Commit 4287bc61 authored by Fabio Luchetti's avatar Fabio Luchetti
Browse files

Add image script to create the certificates for gsi authentication

parent 76a3e540
#!/bin/bash
################################################################
# Set up a ssl-compliant dev environment for eos tests
################################################################
curl https://github.com/FiloSottile/mkcert/releases/download/v1.4.3/mkcert-v1.4.3-linux-amd64 -L --output /usr/bin/mkcert
chmod +x /usr/bin/mkcert
# CA
mkdir -p /etc/grid-security/certificates
mkcert -install
cp $(mkcert -CAROOT)/* /etc/grid-security/certificates/
yum install -y wget openssl-perl
c_rehash /etc/grid-security/certificates/
# host
mkcert -install $(hostname -f)
mkdir -p /etc/grid-security/daemon/
cp $(hostname -f)* /etc/grid-security/daemon/
mv /etc/grid-security/daemon/$(hostname -f).pem /etc/grid-security/daemon/hostcert.pem
mv /etc/grid-security/daemon/$(hostname -f)-key.pem /etc/grid-security/daemon/hostkey.pem
chown daemon:daemon /etc/grid-security/daemon/*
# user
mkcert -client eos-user
mkdir -p ~/.globus
cp eos-user-client.pem eos-user-client-key.pem ~/.globus/
mv /root/.globus/eos-user-client.pem ~/.globus/usercert.pem
mv /root/.globus/eos-user-client-key.pem ~/.globus/userkey.pem
# grid-mapfile
echo '"/O=mkcert development certificate/OU=root@eos-mgm1" eos-user' > /etc/grid-security/grid-mapfile
# needs properly edited /etc/xrd.cf.mgm
# needs to
# cd tmp && source /etc/sysconfig/eos && /opt/eos/xrootd//bin/xrootd -n mgm -c /etc/xrd.cf.mgm -m -l /var/log/eos/xrdlog.mgm -b -Rdaemon
XrdSecDEBUG=1 XrdSecPROTOCOL=gsi XRD_LOGLEVEL=Dump xrdfs root://eos-mgm1 stat /eos
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment