use fix root CA for test

Change-Id: Ic663de04287d0cf963de71c3c18b43ed71f8139f
Signed-off-by: Ziming Zhang <zziming@vmware.com>
This commit is contained in:
Ziming Zhang 2019-08-13 14:09:26 +08:00
parent 2a3192b5c1
commit 2ca0b6bd1f
5 changed files with 103 additions and 9 deletions

View File

@ -2,8 +2,10 @@
# These certs file is only for Harbor testing.
IP='127.0.0.1'
if [ ! -z "$1" ]; then IP=$1; fi
OPENSSLCNF=
DATA_VOL='/data'
CUR_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
for path in /etc/openssl/openssl.cnf /etc/ssl/openssl.cnf /usr/local/etc/openssl/openssl.cnf; do
if [[ -e ${path} ]]; then
@ -16,19 +18,26 @@ if [[ -z ${OPENSSLCNF} ]]; then
fi
# Create CA certificate
openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout harbor_ca.key \
-x509 -days 365 -out harbor_ca.crt -subj '/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=HarborCA'
#openssl req \
# -newkey rsa:4096 -nodes -sha256 -keyout $CUR_DIR/harbor_ca.key \
# -x509 -days 365 -out $CUR_DIR/harbor_ca.crt -subj '/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=HarborCA'
# Generate a Certificate Signing Request
if echo $IP|grep -E '^([0-9]+\.){3}[0-9]+$' ; then
openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout $IP.key \
-out $IP.csr -subj '/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=HarborManager'
-out $IP.csr -subj "/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=HarborManager"
echo subjectAltName = IP:$IP > extfile.cnf
else
openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout $IP.key \
-out $IP.csr -subj "/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=$IP"
echo subjectAltName = DNS.1:$IP > extfile.cnf
fi
# Generate the certificate of local registry host
echo subjectAltName = IP:$IP > extfile.cnf
openssl x509 -req -days 365 -in $IP.csr -CA harbor_ca.crt \
-CAkey harbor_ca.key -CAcreateserial -extfile extfile.cnf -out $IP.crt
openssl x509 -req -days 365 -sha256 -in $IP.csr -CA $CUR_DIR/harbor_ca.crt \
-CAkey $CUR_DIR/harbor_ca.key -CAcreateserial -extfile extfile.cnf -out $IP.crt
# Copy to harbor default location
mkdir -p $DATA_VOL/cert

32
tests/harbor_ca.crt Normal file
View File

@ -0,0 +1,32 @@
-----BEGIN CERTIFICATE-----
MIIFhTCCA22gAwIBAgIUBWPUOcl5wyYV18FraR9cayN1F1UwDQYJKoZIhvcNAQEL
BQAwUjELMAkGA1UEBhMCQ04xDDAKBgNVBAgMA1BFSzERMA8GA1UEBwwIQmVpIEpp
bmcxDzANBgNVBAoMBlZNd2FyZTERMA8GA1UEAwwISGFyYm9yQ0EwHhcNMTkwODEz
MDMyMjUwWhcNMjAwODEyMDMyMjUwWjBSMQswCQYDVQQGEwJDTjEMMAoGA1UECAwD
UEVLMREwDwYDVQQHDAhCZWkgSmluZzEPMA0GA1UECgwGVk13YXJlMREwDwYDVQQD
DAhIYXJib3JDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALjlYE0c
16ZsTVBpr2s48QXxuc0IcddfyWqpBGwiWTGG3/LS/ebkiFfKVViBicK2A5IofI4X
6UBuu+hb3FZjJtpqNPFMrOK0K0eiheBQVxeCQavtoTpF7dtuWyv2bAgmvVagBxtU
sWWWzSO1vanO4Acs/ijfZjUdxN9JQk6xDj5Q+CLo0ikjFPTTD5DT40Z89qf440VU
019b70ZYUd61ZAGflfJNDQZ14GqGuG7pUTXMS76cuCbpGldhgILkBmKS/B3gm1ex
YzB6omKDbgGTOK4HiJpKsC0xWfYjY9LaTTmaJ+q8XVzv6oJu5u5RWSx2TEXy72Hv
E8rYLo1zKXQ+O03/XbPiK/bgsYEsPIxumMPKEOZJ3vdUxWOnYIssVqQgqpAByo4k
+ErBuQUwZz22NraV2nDqyiP+feuzD2nCKLAslEx2QWOvqfhvGgeyv0ViOdtyVFbf
XvOAq9FbY5w+i0MLBb0tcU+f8xzKbecsTbJDTLd0Fy7Sx2sT5ywfG1SDeNwRr8ar
QCBWUgim8Lc7U3OgrrjzMJGfKD/RgMWSjOxV1LXbjgOFhnh7/wvRxf87fURHigt0
26ZLCKm2i2YStL4S2yNSm206SXMkHUMZV/mFMHc/JK/EuDU9xXsK2P1d1H3SNrgK
axU7fcXnwIM9gcDrIlm+8MblrJWvGTe6GDn1AgMBAAGjUzBRMB0GA1UdDgQWBBSd
0G4mm1Ui8glxkvq5fcJflnlxCDAfBgNVHSMEGDAWgBSd0G4mm1Ui8glxkvq5fcJf
lnlxCDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBDYYDcmjwy
5fmCzBcMYEh7XMiFhS3UkojgB7LB6R41o6GmXvJOgaDobQC78We3I3Y8r8vVbAY+
Jh42tRRwKMIRUywkDLr5tfyiDUcGvSxpfysTYSNNknsctsowI6yCcRIsY0XqZEE9
Y3GMSaljAcxG++gR2XSxSPwYQ/TKDiM1Fyv3YNhnmoycBQItcIz29hYVXRgBkNkx
Cap8MDERJKlHiAgopoXtxnSbgZn4pZa6bVRF/UUYRmRLKO8tyKd8ZXHfQvvso1HU
e+Wcy3EoADr3aYCytPppo33zDHBX4+lcL2rKAH2+K5JOhnxZuRR4dWoczkI5mYRi
qZ809uHnXoV4yJ14NWnoil6kUF3YxU9hWzjEaVcZfp7WUw0BeTZ9M0VqkjxSiSuz
QvSzoPqZ2ajfxawf1fdttU6YUewBkjMOTC2C8qoA8m7HNRTznoZbfFITG1gJlnFT
y8oWY+ZrEsG7lID2zMaZopSAwDzuBoqLGE66LK+RtFSrAcGHSr3Xlp0R6hX4FeyN
flTTBxE6eNoEiV56x9RuSDvWnw/l38B/y9q9wMNkI+kb2d8QNkWFz9q1W01Vdceo
ZzTA/fNcErZ0YiE/wY9VEW+DRoO3ntMN8lEsNLr04kUG7RJ6EOu6kQPHQuJ3Bujy
rnAVXLxzOqGPfKD6gBQS2pTikQCYpqtaFg==
-----END CERTIFICATE-----

52
tests/harbor_ca.key Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC45WBNHNembE1Q
aa9rOPEF8bnNCHHXX8lqqQRsIlkxht/y0v3m5IhXylVYgYnCtgOSKHyOF+lAbrvo
W9xWYybaajTxTKzitCtHooXgUFcXgkGr7aE6Re3bblsr9mwIJr1WoAcbVLFlls0j
tb2pzuAHLP4o32Y1HcTfSUJOsQ4+UPgi6NIpIxT00w+Q0+NGfPan+ONFVNNfW+9G
WFHetWQBn5XyTQ0GdeBqhrhu6VE1zEu+nLgm6RpXYYCC5AZikvwd4JtXsWMweqJi
g24BkziuB4iaSrAtMVn2I2PS2k05mifqvF1c7+qCbubuUVksdkxF8u9h7xPK2C6N
cyl0PjtN/12z4iv24LGBLDyMbpjDyhDmSd73VMVjp2CLLFakIKqQAcqOJPhKwbkF
MGc9tja2ldpw6soj/n3rsw9pwiiwLJRMdkFjr6n4bxoHsr9FYjnbclRW317zgKvR
W2OcPotDCwW9LXFPn/Mcym3nLE2yQ0y3dBcu0sdrE+csHxtUg3jcEa/Gq0AgVlII
pvC3O1NzoK648zCRnyg/0YDFkozsVdS1244DhYZ4e/8L0cX/O31ER4oLdNumSwip
totmErS+EtsjUpttOklzJB1DGVf5hTB3PySvxLg1PcV7Ctj9XdR90ja4CmsVO33F
58CDPYHA6yJZvvDG5ayVrxk3uhg59QIDAQABAoICAAIsH7+IMThxWU8yjq8R0jMh
re8sxDmllHY+WiDzHl0omoT92aHW2Ys+g1Yw3298N/qFo0EAIutw4aBPQ/132MME
MG8NWZKoT0HeNPh3uS47h43/kr9ehvbnCwcvNAG8gsj7xFmb2yG4bdyXjAzss1Ei
RDIyvb6uBNwivjayedpdlSzD04RMNzjRKgOnmaoAWd2LXRA5eOpL6DnJW9zkALLM
LzTTlu2WgPZ/crdK4nthVRp+OOOsJXUVXi8rgq+xzmiDdQ/Is8OkDThfFvHJywaw
a/h0HDHLvKTZsZiOnA2rNADcCbTH1NeHegsexY9yLF8+BXX/GxptA88BpWEKQiQZ
WMKfwR2EhUA/4SJmIGORZOA6LZxOVCnuAxLn7SoUNXO9x2Ci0X3XblfKJJVCXjbi
pT1OvGISzsm7ZlPB8+jV/4BbeDZnssnKLYnP43/4BomlRW8ZyxAeT9XdlWJvs7Bu
mnEaUOUWGOicYqPvbOHj1M+PAxPdmCW2vCT0TigXpN5v/isBwSCu5i2pl29u8lrX
wSE+wdS4NGyFAFlpiJafdOgrKtCOmzA2snEMzGu9PkCS6HeppIymii6kSqfRuG2O
ZWWeVLOY2jpdJPh/jszXzfq88pkoYkMIjbiu38uT7AB1NG4HKUCV3lhmaw6bS76w
hi1sMUzHEUn8Q4tpHPzZAoIBAQDfaOyGZn9P/wYF5JSKuVlCSPG8I3Brtkwtz987
SiiQVFWsG2b2e2U+ZCsoHMFTmFrFo27zwaRPWvlBR0YA1cnqLIWwq5k/aID859o2
sTcncDs2Dthq+R0Vh0q+n5Cx2if0heR8ilmOmLtkeRhaNOhpTAPBi5rokIsAAYTa
uCffHzp7Bosv97p9fd1+21ZnQCldJZOOzRA/e+UfMu/El1lhUElVWPTwsxgrE/jI
7uggzFGab3VlUkovS3x+iAiv6eWxJSurH89euyvYxl+EG5uFT8+invWuLKrZDEtj
iEBUoc/h/iVYGJyZ7TQXaVOoJD06T45NcI30mstotSfPqFufAoIBAQDT3i5AmH5V
7Wd9p6sA3jAWmDSzsA/oPOLi9MWKoBiyZ4hjRp7OB6YJlkZBWfpoHPHNg32mrcxr
sRBN2wm6yP7kiZHrTAZP8S37ZWGKP07i2QddKMcwhR5wej5T300EVqFOunVdHwOz
mVBYPdgbof4k6E1bOin3gj40hqvFri4Jw/5klvJdUOWBb5OgvJnixjpE3+uUkjmM
gjj51AO5WJjsscObKIPNbgiVME/L15OPDsO+tf3BAPNZ90xQLzax1mO+fBz7KIYR
eULZMRtDBGEfhWDR8BTbjw8b/pfZsQD0D0/IB593YdlWyFW3QOb8+nGl5W46vGix
4OZZ1Itf/4HrAoIBAQDBrIYPZV/NC7o+9Y/ISzIUAoR9owNcfSbBOEm/bmSH6nRy
xTaXSxXT5qZ7GaKHQ7a9SxdufVph6O3YJ1+KbcujFIG5TKmHjKL1nFFRxIOZzvOl
w2zeH6OU/DpR0qZvaD3m/wO6630D32fkjA4OdXtdfSZsbQgXwOafVLHFoov+I2Zh
LKURKmMjUy/nP2JCFB9HvsGStDb3sgJI77Fn7gTwFdfdA0ckOz4iaifsmR/m/vln
NmTBN3tUUM5WKrvNNKmIzj5zFRqCdyRlwmMfdYd3JF9ODRvSqKpbiwr3+DA8riI3
OklJe9yWnEniWc7KHtBtcnZcr8yAVokr9o/St5LlAoIBAQDQ7eVGphrPudG4xEOK
E5HwdiBioljNeF112lODpOU16YtB+z5XhotiIOMfRw/8465AME8Us4dHG9EsNbie
jd9ul4tiMhJ3eysRIqTRpCSy57qvT6s+Wcfuu14Db82PXa6s6IscTZ1k2ue0XShj
95eb5cmDERSZk8KsIbH6uw2Da9fOclyHUWNCBTnb5KEMVNbZXMgAN0KxISn2k/Eo
Mgp8P8DZnVZ8mumz1XSbW/eTt8eopeebEMjqC0kiOa0CKp0qF1KtCwVK7f3SGO79
Y7AzWWBlJxAqhCUuQh6U+kwqYX8XjwzeuYuOXPjKQiKHjqHMKzhMi8fiwhnmtAbN
oDYJAoIBAAYnTbQcHv5KExeolWropSnY4xfWfzC/nmfFTao1iPfbDiFMkO8uRku4
eOgvlPbiS/cT1MEKSfQqTyMkWxlgghTiDMOTkm6iFQ1q4UQN7ua4eNVNeItTdpZb
c3UER6XNgI0CpdOb6Jq1529+g9/dly39qqQM4n82nFuizknMWlW5BlxsbwTy2xhi
JAA3JgLgB38UdL1sBDscX2vCl5pZhXXxWmVDud67exbMUnR4ib1bzG4nsXTHe72P
Jq2W5mySj9uDfcNHyBmfl95mP+VWOjQlxMg/cmS/CU3q04cMzUKX4froNRUi3eYQ
CFZg63hc+GA5YEhJM3n6ZkTZnTJH3Lc=
-----END PRIVATE KEY-----

1
tests/harbor_ca.srl Normal file
View File

@ -0,0 +1 @@
63B7F610244848F31E6F589536F579890B0812B3

View File

@ -8,7 +8,7 @@ set -e
# prepare cert ...
sudo sed "s/127.0.0.1/$1/" -i tests/generateCerts.sh
sudo ./tests/generateCerts.sh
sudo mkdir -p /etc/docker/certs.d/$1 && sudo cp ./harbor_ca.crt /etc/docker/certs.d/$1/
sudo mkdir -p /etc/docker/certs.d/$1 && sudo cp ./tests/harbor_ca.crt /etc/docker/certs.d/$1/
sudo ./tests/hostcfg.sh