy/kongScript.sh b/ocd/infra/playbooks/roles/mepserver/files/deploy/kongScript.sh index 21cfcb8..6abc050 100755 --- a/ocd/infra/playbooks/roles/mepserver/files/deploy/kongScript.sh +++ b/ocd/infra/playbooks/roles/mepserver/files/deploy/kongScript.sh @@ -13,15 +13,15 @@ # limitations under the License. #Server is running on https port -sed -i 's/#- name/ - name/g' kong-k8s.yaml -sed -i 's/#value/ value/g' kong-k8s.yaml +sed -i 's/#- name/- name/g' kong-k8s-ssl.yaml +sed -i 's/#value/value/g' kong-k8s-ssl.yaml -sed -i 's/#volumeMounts/ volumeMounts/g' kong-k8s.yaml -sed -i 's/#- name/ - name/g' kong-k8s.yaml -sed -i 's/#mountPath/ mountPath/g' kong-k8s.yaml -sed -i 's/#readOnly/ readOnly/g' kong-k8s.yaml -sed -i 's/#volumes/ volumes/g' kong-k8s.yaml -sed -i 's/#- name/ - name/g' kong-k8s.yaml -sed -i 's/#secret/ secret/g' kong-k8s.yaml -sed -i 's/#secretName/ secretName/g' kong-k8s.yaml +sed -i 's/#volumeMounts/volumeMounts/g' kong-k8s-ssl.yaml +sed -i 's/#- name/- name/g' kong-k8s-ssl.yaml +sed -i 's/#mountPath/mountPath/g' kong-k8s-ssl.yaml +sed -i 's/#readOnly/readOnly/g' kong-k8s-ssl.yaml +sed -i 's/#volumes/volumes/g' kong-k8s-ssl.yaml +sed -i 's/#- name/- name/g' kong-k8s-ssl.yaml +sed -i 's/#secret/secret/g' kong-k8s-ssl.yaml +sed -i 's/#secretName/secretName/g' kong-k8s-ssl.yaml diff --git a/ocd/infra/playbooks/roles/mepserver/files/deploy/mepScript.sh b/ocd/infra/playbooks/roles/mepserver/files/deploy/mepScript.sh index 567fff7..8610d24 100755 --- a/ocd/infra/playbooks/roles/mepserver/files/deploy/mepScript.sh +++ b/ocd/infra/playbooks/roles/mepserver/files/deploy/mepScript.sh @@ -13,12 +13,12 @@ # limitations under the License. #- name: Server is running on http port" -sed -i 's/value: \"0\"/value: \"1"/g' mep-k8s.yaml -sed -i 's/#volumeMounts/ volumeMounts/g' mep-k8s.yaml -sed -i 's/#- name/ - name/g' mep-k8s.yaml -sed -i 's/#mountPath/ mountPath/g' mep-k8s.yaml -sed -i 's/#readOnly/ readOnly/g' mep-k8s.yaml -sed -i 's/#volumes/ volumes/g' mep-k8s.yaml -sed -i 's/#- name/ - name/g' mep-k8s.yaml -sed -i 's/#secret/ secret/g' mep-k8s.yaml -sed -i 's/#secretName/ secretName/g' mep-k8s.yaml +sed -i 's/value: \"0\"/value: \"1"/g' mep-k8s-ssl.yaml +sed -i 's/#volumeMounts/volumeMounts/g' mep-k8s-ssl.yaml +sed -i 's/#- name/- name/g' mep-k8s-ssl.yaml +sed -i 's/#mountPath/mountPath/g' mep-k8s-ssl.yaml +sed -i 's/#readOnly/readOnly/g' mep-k8s-ssl.yaml +sed -i 's/#volumes/volumes/g' mep-k8s-ssl.yaml +sed -i 's/#- name/- name/g' mep-k8s-ssl.yaml +sed -i 's/#secret/secret/g' mep-k8s-ssl.yaml +sed -i 's/#secretName/secretName/g' mep-k8s-ssl.yaml diff --git a/ocd/infra/playbooks/roles/mepserver/tasks/install-ssl.yml b/ocd/infra/playbooks/roles/mepserver/tasks/install-ssl.yml index 5a281a7..c4c9419 100644 --- a/ocd/infra/playbooks/roles/mepserver/tasks/install-ssl.yml +++ b/ocd/infra/playbooks/roles/mepserver/tasks/install-ssl.yml @@ -30,7 +30,7 @@ - name: modifying configuration to support https shell: - cmd: cp mep-k8s.yaml kong-k8s-ssl.yaml + cmd: cp kong-k8s.yaml kong-k8s-ssl.yaml chdir: /tmp/mepserver/deploy/ - name: modify configuraiton to support https @@ -43,6 +43,37 @@ cmd: chmod +x kongScript.sh && ./kongScript.sh chdir: /tmp/mepserver/deploy/ +- name: Generate Certificates + shell: +# yamllint disable rule:line-length + cmd: openssl genrsa -out ca.key 2048 + chdir: /tmp/mepserver/deploy/ + +- name: Generate Certificate - Step 2 + shell: + cmd: openssl req -new -key ca.key -subj /C=CN/ST=Peking/L=Beijing/O=ealtedge/CN=www.ealtedge.org -out ca.csr + chdir: /tmp/mepserver/deploy/ + +- name: Generate Root Certificate + shell: + cmd: openssl x509 -req -days 365 -in ca.csr -extensions v3_req -signkey ca.key -out trust.cer + chdir: /tmp/mepserver/deploy/ + +- name: Generate TLS certificate and TLS Key + shell: + cmd: openssl genrsa -out server_key.pem 2048 + chdir: /tmp/mepserver/deploy/ + +- name: Generate TLS Certificate and TLS Key + shell: + cmd: openssl req -new -key server_key.pem -subj /C=CN/ST=Beijing/L=Beijing/O=ealtedge/CN=www.ealtedge.org -out tls.csr + chdir: /tmp/mepserver/deploy/ + +- name: Generate TLS Certificate and TLS Key + shell: + cmd: openssl x509 -req -in tls.csr -extensions v3_req -CA trust.cer -CAkey ca.key -CAcreateserial -out server.cer + chdir: /tmp/mepserver/deploy/ + - name: Create mepssl-secret shell: # yamllint disable rule:line-length @@ -68,12 +99,3 @@ - name: Apply postgres-k8s.yaml shell: cmd: kubectl apply -f /tmp/mepserver/deploy/postgres-k8s.yaml - -- name: -----Configuring Kong API Gateway----- - shell: - cmd: sleep 30 - -- name: Configuring Kong API Gateway - shell: - cmd: chmod +x kongconfig.sh && ./kongconfig.sh - chdir: /tmp/mepserver/deploy/ -- 2.16.6