Merge pull request #8646 from bitsf/add_harbor_test_ca

use fix root CA for test

tests/generateCerts.sh

@@ -2,8 +2,10 @@
 
 # These certs file is only for Harbor testing.
 IP='127.0.0.1'
+if [ ! -z "$1" ]; then IP=$1; fi
 OPENSSLCNF=
 DATA_VOL='/data'
+CUR_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
 for path in /etc/openssl/openssl.cnf /etc/ssl/openssl.cnf /usr/local/etc/openssl/openssl.cnf; do
     if [[ -e ${path} ]]; then
@@ -16,21 +18,28 @@ if [[ -z ${OPENSSLCNF} ]]; then
 fi
 
 # Create CA certificate
-openssl req \
-    -newkey rsa:4096 -nodes -sha256 -keyout harbor_ca.key \
-    -x509 -days 365 -out harbor_ca.crt -subj '/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=HarborCA'
+#openssl req \
+#    -newkey rsa:4096 -nodes -sha256 -keyout $CUR_DIR/harbor_ca.key \
+#    -x509 -days 365 -out $CUR_DIR/harbor_ca.crt -subj '/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=HarborCA'
 
 # Generate a Certificate Signing Request
+if echo $IP|grep -E '^([0-9]+\.){3}[0-9]+$' ; then
 openssl req \
     -newkey rsa:4096 -nodes -sha256 -keyout $IP.key \
-    -out $IP.csr -subj '/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=HarborManager'
+    -out $IP.csr -subj "/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=HarborManager"
+echo subjectAltName = IP:$IP > extfile.cnf
+else
+openssl req \
+    -newkey rsa:4096 -nodes -sha256 -keyout $IP.key \
+    -out $IP.csr -subj "/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=$IP"
+echo subjectAltName = DNS.1:$IP > extfile.cnf
+fi
 
 # Generate the certificate of local registry host
-echo subjectAltName = IP:$IP > extfile.cnf
-openssl x509 -req -days 365 -in $IP.csr -CA harbor_ca.crt \
-	-CAkey harbor_ca.key -CAcreateserial -extfile extfile.cnf -out $IP.crt	
+openssl x509 -req -days 365 -sha256 -in $IP.csr -CA $CUR_DIR/harbor_ca.crt \
+	-CAkey $CUR_DIR/harbor_ca.key -CAcreateserial -extfile extfile.cnf -out $IP.crt
 	
 # Copy to harbor default location
 mkdir -p $DATA_VOL/cert
 cp $IP.crt $DATA_VOL/cert/server.crt
-cp $IP.key $DATA_VOL/cert/server.key
+cp $IP.key $DATA_VOL/cert/server.key

tests/harbor_ca.crt

@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFhTCCA22gAwIBAgIUBWPUOcl5wyYV18FraR9cayN1F1UwDQYJKoZIhvcNAQEL
+BQAwUjELMAkGA1UEBhMCQ04xDDAKBgNVBAgMA1BFSzERMA8GA1UEBwwIQmVpIEpp
+bmcxDzANBgNVBAoMBlZNd2FyZTERMA8GA1UEAwwISGFyYm9yQ0EwHhcNMTkwODEz
+MDMyMjUwWhcNMjAwODEyMDMyMjUwWjBSMQswCQYDVQQGEwJDTjEMMAoGA1UECAwD
+UEVLMREwDwYDVQQHDAhCZWkgSmluZzEPMA0GA1UECgwGVk13YXJlMREwDwYDVQQD
+DAhIYXJib3JDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALjlYE0c
+16ZsTVBpr2s48QXxuc0IcddfyWqpBGwiWTGG3/LS/ebkiFfKVViBicK2A5IofI4X
+6UBuu+hb3FZjJtpqNPFMrOK0K0eiheBQVxeCQavtoTpF7dtuWyv2bAgmvVagBxtU
+sWWWzSO1vanO4Acs/ijfZjUdxN9JQk6xDj5Q+CLo0ikjFPTTD5DT40Z89qf440VU
+019b70ZYUd61ZAGflfJNDQZ14GqGuG7pUTXMS76cuCbpGldhgILkBmKS/B3gm1ex
+YzB6omKDbgGTOK4HiJpKsC0xWfYjY9LaTTmaJ+q8XVzv6oJu5u5RWSx2TEXy72Hv
+E8rYLo1zKXQ+O03/XbPiK/bgsYEsPIxumMPKEOZJ3vdUxWOnYIssVqQgqpAByo4k
++ErBuQUwZz22NraV2nDqyiP+feuzD2nCKLAslEx2QWOvqfhvGgeyv0ViOdtyVFbf
+XvOAq9FbY5w+i0MLBb0tcU+f8xzKbecsTbJDTLd0Fy7Sx2sT5ywfG1SDeNwRr8ar
+QCBWUgim8Lc7U3OgrrjzMJGfKD/RgMWSjOxV1LXbjgOFhnh7/wvRxf87fURHigt0
+26ZLCKm2i2YStL4S2yNSm206SXMkHUMZV/mFMHc/JK/EuDU9xXsK2P1d1H3SNrgK
+axU7fcXnwIM9gcDrIlm+8MblrJWvGTe6GDn1AgMBAAGjUzBRMB0GA1UdDgQWBBSd
+0G4mm1Ui8glxkvq5fcJflnlxCDAfBgNVHSMEGDAWgBSd0G4mm1Ui8glxkvq5fcJf
+lnlxCDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBDYYDcmjwy
+5fmCzBcMYEh7XMiFhS3UkojgB7LB6R41o6GmXvJOgaDobQC78We3I3Y8r8vVbAY+
+Jh42tRRwKMIRUywkDLr5tfyiDUcGvSxpfysTYSNNknsctsowI6yCcRIsY0XqZEE9
+Y3GMSaljAcxG++gR2XSxSPwYQ/TKDiM1Fyv3YNhnmoycBQItcIz29hYVXRgBkNkx
+Cap8MDERJKlHiAgopoXtxnSbgZn4pZa6bVRF/UUYRmRLKO8tyKd8ZXHfQvvso1HU
+e+Wcy3EoADr3aYCytPppo33zDHBX4+lcL2rKAH2+K5JOhnxZuRR4dWoczkI5mYRi
+qZ809uHnXoV4yJ14NWnoil6kUF3YxU9hWzjEaVcZfp7WUw0BeTZ9M0VqkjxSiSuz
+QvSzoPqZ2ajfxawf1fdttU6YUewBkjMOTC2C8qoA8m7HNRTznoZbfFITG1gJlnFT
+y8oWY+ZrEsG7lID2zMaZopSAwDzuBoqLGE66LK+RtFSrAcGHSr3Xlp0R6hX4FeyN
+flTTBxE6eNoEiV56x9RuSDvWnw/l38B/y9q9wMNkI+kb2d8QNkWFz9q1W01Vdceo
+ZzTA/fNcErZ0YiE/wY9VEW+DRoO3ntMN8lEsNLr04kUG7RJ6EOu6kQPHQuJ3Bujy
+rnAVXLxzOqGPfKD6gBQS2pTikQCYpqtaFg==
+-----END CERTIFICATE-----

tests/harbor_ca.key

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC45WBNHNembE1Q
+aa9rOPEF8bnNCHHXX8lqqQRsIlkxht/y0v3m5IhXylVYgYnCtgOSKHyOF+lAbrvo
+W9xWYybaajTxTKzitCtHooXgUFcXgkGr7aE6Re3bblsr9mwIJr1WoAcbVLFlls0j
+tb2pzuAHLP4o32Y1HcTfSUJOsQ4+UPgi6NIpIxT00w+Q0+NGfPan+ONFVNNfW+9G
+WFHetWQBn5XyTQ0GdeBqhrhu6VE1zEu+nLgm6RpXYYCC5AZikvwd4JtXsWMweqJi
+g24BkziuB4iaSrAtMVn2I2PS2k05mifqvF1c7+qCbubuUVksdkxF8u9h7xPK2C6N
+cyl0PjtN/12z4iv24LGBLDyMbpjDyhDmSd73VMVjp2CLLFakIKqQAcqOJPhKwbkF
+MGc9tja2ldpw6soj/n3rsw9pwiiwLJRMdkFjr6n4bxoHsr9FYjnbclRW317zgKvR
+W2OcPotDCwW9LXFPn/Mcym3nLE2yQ0y3dBcu0sdrE+csHxtUg3jcEa/Gq0AgVlII
+pvC3O1NzoK648zCRnyg/0YDFkozsVdS1244DhYZ4e/8L0cX/O31ER4oLdNumSwip
+totmErS+EtsjUpttOklzJB1DGVf5hTB3PySvxLg1PcV7Ctj9XdR90ja4CmsVO33F
+58CDPYHA6yJZvvDG5ayVrxk3uhg59QIDAQABAoICAAIsH7+IMThxWU8yjq8R0jMh
+re8sxDmllHY+WiDzHl0omoT92aHW2Ys+g1Yw3298N/qFo0EAIutw4aBPQ/132MME
+MG8NWZKoT0HeNPh3uS47h43/kr9ehvbnCwcvNAG8gsj7xFmb2yG4bdyXjAzss1Ei
+RDIyvb6uBNwivjayedpdlSzD04RMNzjRKgOnmaoAWd2LXRA5eOpL6DnJW9zkALLM
+LzTTlu2WgPZ/crdK4nthVRp+OOOsJXUVXi8rgq+xzmiDdQ/Is8OkDThfFvHJywaw
+a/h0HDHLvKTZsZiOnA2rNADcCbTH1NeHegsexY9yLF8+BXX/GxptA88BpWEKQiQZ
+WMKfwR2EhUA/4SJmIGORZOA6LZxOVCnuAxLn7SoUNXO9x2Ci0X3XblfKJJVCXjbi
+pT1OvGISzsm7ZlPB8+jV/4BbeDZnssnKLYnP43/4BomlRW8ZyxAeT9XdlWJvs7Bu
+mnEaUOUWGOicYqPvbOHj1M+PAxPdmCW2vCT0TigXpN5v/isBwSCu5i2pl29u8lrX
+wSE+wdS4NGyFAFlpiJafdOgrKtCOmzA2snEMzGu9PkCS6HeppIymii6kSqfRuG2O
+ZWWeVLOY2jpdJPh/jszXzfq88pkoYkMIjbiu38uT7AB1NG4HKUCV3lhmaw6bS76w
+hi1sMUzHEUn8Q4tpHPzZAoIBAQDfaOyGZn9P/wYF5JSKuVlCSPG8I3Brtkwtz987
+SiiQVFWsG2b2e2U+ZCsoHMFTmFrFo27zwaRPWvlBR0YA1cnqLIWwq5k/aID859o2
+sTcncDs2Dthq+R0Vh0q+n5Cx2if0heR8ilmOmLtkeRhaNOhpTAPBi5rokIsAAYTa
+uCffHzp7Bosv97p9fd1+21ZnQCldJZOOzRA/e+UfMu/El1lhUElVWPTwsxgrE/jI
+7uggzFGab3VlUkovS3x+iAiv6eWxJSurH89euyvYxl+EG5uFT8+invWuLKrZDEtj
+iEBUoc/h/iVYGJyZ7TQXaVOoJD06T45NcI30mstotSfPqFufAoIBAQDT3i5AmH5V
+7Wd9p6sA3jAWmDSzsA/oPOLi9MWKoBiyZ4hjRp7OB6YJlkZBWfpoHPHNg32mrcxr
+sRBN2wm6yP7kiZHrTAZP8S37ZWGKP07i2QddKMcwhR5wej5T300EVqFOunVdHwOz
+mVBYPdgbof4k6E1bOin3gj40hqvFri4Jw/5klvJdUOWBb5OgvJnixjpE3+uUkjmM
+gjj51AO5WJjsscObKIPNbgiVME/L15OPDsO+tf3BAPNZ90xQLzax1mO+fBz7KIYR
+eULZMRtDBGEfhWDR8BTbjw8b/pfZsQD0D0/IB593YdlWyFW3QOb8+nGl5W46vGix
+4OZZ1Itf/4HrAoIBAQDBrIYPZV/NC7o+9Y/ISzIUAoR9owNcfSbBOEm/bmSH6nRy
+xTaXSxXT5qZ7GaKHQ7a9SxdufVph6O3YJ1+KbcujFIG5TKmHjKL1nFFRxIOZzvOl
+w2zeH6OU/DpR0qZvaD3m/wO6630D32fkjA4OdXtdfSZsbQgXwOafVLHFoov+I2Zh
+LKURKmMjUy/nP2JCFB9HvsGStDb3sgJI77Fn7gTwFdfdA0ckOz4iaifsmR/m/vln
+NmTBN3tUUM5WKrvNNKmIzj5zFRqCdyRlwmMfdYd3JF9ODRvSqKpbiwr3+DA8riI3
+OklJe9yWnEniWc7KHtBtcnZcr8yAVokr9o/St5LlAoIBAQDQ7eVGphrPudG4xEOK
+E5HwdiBioljNeF112lODpOU16YtB+z5XhotiIOMfRw/8465AME8Us4dHG9EsNbie
+jd9ul4tiMhJ3eysRIqTRpCSy57qvT6s+Wcfuu14Db82PXa6s6IscTZ1k2ue0XShj
+95eb5cmDERSZk8KsIbH6uw2Da9fOclyHUWNCBTnb5KEMVNbZXMgAN0KxISn2k/Eo
+Mgp8P8DZnVZ8mumz1XSbW/eTt8eopeebEMjqC0kiOa0CKp0qF1KtCwVK7f3SGO79
+Y7AzWWBlJxAqhCUuQh6U+kwqYX8XjwzeuYuOXPjKQiKHjqHMKzhMi8fiwhnmtAbN
+oDYJAoIBAAYnTbQcHv5KExeolWropSnY4xfWfzC/nmfFTao1iPfbDiFMkO8uRku4
+eOgvlPbiS/cT1MEKSfQqTyMkWxlgghTiDMOTkm6iFQ1q4UQN7ua4eNVNeItTdpZb
+c3UER6XNgI0CpdOb6Jq1529+g9/dly39qqQM4n82nFuizknMWlW5BlxsbwTy2xhi
+JAA3JgLgB38UdL1sBDscX2vCl5pZhXXxWmVDud67exbMUnR4ib1bzG4nsXTHe72P
+Jq2W5mySj9uDfcNHyBmfl95mP+VWOjQlxMg/cmS/CU3q04cMzUKX4froNRUi3eYQ
+CFZg63hc+GA5YEhJM3n6ZkTZnTJH3Lc=
+-----END PRIVATE KEY-----

tests/harbor_ca.srl

@@ -0,0 +1 @@
+63B7F610244848F31E6F589536F579890B0812B3

tests/travis/api_common_install.sh

@@ -8,7 +8,7 @@ set -e
 # prepare cert ...
 sudo sed "s/127.0.0.1/$1/" -i tests/generateCerts.sh
 sudo ./tests/generateCerts.sh
-sudo mkdir -p /etc/docker/certs.d/$1 && sudo cp ./harbor_ca.crt /etc/docker/certs.d/$1/
+sudo mkdir -p /etc/docker/certs.d/$1 && sudo cp ./tests/harbor_ca.crt /etc/docker/certs.d/$1/
 
 sudo ./tests/hostcfg.sh