Merge pull request #900 from galthaus/cn-length
Cert fail if inventory names too long
This commit is contained in:
commit
2ee889843a
2 changed files with 9 additions and 5 deletions
|
@ -71,14 +71,15 @@ fi
|
||||||
# ETCD member
|
# ETCD member
|
||||||
if [ -n "$MASTERS" ]; then
|
if [ -n "$MASTERS" ]; then
|
||||||
for host in $MASTERS; do
|
for host in $MASTERS; do
|
||||||
|
cn="${host%%.*}"
|
||||||
# Member key
|
# Member key
|
||||||
openssl genrsa -out member-${host}-key.pem 2048 > /dev/null 2>&1
|
openssl genrsa -out member-${host}-key.pem 2048 > /dev/null 2>&1
|
||||||
openssl req -new -key member-${host}-key.pem -out member-${host}.csr -subj "/CN=etcd-member-${host}" -config ${CONFIG} > /dev/null 2>&1
|
openssl req -new -key member-${host}-key.pem -out member-${host}.csr -subj "/CN=etcd-member-${cn}" -config ${CONFIG} > /dev/null 2>&1
|
||||||
openssl x509 -req -in member-${host}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out member-${host}.pem -days 365 -extensions ssl_client -extfile ${CONFIG} > /dev/null 2>&1
|
openssl x509 -req -in member-${host}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out member-${host}.pem -days 365 -extensions ssl_client -extfile ${CONFIG} > /dev/null 2>&1
|
||||||
|
|
||||||
# Admin key
|
# Admin key
|
||||||
openssl genrsa -out admin-${host}-key.pem 2048 > /dev/null 2>&1
|
openssl genrsa -out admin-${host}-key.pem 2048 > /dev/null 2>&1
|
||||||
openssl req -new -key admin-${host}-key.pem -out admin-${host}.csr -subj "/CN=etcd-admin-${host}" > /dev/null 2>&1
|
openssl req -new -key admin-${host}-key.pem -out admin-${host}.csr -subj "/CN=etcd-admin-${cn}" > /dev/null 2>&1
|
||||||
openssl x509 -req -in admin-${host}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out admin-${host}.pem -days 365 -extensions ssl_client -extfile ${CONFIG} > /dev/null 2>&1
|
openssl x509 -req -in admin-${host}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out admin-${host}.pem -days 365 -extensions ssl_client -extfile ${CONFIG} > /dev/null 2>&1
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
@ -86,8 +87,9 @@ fi
|
||||||
# Node keys
|
# Node keys
|
||||||
if [ -n "$HOSTS" ]; then
|
if [ -n "$HOSTS" ]; then
|
||||||
for host in $HOSTS; do
|
for host in $HOSTS; do
|
||||||
|
cn="${host%%.*}"
|
||||||
openssl genrsa -out node-${host}-key.pem 2048 > /dev/null 2>&1
|
openssl genrsa -out node-${host}-key.pem 2048 > /dev/null 2>&1
|
||||||
openssl req -new -key node-${host}-key.pem -out node-${host}.csr -subj "/CN=etcd-node-${host}" > /dev/null 2>&1
|
openssl req -new -key node-${host}-key.pem -out node-${host}.csr -subj "/CN=etcd-node-${cn}" > /dev/null 2>&1
|
||||||
openssl x509 -req -in node-${host}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out node-${host}.pem -days 365 -extensions ssl_client -extfile ${CONFIG} > /dev/null 2>&1
|
openssl x509 -req -in node-${host}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out node-${host}.pem -days 365 -extensions ssl_client -extfile ${CONFIG} > /dev/null 2>&1
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -82,9 +82,10 @@ fi
|
||||||
|
|
||||||
if [ -n "$MASTERS" ]; then
|
if [ -n "$MASTERS" ]; then
|
||||||
for host in $MASTERS; do
|
for host in $MASTERS; do
|
||||||
|
cn="${host%%.*}"
|
||||||
# admin key
|
# admin key
|
||||||
openssl genrsa -out admin-${host}-key.pem 2048 > /dev/null 2>&1
|
openssl genrsa -out admin-${host}-key.pem 2048 > /dev/null 2>&1
|
||||||
openssl req -new -key admin-${host}-key.pem -out admin-${host}.csr -subj "/CN=kube-admin-${host}" > /dev/null 2>&1
|
openssl req -new -key admin-${host}-key.pem -out admin-${host}.csr -subj "/CN=kube-admin-${cn}" > /dev/null 2>&1
|
||||||
openssl x509 -req -in admin-${host}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out admin-${host}.pem -days 365 > /dev/null 2>&1
|
openssl x509 -req -in admin-${host}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out admin-${host}.pem -days 365 > /dev/null 2>&1
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
@ -92,9 +93,10 @@ fi
|
||||||
# Nodes and Admin
|
# Nodes and Admin
|
||||||
if [ -n "$HOSTS" ]; then
|
if [ -n "$HOSTS" ]; then
|
||||||
for host in $HOSTS; do
|
for host in $HOSTS; do
|
||||||
|
cn="${host%%.*}"
|
||||||
# node key
|
# node key
|
||||||
openssl genrsa -out node-${host}-key.pem 2048 > /dev/null 2>&1
|
openssl genrsa -out node-${host}-key.pem 2048 > /dev/null 2>&1
|
||||||
openssl req -new -key node-${host}-key.pem -out node-${host}.csr -subj "/CN=kube-node-${host}" > /dev/null 2>&1
|
openssl req -new -key node-${host}-key.pem -out node-${host}.csr -subj "/CN=kube-node-${cn}" > /dev/null 2>&1
|
||||||
openssl x509 -req -in node-${host}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out node-${host}.pem -days 365 > /dev/null 2>&1
|
openssl x509 -req -in node-${host}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out node-${host}.pem -days 365 > /dev/null 2>&1
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
Loading…
Reference in a new issue