From da4f1540dec64779c01f7d0258b1a748ace9b131 Mon Sep 17 00:00:00 2001 From: James Gu Date: Mon, 4 May 2020 13:57:29 -0700 Subject: Treasuremap 1.8 integration Upgrade pod 17 to Treasuremap 1.8 prime for CNTT RI-1. Added deploy script enhancement to include pregenesis, certs, and wrapper for shipyard cli command. Added clean-genesis script to properly clean genesis node for redeployment. Signed-off-by: James Gu Change-Id: I4c150ef216d5eb631a0980c72b3c6c80a55788d0 Signed-off-by: James Gu --- tools/files/certificate/ingress-ca.crt | 19 +++++++++++++++++++ tools/files/certificate/ingress-ca.key | 28 ++++++++++++++++++++++++++++ tools/files/certificate/ingress-ca.pem | 0 tools/files/certificate/ingress-ca.pem.orig | 19 +++++++++++++++++++ tools/files/certificate/ingress-ca.srl | 1 + tools/files/certificate/ingress-crt | 20 ++++++++++++++++++++ tools/files/certificate/ingress-csr | 18 ++++++++++++++++++ tools/files/certificate/ingress-key | 27 +++++++++++++++++++++++++++ tools/files/certificate/mycertfile.pem | 0 tools/files/certificate/openssl.cnf | 23 +++++++++++++++++++++++ 10 files changed, 155 insertions(+) create mode 100644 tools/files/certificate/ingress-ca.crt create mode 100644 tools/files/certificate/ingress-ca.key create mode 100644 tools/files/certificate/ingress-ca.pem create mode 100644 tools/files/certificate/ingress-ca.pem.orig create mode 100644 tools/files/certificate/ingress-ca.srl create mode 100644 tools/files/certificate/ingress-crt create mode 100644 tools/files/certificate/ingress-csr create mode 100644 tools/files/certificate/ingress-key create mode 100644 tools/files/certificate/mycertfile.pem create mode 100644 tools/files/certificate/openssl.cnf (limited to 'tools/files/certificate') diff --git a/tools/files/certificate/ingress-ca.crt b/tools/files/certificate/ingress-ca.crt new file mode 100644 index 0000000..7de203d --- /dev/null +++ b/tools/files/certificate/ingress-ca.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIC/TCCAeWgAwIBAgIJALiv9mc7SJL/MA0GCSqGSIb3DQEBCwUAMBUxEzARBgNV +BAMMCmluZ3Jlc3MtY2EwHhcNMjAwNzEwMjAxNjQ1WhcNMzAwNzA4MjAxNjQ1WjAV +MRMwEQYDVQQDDAppbmdyZXNzLWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAsdLuV9LVazMW/f5pQ/yRsKIDm3/W8+dqSvuXqa5wKmkKre3BICauTqcK +vDqn4m5MOrYgJJAeFBDpLPIk07XJPSDLZ+04qg621Jv+2fEJipPFmSebUbqdoG/S +MBDyzeBb/WKHGhtxcgpBzfnj7HspreIcFLh1TfYHS34uJDpOs4yDv8tWkyEFEAv1 +w3n1W/wLyVLDHN6KpUVQsAsPzt+4bcYRr4tapU45ZPANEvmfSVSqZIJKeShunyZ8 +bQIr8b3XCbjY/zexu8+RMXUkb404MR5vvOf8yNfGZEv4xoyMN+BWcE1GbObH1HJf +xwor9z1NnlJboyCWDYPp/3EcVjpHzQIDAQABo1AwTjAdBgNVHQ4EFgQUgNkj8PoW +nHPtt7Nj7JFCal7vxIEwHwYDVR0jBBgwFoAUgNkj8PoWnHPtt7Nj7JFCal7vxIEw +DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAj72hoR/6JO22k+2N4RzW +4ITjPZRzgbs+LU7MA6Fw4MapSQx5MwgUMI23bez3AG7MefN7E3IKT+j3CDkA5v9S +X/pLo7bLvLWVOFjHFqiLZ01xGm9nw7QmpNLmR42PrZTiNx5cBBJAvtkx1i8mY+fA +mhAxPzwy7mLkpXkeEha6zDyf5Cuy/42mJ/BpRrAlzaU/59w0YwQuTXzNrp5HIYlI +Fy9xE9rME7Y9zy0V2VhaFncmQD+DedJMjm/guBTy1D6Hyl0v+DPfEmLs3NCZ7coG +3kHS35ipqgT6GnZpKlqxcpBD2EWN5XC+Romsu1D+1OPc0ZnTUENs9836UFgaOAhT +YQ== +-----END CERTIFICATE----- diff --git a/tools/files/certificate/ingress-ca.key b/tools/files/certificate/ingress-ca.key new file mode 100644 index 0000000..bdd0634 --- /dev/null +++ b/tools/files/certificate/ingress-ca.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCx0u5X0tVrMxb9 +/mlD/JGwogObf9bz52pK+5eprnAqaQqt7cEgJq5Opwq8Oqfibkw6tiAkkB4UEOks +8iTTtck9IMtn7TiqDrbUm/7Z8QmKk8WZJ5tRup2gb9IwEPLN4Fv9YocaG3FyCkHN ++ePseymt4hwUuHVN9gdLfi4kOk6zjIO/y1aTIQUQC/XDefVb/AvJUsMc3oqlRVCw +Cw/O37htxhGvi1qlTjlk8A0S+Z9JVKpkgkp5KG6fJnxtAivxvdcJuNj/N7G7z5Ex +dSRvjTgxHm+85/zI18ZkS/jGjIw34FZwTUZs5sfUcl/HCiv3PU2eUlujIJYNg+n/ +cRxWOkfNAgMBAAECggEALapbZtZP1E20c9mnsrvjthaFEqPL0ar2Evd1RS/0wg9j +nLLXy6fjT3N6QEhX4MAud01aB8myz7hgCRjN+EhQu4/2bGPxD0rkDMlasyFBMAMu +1VvkeSKRZCgTNCDGGbSqKvHoe/3cLksQBxNLQumGFI9iYrfT+AdcbDilJMyMdXMM +pqyh135moH/TmPTobMY9jr1pNPq0LOWftg4yvnmrNhr3MqfciJZ6kljZB5vXDUpL +TvqVb8pHl19O8UHPsWyFk0+4L/kiZbM0yjdmVrlsPza7Vva0LUITFB2krl4WJF2h +ByToJ3b30crN+5Ccg56wbuXdNtk+TdrulDX6/SxXCQKBgQDcPMDe/hC0RfniTQ+i +FPGYhMsjHwGE+WTZkHchKXxtcBu3muPQe/DUiFVcTwrlfNt+A3tJPBPR1vh56sa/ +EZsJrNM5hXFuwd3YAqDotyNxxsh0dl5AK63A6rn80BzULQnknx/TOTWagcwnZuBr +YiMUVnmEtorStKc3OWNO78cBVwKBgQDOsw635GZ37bfX4ndTKSBB+Cf6u/DHX5y8 +rDBo/hd8hWe1Sou/FrsyiApRWv6I/B+5Vaa2m6qaBNPGFREnpaGla+fZ84CuYh1f +DT2LmzY5w/GchBx5eTOhK80NJpzrBcK9jkfltESsUpQ2wfXZ82RUot1e5ii2rMb4 +c+gH0rOVewKBgHHIhZDvzCuHF6H+VDxV+7fjq5uakktkGeF5jMK6T0mvKPLD+D0n +O3ZidU96mtOTnUbOf6yHeGnqWXeLf2EJtILcIkjOk5s4V+gY+48fxxUqMThSS0F2 +D4/i9XITB0Hrfvf56hRTs0j/FD2rHfj8u8jvIFsbgD96DAYxBQisQrGDAoGBALwr +igSi6x3WzXy9cD/GutUTouHB4qq+QiQI5XFPj/YORKFoIdxuRzDzY+E4Y2w1inPg +o4quIBtitaAoYZukT4oWt9VUthsKuw5jMVo8jJr95KDGLF3xlqztARktw8C5V9XV +B2L4P2RZMRDAdp5Z00axlbHk+b+DfweEDQHCMTatAoGBAKf7JUi0YEu5/fIrUfrm +tQXOrEwvnD0jkDp/tQc0+veuraLxCvQXGD86+s1vyIx/ZGhMp9e/dgWsMGG2UAKk +f8Dpo0M9dW/6R4Y0v7KiRW7OVrvDY0PjRP+6jls2VL3Lcwsow8awbo4TFL0Wlim7 +fdymzMEIIJD0XzfApzKEuvdr +-----END PRIVATE KEY----- diff --git a/tools/files/certificate/ingress-ca.pem b/tools/files/certificate/ingress-ca.pem new file mode 100644 index 0000000..e69de29 diff --git a/tools/files/certificate/ingress-ca.pem.orig b/tools/files/certificate/ingress-ca.pem.orig new file mode 100644 index 0000000..7de203d --- /dev/null +++ b/tools/files/certificate/ingress-ca.pem.orig @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIC/TCCAeWgAwIBAgIJALiv9mc7SJL/MA0GCSqGSIb3DQEBCwUAMBUxEzARBgNV +BAMMCmluZ3Jlc3MtY2EwHhcNMjAwNzEwMjAxNjQ1WhcNMzAwNzA4MjAxNjQ1WjAV +MRMwEQYDVQQDDAppbmdyZXNzLWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAsdLuV9LVazMW/f5pQ/yRsKIDm3/W8+dqSvuXqa5wKmkKre3BICauTqcK +vDqn4m5MOrYgJJAeFBDpLPIk07XJPSDLZ+04qg621Jv+2fEJipPFmSebUbqdoG/S +MBDyzeBb/WKHGhtxcgpBzfnj7HspreIcFLh1TfYHS34uJDpOs4yDv8tWkyEFEAv1 +w3n1W/wLyVLDHN6KpUVQsAsPzt+4bcYRr4tapU45ZPANEvmfSVSqZIJKeShunyZ8 +bQIr8b3XCbjY/zexu8+RMXUkb404MR5vvOf8yNfGZEv4xoyMN+BWcE1GbObH1HJf +xwor9z1NnlJboyCWDYPp/3EcVjpHzQIDAQABo1AwTjAdBgNVHQ4EFgQUgNkj8PoW +nHPtt7Nj7JFCal7vxIEwHwYDVR0jBBgwFoAUgNkj8PoWnHPtt7Nj7JFCal7vxIEw +DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAj72hoR/6JO22k+2N4RzW +4ITjPZRzgbs+LU7MA6Fw4MapSQx5MwgUMI23bez3AG7MefN7E3IKT+j3CDkA5v9S +X/pLo7bLvLWVOFjHFqiLZ01xGm9nw7QmpNLmR42PrZTiNx5cBBJAvtkx1i8mY+fA +mhAxPzwy7mLkpXkeEha6zDyf5Cuy/42mJ/BpRrAlzaU/59w0YwQuTXzNrp5HIYlI +Fy9xE9rME7Y9zy0V2VhaFncmQD+DedJMjm/guBTy1D6Hyl0v+DPfEmLs3NCZ7coG +3kHS35ipqgT6GnZpKlqxcpBD2EWN5XC+Romsu1D+1OPc0ZnTUENs9836UFgaOAhT +YQ== +-----END CERTIFICATE----- diff --git a/tools/files/certificate/ingress-ca.srl b/tools/files/certificate/ingress-ca.srl new file mode 100644 index 0000000..f48a4f3 --- /dev/null +++ b/tools/files/certificate/ingress-ca.srl @@ -0,0 +1 @@ +8AB2C82AEE12CD33 diff --git a/tools/files/certificate/ingress-crt b/tools/files/certificate/ingress-crt new file mode 100644 index 0000000..0cb15d5 --- /dev/null +++ b/tools/files/certificate/ingress-crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNjCCAh6gAwIBAgIJAIqyyCruEs0zMA0GCSqGSIb3DQEBCwUAMBUxEzARBgNV +BAMMCmluZ3Jlc3MtY2EwHhcNMjAwNzEwMjAxNjQ2WhcNMzAwNzA4MjAxNjQ2WjAi +MSAwHgYDVQQDDBcqLmludGVsLXBvZDE3Lm9wbmZ2Lm9yZzCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMv+Q9RnipooU3zU9Om0ghzpY2L3TbxShyizObld +4SLungyjKy0ElIn4dRQar/x8BF//K/qgQK1P3vhDoosVzQsT6lwQqzOyfVCOetjv +HMIjzHjLcYEfSCon8tZwmFzz7v5hAyvP5qQJzCjXOBt52HCMIkLxgScN7lIJMzgv +kezZnvfWd0pntitjIoIl/47uQD2nopJiCeA4lF8iz3kAjxeU5fxejlDiQ+sxq+EW +CJ2FO8ou95Yh7BauFPr6zAwOuirUroxVjR3J/aLjy0uGsPCDUl6thCwAHoIqdlok +F+6SuiZ14rZMq5HmlXT+ALNh+TTyIlLP60uc62N3V5kssAMCAwEAAaN8MHowCQYD +VR0TBAIwADAdBgNVHQ4EFgQUfTsTBuqoBACa4kZjMfqLESGFS90wCwYDVR0PBAQD +AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAiBgNVHREEGzAZghcq +LmludGVsLXBvZDE3Lm9wbmZ2Lm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAgMQGUeL5 +h3Ysj3/zaxUM4Jrb4j6qn2szjz7q/ZPYo46Vdbg789HMvGfsPsLccBAdxIvzfp35 +OkP6tmFlmNHg22Nmu0G9EKfy+lXuspsMEU2O8S+jFB6mVrQihnq2MXHxXdQzYAEg +x4ZAAC78PMHdRjXgfcTufxkwjJx5FHiIQhv3e6f9+Jr8LQLUxDIJTmpNkHXzPgjM +tVPUNuqZprX3m3oDM4PXv1xF42I89cNZRvR7/YFl8ZhITAdCOQ7HiJeBO/1Yyd3R +zyp7fclTXDZh6s7bmZBfFXDiyJpJeFHInTVrMqK3Q4u0jDmDJH+t01MEUjMaqOlz +usMQUi0wphAWpg== +-----END CERTIFICATE----- diff --git a/tools/files/certificate/ingress-csr b/tools/files/certificate/ingress-csr new file mode 100644 index 0000000..df7f144 --- /dev/null +++ b/tools/files/certificate/ingress-csr @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIC9DCCAdwCAQAwIjEgMB4GA1UEAwwXKi5pbnRlbC1wb2QxNy5vcG5mdi5vcmcw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL/kPUZ4qaKFN81PTptIIc +6WNi9028Uocoszm5XeEi7p4MoystBJSJ+HUUGq/8fARf/yv6oECtT974Q6KLFc0L +E+pcEKszsn1QjnrY7xzCI8x4y3GBH0gqJ/LWcJhc8+7+YQMrz+akCcwo1zgbedhw +jCJC8YEnDe5SCTM4L5Hs2Z731ndKZ7YrYyKCJf+O7kA9p6KSYgngOJRfIs95AI8X +lOX8Xo5Q4kPrMavhFgidhTvKLveWIewWrhT6+swMDroq1K6MVY0dyf2i48tLhrDw +g1JerYQsAB6CKnZaJBfukromdeK2TKuR5pV0/gCzYfk08iJSz+tLnOtjd1eZLLAD +AgMBAAGggYwwgYkGCSqGSIb3DQEJDjF8MHowCQYDVR0TBAIwADAdBgNVHQ4EFgQU +fTsTBuqoBACa4kZjMfqLESGFS90wCwYDVR0PBAQDAgWgMB0GA1UdJQQWMBQGCCsG +AQUFBwMCBggrBgEFBQcDATAiBgNVHREEGzAZghcqLmludGVsLXBvZDE3Lm9wbmZ2 +Lm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAljZ34DiXvqwLE4K2zTHQS76Iy6Sj+pI+ +BFNZxje8PlTgH1vdWHrF3APXoUM6ow/rADoDU1jEnqsFt0K533LRlQbZJXwtj8qG +6SDJAj4P1qFuaavjtCaqdpwvNY+EModSQK2c0gVgwXVtrL9AkO0jUNk2cGDT7kBU +BOzBnSH0FvoemDGKxNxUpKsEGIeV6xtqGejKNE3alVAXlsGN5drqgWvQuVXCXEmf +4H9/PknUNvDCJWwE/DBn7gOtxOhTX0cbU1pY5Z7Q6fmuBKwPmCZ647FNPJx8ru3q +fJ2Jv4NwEAGasLueV5xKwBTVSr9C3298kPehfklGlqhoAKnjJEpe7w== +-----END CERTIFICATE REQUEST----- diff --git a/tools/files/certificate/ingress-key b/tools/files/certificate/ingress-key new file mode 100644 index 0000000..c5886ba --- /dev/null +++ b/tools/files/certificate/ingress-key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpgIBAAKCAQEAy/5D1GeKmihTfNT06bSCHOljYvdNvFKHKLM5uV3hIu6eDKMr +LQSUifh1FBqv/HwEX/8r+qBArU/e+EOiixXNCxPqXBCrM7J9UI562O8cwiPMeMtx +gR9IKify1nCYXPPu/mEDK8/mpAnMKNc4G3nYcIwiQvGBJw3uUgkzOC+R7Nme99Z3 +Sme2K2MigiX/ju5APaeikmIJ4DiUXyLPeQCPF5Tl/F6OUOJD6zGr4RYInYU7yi73 +liHsFq4U+vrMDA66KtSujFWNHcn9ouPLS4aw8INSXq2ELAAegip2WiQX7pK6JnXi +tkyrkeaVdP4As2H5NPIiUs/rS5zrY3dXmSywAwIDAQABAoIBAQCCVFXjy69K5H7K +n4hGFDSY4ifEX/pDWnrN7wvvOWKQneFOc6UvIuD/8URj7tUHO/jTmETx4BbSY9gx +x4x+zhPtgvDVlzS6V8wmfpFQLhyykIqflmNTOrgxbsqAZPmDUbocvcB36mER5syQ +P0iyjTtSVMXC/Wclm4nq0cPunr3dktwsVxVpqV/BH2kmFXNQMl57+6jYXvLcM5Nk +iA1usA5c+rGozXk2ADsEpBGlm/bz/2zLMpIr9NOylyq3Cy7UtXztnH5jpV2CB2jh +JR+e6Md0fd68EHM8g6MnOgwcIZH3jH8ScbqDYq5pAzsYvlgZn/5Srg0YsXV4P3am +TPFhCrVhAoGBAOepIpJ+GOzhcrZ8FNAPel9hhOgjnWjEI2kwVmmV48NDLn6ECmGB +9MhMBsXeiNuHln0t/sHqimuFCUo4eluUhMu3x17gs30Uc8R3ZOtdmgqk7zpB2arW +C7eO8D/U8ctkJPJ8rMRBTzbt0ihxHYPCwr3Yg32INEt3DWuj2pHrgHOTAoGBAOFs ++L00jAP/qkF/aIpJfHVRfLpGBol6ZRTUTVlUn1Fj4idydvOUBcSFG+36ft2qMfgu +l6NiEh1losdVqq6MoVT+PCm1KQKh07bNrp7aAjSUN5Z1jAHnCPQRjTuvgFZzaa+U +mg20MhFn/MBvWK2oF0GnhbN3dcJdM/9M8LzpN3fRAoGBALeFJ9xBhOFzoHqsRZim +Cl2xVabJQBQU/bCBGJPAqJSxjg2v8MFaQF7Ey8DJEEZJXZCBdYaNlWakF73yjAws +1h7E0m55N/fo0eVcaFiE6FlyXAoczKEnvFSIKg+HVJ26EgL/faZjzqtHL+vV4HnX +OotHELPLyRHXmIwjXC2pETN9AoGBAIX34QtwwxVNR72NHm+wpIqEVv/Mxe3GE3SB +h0ZjiBsypSCUYiT3/0V/Zc3UZLkPgIriBbRPgDyAPnEAdGMvqGF+hfqzcx/hVJT7 +P5+gKFdfDnoYeZBX4XZLSAgEkNzP0itKwRML2AWIKymiAq2Ri+C00jyJ7i4IffJn +o1phr1lBAoGBAN53tvpr8KzKK6EPy5Q7fZf0nfrA6H4GQhCkLciGZWDPBBLQ2w64 +3APepY2w6ecgg/Wc2tHtuavoKD1HdSsGE0E09JZ1bXXKHOdwS2s47qITMzHZzmLF +7Mtu9Fw2+TEsC/utmtoa3lNaIES4mQMSB2NVCJxEfRySMISlM1NbeVVd +-----END RSA PRIVATE KEY----- diff --git a/tools/files/certificate/mycertfile.pem b/tools/files/certificate/mycertfile.pem new file mode 100644 index 0000000..e69de29 diff --git a/tools/files/certificate/openssl.cnf b/tools/files/certificate/openssl.cnf new file mode 100644 index 0000000..732a5a0 --- /dev/null +++ b/tools/files/certificate/openssl.cnf @@ -0,0 +1,23 @@ +[ req ] +prompt = no +default_bits = 2048 +distinguished_name = req_distinguished_name +encrypt_key = no +req_extensions = v3_req + +[ req_distinguished_name ] +commonName = *.intel-pod17.opnfv.org + +# Allow client and server auth. You may want to only allow server auth. +# Link to SAN names. +[v3_req] +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +keyUsage = digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth, serverAuth +subjectAltName = @alt_names + +# Alternative names are specified as IP.# and DNS.# for IP addresses and +# DNS accordingly. +[alt_names] +DNS.1 = *.intel-pod17.opnfv.org -- cgit 1.2.3-korg