This is an automated email from the ASF dual-hosted git repository. omartushevskyi pushed a commit to branch DLAB-1158 in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
The following commit(s) were added to refs/heads/DLAB-1158 by this push: new 65efdef fixed issue with getting step token 65efdef is described below commit 65efdef916a22f6e0319f2c9c6afc84d17744a9d Author: Oleh Martushevskyi <oleh_martushevs...@epam.com> AuthorDate: Mon Nov 4 14:38:54 2019 +0200 fixed issue with getting step token --- infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py | 8 ++++---- infrastructure-provisioning/src/general/lib/os/redhat/edge_lib.py | 8 ++++---- infrastructure-provisioning/src/ssn/scripts/configure_ssn_node.py | 5 +++-- infrastructure-provisioning/terraform/bin/deploy/endpoint_fab.py | 7 ++++--- 4 files changed, 15 insertions(+), 13 deletions(-) diff --git a/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py b/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py index 61c76f7..d3a272d 100644 --- a/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py +++ b/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py @@ -76,10 +76,10 @@ def install_nginx_ldap(edge_ip, nginx_version, ldap_ip, ldap_dn, ldap_ou, ldap_s os.environ['conf_stepcerts_kid_password'], user)) sans = "--san localhost --san 127.0.0.1 --san {0}".format(step_cert_sans) cn = edge_ip - token = sudo('step ca token {3} --kid {0} --ca-url "{1}" --root /home/{2}/keys/root_ca.crt ' - '--password-file /home/{2}/keys/provisioner_password {4} '.format( - os.environ['conf_stepcerts_kid'], os.environ['conf_stepcerts_ca_url'], - user, cn, sans)) + sudo('step ca token {3} --kid {0} --ca-url "{1}" --root /home/{2}/keys/root_ca.crt ' + '--password-file /home/{2}/keys/provisioner_password {4} --output-file /tmp/step_token'.format( + os.environ['conf_stepcerts_kid'], os.environ['conf_stepcerts_ca_url'], user, cn, sans)) + token = sudo('cat /tmp/step_token') sudo('step ca certificate "{0}" /home/{2}/keys/dlab.crt /home/{2}/keys/dlab.key ' '--token "{1}" --kty=RSA --size 2048 --provisioner {3} '.format(cn, token, user, os.environ['conf_stepcerts_kid'])) diff --git a/infrastructure-provisioning/src/general/lib/os/redhat/edge_lib.py b/infrastructure-provisioning/src/general/lib/os/redhat/edge_lib.py index d71b921..f9fc26e 100644 --- a/infrastructure-provisioning/src/general/lib/os/redhat/edge_lib.py +++ b/infrastructure-provisioning/src/general/lib/os/redhat/edge_lib.py @@ -82,10 +82,10 @@ def install_nginx_ldap(edge_ip, nginx_version, ldap_ip, ldap_dn, ldap_ou, ldap_s os.environ['conf_stepcerts_kid_password'], user)) sans = "--san localhost --san 127.0.0.1 --san {0}".format(step_cert_sans) cn = edge_ip - token = sudo('step ca token {3} --kid {0} --ca-url "{1}" --root /home/{2}/keys/root_ca.crt ' - '--password-file /home/{2}/keys/provisioner_password {4} '.format( - os.environ['conf_stepcerts_kid'], os.environ['conf_stepcerts_ca_url'], - user, cn, sans)) + sudo('step ca token {3} --kid {0} --ca-url "{1}" --root /home/{2}/keys/root_ca.crt ' + '--password-file /home/{2}/keys/provisioner_password {4} --output-file /tmp/step_token'.format( + os.environ['conf_stepcerts_kid'], os.environ['conf_stepcerts_ca_url'], user, cn, sans)) + token = sudo('cat /tmp/step_token') sudo('step ca certificate "{0}" /home/{2}/keys/dlab.crt /home/{2}/keys/dlab.key ' '--token "{1}" --kty=RSA --size 2048 --provisioner {3} '.format(cn, token, user, os.environ['conf_stepcerts_kid'])) diff --git a/infrastructure-provisioning/src/ssn/scripts/configure_ssn_node.py b/infrastructure-provisioning/src/ssn/scripts/configure_ssn_node.py index 397e487..9960ee0 100644 --- a/infrastructure-provisioning/src/ssn/scripts/configure_ssn_node.py +++ b/infrastructure-provisioning/src/ssn/scripts/configure_ssn_node.py @@ -143,10 +143,11 @@ def configure_ssl_certs(hostname, custom_ssl_cert): os.environ['conf_stepcerts_kid_password'], args.os_user)) sans = "--san localhost --san 127.0.0.1 {0}".format(args.step_cert_sans) cn = hostname - token = sudo('step ca token {3} --kid {0} --ca-url "{1}" --root /home/{2}/keys/root_ca.crt ' - '--password-file /home/{2}/keys/provisioner_password {4} '.format( + sudo('step ca token {3} --kid {0} --ca-url "{1}" --root /home/{2}/keys/root_ca.crt ' + '--password-file /home/{2}/keys/provisioner_password {4} --output-file /tmp/step_token'.format( os.environ['conf_stepcerts_kid'], os.environ['conf_stepcerts_ca_url'], args.os_user, cn, sans)) + token = sudo('cat /tmp/step_token') sudo('step ca certificate "{0}" /home/{2}/keys/dlab.crt /home/{2}/keys/dlab.key ' '--token "{1}" --kty=RSA --size 2048 --provisioner {3} '.format(cn, token, args.os_user, os.environ['conf_stepcerts_kid'])) diff --git a/infrastructure-provisioning/terraform/bin/deploy/endpoint_fab.py b/infrastructure-provisioning/terraform/bin/deploy/endpoint_fab.py index 02e39c4..d4cd1da 100644 --- a/infrastructure-provisioning/terraform/bin/deploy/endpoint_fab.py +++ b/infrastructure-provisioning/terraform/bin/deploy/endpoint_fab.py @@ -123,9 +123,10 @@ def ensure_step_certs(): if public_ip_address: sans += "--san {0}".format(public_ip_address) cn = public_ip_address - token = conn.sudo('step ca token {3} --kid {0} --ca-url "{1}" --root /home/{2}/keys/root_ca.crt ' - '--password-file /home/{2}/keys/provisioner_password {4} '.format( - args.step_kid, args.step_ca_url, args.os_user, cn, sans)).stdout.replace('\n', '') + conn.sudo('step ca token {3} --kid {0} --ca-url "{1}" --root /home/{2}/keys/root_ca.crt ' + '--password-file /home/{2}/keys/provisioner_password {4} --output-file /tmp/step_token'.format( + args.step_kid, args.step_ca_url, args.os_user, cn, sans)) + token = conn.sudo('cat /tmp/step_token').stdout.replace('\n', '') conn.sudo('step ca certificate "{0}" /home/{2}/keys/endpoint.crt /home/{2}/keys/endpoint.key ' '--token "{1}" --kty=RSA --size 2048 --provisioner {3} '.format(cn, token, args.os_user, args.step_kid)) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@dlab.apache.org For additional commands, e-mail: commits-h...@dlab.apache.org