From fdc988252f685523b74ff8cb2c5c2f76c2d2019c Mon Sep 17 00:00:00 2001 From: Steve Sloka Date: Fri, 21 Jul 2017 08:40:51 -0400 Subject: [PATCH] Resolved issue where truststore.jks was not created correcting causing searchguard to break --- Makefile | 2 +- cmd/operator/main.go | 2 +- example/controller.yaml | 2 +- pkg/k8sutil/certs.go | 19 ++++++------------- 4 files changed, 9 insertions(+), 16 deletions(-) diff --git a/Makefile b/Makefile index d09cad458..b7a7fab21 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ .PHONY: all build container push clean test -TAG ?= 0.0.5 +TAG ?= 0.0.6 PREFIX ?= upmcenterprises all: container diff --git a/cmd/operator/main.go b/cmd/operator/main.go index 5e59fbfc9..230afded0 100644 --- a/cmd/operator/main.go +++ b/cmd/operator/main.go @@ -39,7 +39,7 @@ import ( ) var ( - appVersion = "0.0.1" + appVersion = "0.0.6" printVersion bool baseImage string diff --git a/example/controller.yaml b/example/controller.yaml index 397359ed6..9a8f6c328 100644 --- a/example/controller.yaml +++ b/example/controller.yaml @@ -49,7 +49,7 @@ spec: spec: containers: - name: operator - image: upmcenterprises/elasticsearch-operator:0.0.5 + image: upmcenterprises/elasticsearch-operator:0.0.6 imagePullPolicy: Always env: - name: NAMESPACE diff --git a/pkg/k8sutil/certs.go b/pkg/k8sutil/certs.go index 3de5882a1..e61ae61b6 100644 --- a/pkg/k8sutil/certs.go +++ b/pkg/k8sutil/certs.go @@ -165,7 +165,7 @@ func (k *K8sutil) GenerateCerts(configDir, certsDir, namespace, clusterName stri // Generate CA Cert logrus.Info("Creating ca cert...") - cmdCA1 := exec.Command("cfssl", "genkey", "-initca", fmt.Sprintf("%s/ca-csr.json", configDir)) + cmdCA1 := exec.Command("cfssl", "gencert", "-initca", fmt.Sprintf("%s/ca-csr.json", configDir)) cmdCA2 := exec.Command("cfssljson", "-bare", fmt.Sprintf("%s/ca", certsDir)) _, err := pipeCommands(cmdCA1, cmdCA2) if err != nil { @@ -174,30 +174,23 @@ func (k *K8sutil) GenerateCerts(configDir, certsDir, namespace, clusterName stri // Generate Node Cert logrus.Info("Creating node cert...") - cmdNode1 := exec.Command("cfssl", "gencert", "-ca", fmt.Sprintf("%s/ca.pem", certsDir), "-ca-key", fmt.Sprintf("%s/ca-key.pem", certsDir), "-config", fmt.Sprintf("%s/ca-config.json", configDir), fmt.Sprintf("%s/req-csr.json", configDir)) + cmdNode1 := exec.Command("cfssl", "gencert", "-ca", fmt.Sprintf("%s/ca.pem", certsDir), "-ca-key", fmt.Sprintf("%s/ca-key.pem", certsDir), "-config", fmt.Sprintf("%s/ca-config.json", configDir), "-profile=server", fmt.Sprintf("%s/req-csr.json", configDir)) cmdNode2 := exec.Command("cfssljson", "-bare", fmt.Sprintf("%s/node", certsDir)) _, err = pipeCommands(cmdNode1, cmdNode2) if err != nil { logrus.Error(err) } - logrus.Info("Converting ca to pkcs12...") - cmdConvertCA := exec.Command("openssl", "pkcs12", "-export", "-inkey", fmt.Sprintf("%s/ca-key.pem", certsDir), "-in", fmt.Sprintf("%s/ca.pem", certsDir), "-out", fmt.Sprintf("%s/ca.pkcs12", certsDir), "-password", "pass:changeit") - out, err := cmdConvertCA.Output() - if err != nil { - logrus.Error(string(out)) - } - logrus.Info("Converting node to pkcs12...") - cmdConvertNode := exec.Command("openssl", "pkcs12", "-export", "-inkey", fmt.Sprintf("%s/node-key.pem", certsDir), "-in", fmt.Sprintf("%s/node.pem", certsDir), "-out", fmt.Sprintf("%s/node.pkcs12", certsDir), "-password", "pass:changeit") - out, err = cmdConvertNode.Output() + cmdConvertNode := exec.Command("openssl", "pkcs12", "-export", "-inkey", fmt.Sprintf("%s/node-key.pem", certsDir), "-in", fmt.Sprintf("%s/node.pem", certsDir), "-out", fmt.Sprintf("%s/node.pkcs12", certsDir), "-password", "pass:changeit", "-certfile", fmt.Sprintf("%s/ca.pem", certsDir)) + out, err := cmdConvertNode.Output() if err != nil { logrus.Error(string(out)) } logrus.Info("Converting ca cert to jks...") - cmdCAJKS := exec.Command("keytool", "-importkeystore", "-srckeystore", fmt.Sprintf("%s/ca.pkcs12", certsDir), "-srcalias", "1", "-destkeystore", fmt.Sprintf("%s/truststore.jks", certsDir), - "-storepass", "changeit", "-srcstoretype", "pkcs12", "-srcstorepass", "changeit", "-destalias", "elasticsearch-ca") + cmdCAJKS := exec.Command("keytool", "-import", "-file", fmt.Sprintf("%s/ca.pem", certsDir), "-alias", "root-ca", "-keystore", fmt.Sprintf("%s/truststore.jks", certsDir), + "-storepass", "changeit", "-srcstoretype", "pkcs12", "-noprompt") out, err = cmdCAJKS.Output() if err != nil { logrus.Error(string(out))