Skip to content

Commit

Permalink
CI Localenv -> Rename insecure-development-ca.{pem,key} to opendut-ca…
Browse files Browse the repository at this point in the history 
….{pem,key}.
  • Loading branch information
@mbfm
mbfm committed Jan 28, 2025
1 parent 3c9228e commit 1d137ed
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 11 deletions.
2 changes: 1 addition & 1 deletion .ci/deploy/localenv/ansible/playbook-edge.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@
- name: Fetch certificate from CARL
delegate_to: "{{ backend }}"
ansible.builtin.fetch:
src: "{{ hostvars[backend]['repo_dir'] }}/.ci/deploy/localenv/data/secrets/pki/insecure-development-ca.pem"
src: "{{ hostvars[backend]['repo_dir'] }}/.ci/deploy/localenv/data/secrets/pki/opendut-ca.pem"
dest: "{{ ca_cert_download }}"
flat: true

Expand Down
2 changes: 1 addition & 1 deletion .ci/deploy/localenv/data/provision/pki/generate-ca.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ PKI_ROOT_DIR="/provision/store"
OPENDUT_PASSWORD_FILE="/provision/.env-pki"
mkdir -p "$PKI_ROOT_DIR"

CA_PATH="$PKI_ROOT_DIR/insecure-development-ca"
CA_PATH="$PKI_ROOT_DIR/opendut-ca"
if [ ! -e "$OPENDUT_PASSWORD_FILE" ]; then
echo "Password file $OPENDUT_PASSWORD_FILE missing. You may override the environment variable OPENDUT_PASSWORD_FILE."
echo "Generate a password file with 'pwgen -s 50 1 > $OPENDUT_PASSWORD_FILE' or 'openssl rand -base64 50 > $OPENDUT_PASSWORD_FILE"
Expand Down
2 changes: 1 addition & 1 deletion .ci/deploy/localenv/data/provision/pki/generate-certificate.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ set -x

PKI_ROOT_DIR="/provision/store"
OPENDUT_PASSWORD_FILE="/provision/.env-pki"
CA_PATH="$PKI_ROOT_DIR/insecure-development-ca"
CA_PATH="$PKI_ROOT_DIR/opendut-ca"
SERVERNAME="$1"
CERT_PATH="$PKI_ROOT_DIR/$SERVERNAME"
mkdir -p "$PKI_ROOT_DIR/deploy"
Expand Down
16 changes: 8 additions & 8 deletions .ci/deploy/localenv/docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ services:
- "--accesslog"
- "--accesslog.format=json"
environment:
- "LEGO_CA_CERTIFICATES=/pki/insecure-development-ca.pem"
- "LEGO_CA_CERTIFICATES=/pki/opendut-ca.pem"
ports:
- "127.0.0.1:8080:8080"
- "80:80"
Expand Down Expand Up @@ -237,7 +237,7 @@ services:
condition: service_completed_successfully
volumes:
- ./data/secrets/pki/:/pki/:ro
- ./data/secrets/pki/insecure-development-ca.pem:/usr/local/share/ca-certificates/insecure-development-ca.crt:ro
- ./data/secrets/pki/opendut-ca.pem:/usr/local/share/ca-certificates/opendut-ca.crt:ro
- ./data/netbird/config/:/config/:ro
- netbird-mgmt-data:/var/lib/netbird
- netbird-mgmt-config:/etc/netbird/
Expand All @@ -246,9 +246,9 @@ services:
- KEYCLOAK_ADMIN=admin
- KEYCLOAK_ADMIN_PASSWORD
# CURL
- CURL_CA_BUNDLE=/usr/local/share/ca-certificates/insecure-development-ca.crt
- CURL_CA_BUNDLE=/usr/local/share/ca-certificates/opendut-ca.crt
# Netbird management is GO, GO uses SSL_CERT_FILE environment variable, see https://go.dev/src/crypto/x509/root_unix.go
- SSL_CERT_FILE=/usr/local/share/ca-certificates/insecure-development-ca.crt
- SSL_CERT_FILE=/usr/local/share/ca-certificates/opendut-ca.crt
- KEYCLOAK_URL=https://auth.opendut.local
- NETBIRD_MANAGEMENT_URL=https://netbird-api.opendut.local
- NETBIRD_MANAGEMENT_DOMAIN=netbird.opendut.local
Expand Down Expand Up @@ -358,7 +358,7 @@ services:
- "./data/carl/entrypoint.sh:/opt/entrypoint.sh"
- "./data/carl/carl_functions.sh:/opt/carl_functions.sh"
# CERTIFICATES
- "./data/secrets/pki/insecure-development-ca.pem:/etc/opendut/tls/ca.pem"
- "./data/secrets/pki/opendut-ca.pem:/etc/opendut/tls/ca.pem"
- "./data/secrets/pki/deploy/carl.opendut.local.pem:/etc/opendut/tls/carl.pem"
- "./data/secrets/pki/deploy/carl.opendut.local.key:/etc/opendut/tls/carl.key"
- carl-config:/opt/opendut-carl/config/
Expand Down Expand Up @@ -436,7 +436,7 @@ services:
- OPENDUT_CLEO_NETWORK_TLS_CA=/etc/opendut/tls/ca.pem
- SSL_CERT_FILE=/etc/opendut/tls/ca.pem
volumes:
- "./data/secrets/pki/insecure-development-ca.pem:/etc/opendut/tls/ca.pem"
- "./data/secrets/pki/opendut-ca.pem:/etc/opendut/tls/ca.pem"
networks:
- opendut_local

Expand Down Expand Up @@ -526,14 +526,14 @@ services:
- ./data/telemetry/otel-collector.yml:/etc/collector-gateway.yaml:ro
- /var/lib/docker/containers:/var/lib/docker/containers:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/secrets/pki/insecure-development-ca.pem:/pki/insecure-development-ca.pem:ro
- ./data/secrets/pki/opendut-ca.pem:/pki/opendut-ca.pem:ro
build:
context: ../../..
dockerfile: ./.ci/deploy/localenv/data/telemetry/Dockerfile_otel-collector
args:
OTEL_COLLECTOR_VERSION: 0.97.0
environment:
- "SSL_CERT_FILE=/pki/insecure-development-ca.pem"
- "SSL_CERT_FILE=/pki/opendut-ca.pem"
command: [ "--config=/etc/collector-gateway.yaml" ]
user: "0" # root required to access docker socket
depends_on:
Expand Down

0 comments on commit 1d137ed

Please sign in to comment.