Commit 9a7c903f authored by Fabio Luchetti's avatar Fabio Luchetti
Browse files

Tidy and trim the mkcert-ssl image script

parent 4287bc61
Pipeline #2659268 skipped with stage
......@@ -4,41 +4,34 @@
# Set up a ssl-compliant dev environment for eos tests
################################################################
curl https://github.com/FiloSottile/mkcert/releases/download/v1.4.3/mkcert-v1.4.3-linux-amd64 -L --output /usr/bin/mkcert
chmod +x /usr/bin/mkcert
# CA
mkdir -p /etc/grid-security/certificates
mkcert -install
cp $(mkcert -CAROOT)/* /etc/grid-security/certificates/
yum install -y wget openssl-perl
c_rehash /etc/grid-security/certificates/
# host
mkcert -install $(hostname -f)
# CA and host
mkdir -p /etc/grid-security/daemon/
cp $(hostname -f)* /etc/grid-security/daemon/
mv /etc/grid-security/daemon/$(hostname -f).pem /etc/grid-security/daemon/hostcert.pem
mv /etc/grid-security/daemon/$(hostname -f)-key.pem /etc/grid-security/daemon/hostkey.pem
chown daemon:daemon /etc/grid-security/daemon/*
CAROOT=/etc/grid-security/certificates/ mkcert -install -cert-file /etc/grid-security/daemon/hostcert.pem -key-file /etc/grid-security/daemon/hostkey.pem $(hostname -f)
yum install -y wget openssl-perl
c_rehash /etc/grid-security/certificates/
chown daemon:daemon /etc/grid-security/daemon/hostcert.pem
chown daemon:daemon /etc/grid-security/daemon/hostkey.pem
# user
mkcert -client eos-user
mkdir -p ~/.globus
cp eos-user-client.pem eos-user-client-key.pem ~/.globus/
mv /root/.globus/eos-user-client.pem ~/.globus/usercert.pem
mv /root/.globus/eos-user-client-key.pem ~/.globus/userkey.pem
CAROOT=/etc/grid-security/certificates/ mkcert -client -cert-file ~/.globus/usercert.pem -key-file ~/.globus/userkey.pem eos-user
# grid-mapfile
echo '"/O=mkcert development certificate/OU=root@eos-mgm1" eos-user' > /etc/grid-security/grid-mapfile
# needs properly edited /etc/xrd.cf.mgm
# needs to
# cd tmp && source /etc/sysconfig/eos && /opt/eos/xrootd//bin/xrootd -n mgm -c /etc/xrd.cf.mgm -m -l /var/log/eos/xrdlog.mgm -b -Rdaemon
XrdSecDEBUG=1 XrdSecPROTOCOL=gsi XRD_LOGLEVEL=Dump xrdfs root://eos-mgm1 stat /eos
\ No newline at end of file
# Note:
# - To try this out, you need a properly configured /etc/xrd.cf.mgm, with:
# - sec.protobind gsi enabled
# - sec.protocol gsi -cert:<> -key:<> -gridmap:<> pointing to the right path. The defaults should do
# - If the mgm has started with a wrong config, fix it and restart it, i.e., (typically)
# cd tmp && source /etc/sysconfig/eos && /opt/eos/xrootd//bin/xrootd -n mgm -c /etc/xrd.cf.mgm -m -l /var/log/eos/xrdlog.mgm -b -Rdaemon
# - If everything is right, the following will succeed:
# XrdSecDEBUG=1 XrdSecPROTOCOL=gsi XRD_LOGLEVEL=Dump xrdfs root://eos-mgm1 stat /eos
#
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment