Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Install on clean SmartOS (latest, 20170119T014200Z)
- imgadm sources -a https://datasets.project-fifo.net
- imgadm import 504ff128-d990-4fed-8349-dc8a4ba611ad
- echo '{
- "autoboot": true,
- "brand": "joyent",
- "image_uuid": "504ff128-d990-4fed-8349-dc8a4ba611ad",
- "delegate_dataset": true,
- "alias": "fifo",
- "resolvers": [
- "8.8.8.8",
- "8.8.4.4"
- ],
- "nics": [
- {
- "interface": "net0",
- "nic_tag": "admin",
- "ip": "dhcp"
- }
- ]
- }' | vmadm create
- sleep 60
- zlogin <fifo>
- # Setup based on documentation, incl. fifo_ca.sh gist for setting up Docker SSL
- zfs set mountpoint=/data zones/$(sysinfo | json UUID)/data
- pkgin -fy up
- # Update to latest 0.9 packages for this test
- pkgin -y ug
- pkgin -y in 'fifo-kennel'
- # Fix pre-data Kennel
- ln -s /data/kennel/db /var/db/kennel
- # Create basic config
- fifo-config
- # Setup CA and certificates
- export CERTDIR="/data/fifo"
- export DAYS=$((365 * 5))
- export SUBJECT=$(echo -n "
- C=NL
- ST=Somewhere
- O=Company
- localityName=City
- commonName=fifo
- organizationalUnitName=Team
- " | tr "\n" "/")
- export SAN="subjectAltName=IP:$(ifconfig net0 | grep inet | awk '{print $2}')"
- rm -f "$CERTDIR"/*
- # Create a CA
- openssl req -x509 -newkey rsa:4096 -nodes -sha256 -days $DAYS -subj "$SUBJECT" -config <(cat "$(openssl version -d | cut -d '"' -f2)/openssl.cnf" && echo -e "[v3_ca]\n$SAN") -keyout "$CERTDIR/ca-privatekey.pem" -out "$CERTDIR/ca-cert.pem"
- # CSR for server certificates
- openssl req -newkey rsa:4096 -nodes -sha256 -subj "$SUBJECT" -reqexts SAN -config <(cat "$(openssl version -d | cut -d '"' -f2)/openssl.cnf" && echo -e "[SAN]\n$SAN") -keyout "$CERTDIR/privatekey.pem" -out "$CERTDIR/cert.csr"
- # Create signed cert from CSR
- openssl x509 -req -sha256 -days $DAYS -extfile <(echo "$SAN") -CA "$CERTDIR/ca-cert.pem" -CAkey "$CERTDIR/ca-privatekey.pem" -CAcreateserial -in "$CERTDIR/cert.csr" -out "$CERTDIR/cert.pem"
- # Delete no longer needed CSR file
- rm -f "$CERTDIR/cert.csr"
- # Refer all config files to the correct certificates
- sed -i '' "s,^[\t ]*\(ssl\.certfile[\t ]*=[\t ]*\).*\$,\\1$CERTDIR\/cert.pem," /data/*/etc/*.conf
- sed -i '' "s,^[\t ]*\(ssl\.keyfile[\t ]*=[\t ]*\).*\$,\\1$CERTDIR\/privatekey.pem," /data/*/etc/*.conf
- sed -i '' "s,^[\t ]*\(ssl\.ca_cert[\t ]*=[\t ]*\).*\$,\\1$CERTDIR\/ca-cert.pem," /data/*/etc/*.conf
- sed -i '' "s,^[\t ]*\(ssl\.cacertfile[\t ]*=[\t ]*\).*\$,\\1$CERTDIR\/ca-cert.pem," /data/*/etc/*.conf
- sed -i '' "s,^[\t ]*\(ssl\.ca_key[\t ]*=[\t ]*\).*\$,\\1$CERTDIR\/ca-privatekey.pem," /data/*/etc/*.conf
- # Now since Kennel and Howl run on the same zone, we change the Kennel HTTPS port
- sed -i '' "s,^[\t #]*\(https_port[\t ]*=[\t ]\).*,\\18443," /data/kennel/etc/kennel.conf
- # Enable all services
- svcadm enable epmd
- sleep 10
- svcadm enable snarl
- sleep 10
- svcadm enable howl
- sleep 10
- svcadm enable sniffle
- sleep 10
- svcadm enable kennel
- # Give services time to finish starting before initializing
- sleep 60
- snarl-admin init default Company Team root qwerty
- sleep 10
- sniffle-admin config set storage.s3.host no_s3
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement