add client cert generate in docker_client role, fix some nits

anandkumarpatel · anandkumarpatel · commit 2c8adc69f867 · 2015-10-12T16:32:00.000-07:00
diff --git a/.gitignore b/.gitignore
@@ -1 +1,4 @@
-node_modules
+node_modules
+ca-key.pem
+pass
+hellorunnable
diff --git a/ansible/beta-hosts/hosts b/ansible/beta-hosts/hosts
@@ -65,6 +65,9 @@ beta-services
 [registry]
 beta-registry
 
+[swarm]
+beta-services
+
 [docks]
 
 [beta:children]
@@ -86,6 +89,7 @@ optimus
 rabbitmq
 eru
 shiva
+swarm
 
 [targets]
 localhost ansible_connection=local bastion_name=beta-bastion
diff --git a/ansible/certs/scripts/genClientCert.sh b/ansible/certs/scripts/genClientCert.sh
@@ -32,3 +32,6 @@ openssl x509 \
   -extfile "$CLIENT-extfile.cnf"
 chmod 400 "$CLIENT-cert.pem"
 
+# cleanup files we do not need
+rm $CLIENT-extfile.cnf
+rm $CLIENT-client.csr
diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
@@ -47,14 +47,14 @@ docker_key_path: /etc/ssl/docker/key.pem
 docker_ca_path: /etc/ssl/docker/ca.pem
 
 # eru
-eru_api_host=api.{{ domain }}
+eru_api_host: api.{{ domain }}
 
 # rabbit
-rabbit_port=54321
+rabbit_port: 54321
 
 # shiva
-pg_database=shiva
-pg_user=shiva
+pg_database: shiva
+pg_user: shiva
 
 # swarm
-swarm_master_port=2375
+swarm_master_port: 2375
diff --git a/ansible/group_vars/alpha-swarm-manager.yml b/ansible/group_vars/alpha-swarm-manager.yml
@@ -3,6 +3,13 @@ name: "swarm"
 # container_kill_start settings
 container_image: swarm
 container_tag: 0.4.0
+
+# for redis
+redis_host: "{{ hostvars[groups['redis'][0]]['ansible_default_ipv4']['address'] }}"
+redis_key: "frontend:swarm.{{ domain }}"
+is_redis_update_required: 'yes'
+
+# container_kill_start vars
 container_run_opts: >
   -d
   -p {{ swarm_master_port }}:2375
@@ -16,6 +23,3 @@ container_run_args: >
   manage
   token://{{ discovery_token }}
 
-# for redis
-redis_key: "frontend:swarm.{{ domain }}"
-is_redis_update_required: 'yes'
diff --git a/ansible/prod-hosts/hosts b/ansible/prod-hosts/hosts
@@ -71,6 +71,9 @@ alpha-registry
 [shiva]
 alpha-api-old
 
+[swarm]
+alpha-api-old
+
 [docks]
 
 [alpha:children]
@@ -94,6 +97,7 @@ detention
 hubot
 eru
 shiva
+swarm
 
 [targets]
 localhost ansible_connection=local bastion_name=alpha-bastion
diff --git a/ansible/roles/docker_client/README.md b/ansible/roles/docker_client/README.md
@@ -0,0 +1,17 @@
+# Role Name
+
+Ansible Role to Install Docker Client Certs on Ubuntu
+
+## Manual Setup
+
+Creating new docker client certs:
+1. cd into this dir ```cd <roles/docker_client>```
+2. ensure you have ca-key.pem here `roles/docker_client/ca-key.pem`
+3. run cert generator `sudo ./scripts/genClientCert.sh`
+4. output files we want are `<name>-key.pem` and `<name>-cert.pem`
+5. create folder for these new certs based on app name ```mkdir <name>```
+6. move keys into folder ```mv ./<name>-key.pem ./<name>/key.pem && mv ./<name>-cert.pem ./<name>/cert.pem```
+
+## Author Information
+
+anandkumarpatel
diff --git a/ansible/roles/docker_client/files/certs/script/genClientCert.sh b/ansible/roles/docker_client/files/certs/script/genClientCert.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+if [[ $1 = '' ]]; then
+  echo 'script requires a client name'
+  exit 1
+fi
+CLIENT=$1
+
+# generate key for client
+openssl genrsa -out "$CLIENT-key.pem" 2048
+chmod 400 "$CLIENT-key.pem"
+
+# generate CSR for client
+openssl req \
+  -subj '/CN=client' \
+  -new \
+  -key "$CLIENT-key.pem" \
+  -out "$CLIENT-client.csr"
+chmod 400 "$CLIENT-client.csr"
+
+echo extendedKeyUsage = clientAuth > "$CLIENT-extfile.cnf"
+
+# generate cert for client
+openssl x509 \
+  -req \
+  -days 365 \
+  -in "$CLIENT-client.csr" \
+  -CA ca.pem \
+  -CAkey ca-key.pem \
+  -CAcreateserial \
+  -out "$CLIENT-cert.pem" \
+  -extfile "$CLIENT-extfile.cnf"
+chmod 400 "$CLIENT-cert.pem"
+
+# cleanup files we do not need
+rm $CLIENT-extfile.cnf
+rm $CLIENT-client.csr
diff --git a/ansible/roles/docker_client/files/certs/swarm/cert.pem b/ansible/roles/docker_client/files/certs/swarm/cert.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDPDCCAiSgAwIBAgIJAPP4C2aCETjaMA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5j
+aXNjbzERMA8GA1UEChMIUnVubmFibGUxDDAKBgNVBAsTA09wczESMBAGA1UEAxMJ
+bG9jYWxob3N0MR8wHQYJKoZIhvcNAQkBFhBvcHNAcnVubmFibGUuY29tMB4XDTE1
+MTAxMjIzMjA0N1oXDTE2MTAxMTIzMjA0N1owETEPMA0GA1UEAxMGY2xpZW50MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtB1XYLhTAKjMVdoDm9XKjWWS
+OjdjN5S5XHRBbhQXWS8zTVkJwmF1RTarHChb4wUCfg2Fnbg+deTxIVQHU+M4Kfia
+PmeTf1A8dfA5f+F0Jj7nCi0b9Trft8yzlqv49pgKD0dHuWNYp1WZDlv8QbzpSG9r
+rpJwJqqkaelCqI8R2qB5iA3VJbhyT6V6n43LYZZO7D2ct/0+K40QalA8ZWogGENh
+5T+ik3VvrWQ5t/i0FIcTfyxpfBnX5hsBD0jtzT5RdBZTy8xk/VS2jInjQN9Rw7uw
+ttqWMXRQPlAs0AG+eAGdkPvdniYt1Ro7DM8qg9jdkybzo2VQ99rpQwVEf7E3QwID
+AQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQUFAAOCAQEA
+A8QHccu1fSZrzopG17oxwYX6w2N9UqeJIblx2z9UIfCwc2ypwm6NIxdQzvp8CtIF
+ReU/KQzpl4HLEXOrWQmweNA07KlmyEuuBH8OoI3x1s56SiJiTe7fIdfE2uAZVI1N
+mcejNpgWRfrnecIwVLorm700pnD6pSdcOtuBKNl0P6edy/PgHj4i0buUAQni6PL+
+da2u6HtePOrApUgGrD9Ey6w77Pw/uOspP5HyVuXmBph5ArXIv+6x1zZz+jFnMh5M
+n3iZr5feeIYqCmolYyXQez9CKWdLNtZiO6KBXhAVrOGDcyTd7U5aqnaMEziHjSSh
+hNl160Mmr+fgY50K9bBAmw==
+-----END CERTIFICATE-----
diff --git a/ansible/roles/docker_client/files/certs/swarm/key.pem b/ansible/roles/docker_client/files/certs/swarm/key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAtB1XYLhTAKjMVdoDm9XKjWWSOjdjN5S5XHRBbhQXWS8zTVkJ
+wmF1RTarHChb4wUCfg2Fnbg+deTxIVQHU+M4KfiaPmeTf1A8dfA5f+F0Jj7nCi0b
+9Trft8yzlqv49pgKD0dHuWNYp1WZDlv8QbzpSG9rrpJwJqqkaelCqI8R2qB5iA3V
+JbhyT6V6n43LYZZO7D2ct/0+K40QalA8ZWogGENh5T+ik3VvrWQ5t/i0FIcTfyxp
+fBnX5hsBD0jtzT5RdBZTy8xk/VS2jInjQN9Rw7uwttqWMXRQPlAs0AG+eAGdkPvd
+niYt1Ro7DM8qg9jdkybzo2VQ99rpQwVEf7E3QwIDAQABAoIBAB9M3gtr3NjHfMMK
+oQfqzklmNlQxnedhzBiaB2jWyvvvrO2rJHwILbX6ex/oj5dTHozDUs4G36vjPlg5
+XxCf8vmwPzXLECHW0rr4JTXo+yNOWR42mp4yPgCV7Tuo5RoNb+oZzAgWkKh7wp5x
+M9REvRGec0siHaVKkEnrhG8AdezVHcZ/taPxZ84woxavKXQWxEGAHZe8OlCng1Sb
+Fi5UUzQY7bYnQg4Foseng4b7wB0Y3wUhaqtDB8fIUQGbh/J6WogAfalsDIT/oMEd
+m1V2pMz9PWHcjaGwMI9JAyTTcRVFP1d+xGxC7e5xbBv42EzzbnccaRNUZR2cBiFU
+hqa+5FECgYEA2QtZUMj6EL/1SMRFhMsx7gqYsv7090zWHquNjidi2HhMfuwWfy91
+m+SmYbA45Rr7h+HKTU0nsFL3eT3uZCYxQdVNxpdgtq/EmCAr/a0uwL3BSP9Bl1Oh
+LZnWgrChspKWufi43Iunp3/KPKaX4DN9N9xSep6eGlhjZu049ZzY2KkCgYEA1HEp
+wh3fRZXh145QBwl5QKopGl4/l/j+vST1MW+gKXj8INSXBxWxipy+8PJvHGRQrF1s
+i1fuBIk5UPk9XxoQNSw2ohDvRHQtMxBP3Eq/6bTmUvfF9m6QQhnL8jwtuHzGm3gd
+sV1+rYD02zCswNgVzKIyt9PbGKMsK1aGbMxJqAsCgYEAjJoMfwfi7uzbYgs7mb3k
+F3en2fTODlIpN28c4WTkZKTxsRsRq8y73IRvwELfaJNlNG5xlkgQGOp2RIV5JEmV
+iTc8DhVMYqxUp9PXi5sf+V4zky1AeV6EwDyzOLBh34OUvt7AKqcRsbFX+phVNLlG
+OeSxTZvpgdmWczvjtUCpPRkCgYAVDPmUUJ11KbrtPx7S869eJv5XrIskpfmoCGd7
+dJIsSd7B6g7lFtM25v1Mptk3uQD9c2x0Ckx9ipNxYKEiMVT1z+HCAWeUIubvrmgb
+bhTCNbi08/RbzOzif+fjou7s3wBXG3nlv1v0GVkp9xLHMSJH2rKn4IhPUqvnx3Ue
+hsetrQKBgQCE3AXmfUMuwXhjF5MQpEQdXuVx+1Fj44YudHphrcvapDXAIvvx6G2B
+wyxVJIHglK2feijsekH/i3kBHRDh0+0Y0zw+JTu4tjr3rLJv3BRofov0/LAdv53G
+ulXyb9uTQ73uqmnGzpCre9LzUvVq/iIbFZYESJlceF66n74XpQdXnA==
+-----END RSA PRIVATE KEY-----
diff --git a/ansible/swarm-manager.yml b/ansible/swarm-manager.yml
@@ -0,0 +1,11 @@
+---
+- hosts: redis
+
+- hosts: swarm
+  vars_files:
+    - "group_vars/alpha-swarm-manager.yml"
+  roles:
+  - { role: notify, tags: "notify" }
+  - { role: redis_key, tags: ["setup", "redis_key"] }
+  - { role: docker_client, tags: "docker_client" }
+  - { role: container_kill_start, tags: "deploy" }
diff --git a/ansible/swarm-master.yaml b/ansible/swarm-master.yaml
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "devops-scripts",
-  "version": "0.0.0",
+  "version": "0.0.1",
   "description": "devops-scripts ==============",
   "main": "index.js",
   "directories": {
