Skip to content

Commit 609d19d

Browse files
VannTenVannTen
committed
DO NOT MERGE: logging during cert generation
1 parent 64358c2 commit 609d19d

File tree

1 file changed

+12
-11
lines changed

1 file changed

+12
-11
lines changed

roles/etcd/templates/make-ssl-etcd.sh.j2

Lines changed: 12 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,7 @@ if [ -z ${CONFIG} ]; then
4949
echo "ERROR: the openssl configuration file is missing. option -f"
5050
exit 1
5151
fi
52+
cat ${CONFIG}
5253
if [ -z ${SSLDIR} ]; then
5354
SSLDIR="/etc/ssl/etcd"
5455
fi
@@ -64,33 +65,33 @@ if [ -e "$SSLDIR/ca-key.pem" ]; then
6465
# Reuse existing CA
6566
cp $SSLDIR/{ca.pem,ca-key.pem} .
6667
else
67-
openssl genrsa -out ca-key.pem {{certificates_key_size}} > /dev/null 2>&1
68-
openssl req -x509 -new -nodes -key ca-key.pem -days {{certificates_duration}} -out ca.pem -subj "/CN=etcd-ca" > /dev/null 2>&1
68+
openssl genrsa -out ca-key.pem {{certificates_key_size}}
69+
openssl req -x509 -new -nodes -key ca-key.pem -days {{certificates_duration}} -out ca.pem -subj "/CN=etcd-ca"
6970
fi
7071

7172
# ETCD member
7273
if [ -n "$MASTERS" ]; then
7374
for host in $MASTERS; do
7475
cn="${host%%.*}"
7576
# Member key
76-
openssl genrsa -out member-${host}-key.pem {{certificates_key_size}} > /dev/null 2>&1
77-
openssl req -new -key member-${host}-key.pem -out member-${host}.csr -subj "/CN=etcd-member-${cn}" -config ${CONFIG} > /dev/null 2>&1
78-
openssl x509 -req -in member-${host}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out member-${host}.pem -days {{certificates_duration}} -extensions ssl_client -extfile ${CONFIG} > /dev/null 2>&1
77+
openssl genrsa -out member-${host}-key.pem {{certificates_key_size}}
78+
openssl req -new -key member-${host}-key.pem -out member-${host}.csr -subj "/CN=etcd-member-${cn}" -config ${CONFIG}
79+
openssl x509 -req -in member-${host}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out member-${host}.pem -days {{certificates_duration}} -extensions ssl_client -extfile ${CONFIG}
7980

8081
# Admin key
81-
openssl genrsa -out admin-${host}-key.pem {{certificates_key_size}} > /dev/null 2>&1
82-
openssl req -new -key admin-${host}-key.pem -out admin-${host}.csr -subj "/CN=etcd-admin-${cn}" > /dev/null 2>&1
83-
openssl x509 -req -in admin-${host}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out admin-${host}.pem -days {{certificates_duration}} -extensions ssl_client -extfile ${CONFIG} > /dev/null 2>&1
82+
openssl genrsa -out admin-${host}-key.pem {{certificates_key_size}}
83+
openssl req -new -key admin-${host}-key.pem -out admin-${host}.csr -subj "/CN=etcd-admin-${cn}"
84+
openssl x509 -req -in admin-${host}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out admin-${host}.pem -days {{certificates_duration}} -extensions ssl_client -extfile ${CONFIG}
8485
done
8586
fi
8687

8788
# Node keys
8889
if [ -n "$HOSTS" ]; then
8990
for host in $HOSTS; do
9091
cn="${host%%.*}"
91-
openssl genrsa -out node-${host}-key.pem {{certificates_key_size}} > /dev/null 2>&1
92-
openssl req -new -key node-${host}-key.pem -out node-${host}.csr -subj "/CN=etcd-node-${cn}" > /dev/null 2>&1
93-
openssl x509 -req -in node-${host}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out node-${host}.pem -days {{certificates_duration}} -extensions ssl_client -extfile ${CONFIG} > /dev/null 2>&1
92+
openssl genrsa -out node-${host}-key.pem {{certificates_key_size}}
93+
openssl req -new -key node-${host}-key.pem -out node-${host}.csr -subj "/CN=etcd-node-${cn}"
94+
openssl x509 -req -in node-${host}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out node-${host}.pem -days {{certificates_duration}} -extensions ssl_client -extfile ${CONFIG}
9495
done
9596
fi
9697

0 commit comments

Comments
 (0)