102 lines
3.5 KiB
Bash
Executable File
102 lines
3.5 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
set -e
|
|
|
|
stty sane # dont show backspace char during prompts
|
|
|
|
script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
|
|
|
## Get Project Name
|
|
project=$1
|
|
if [ -z "$project" ];
|
|
then
|
|
read -rp "Enter the name for the google cloud project (Ex. switchboard-oracle-cluster): " project
|
|
fi
|
|
project=$(echo "${project// /-}" | awk '{print tolower($0)}') # Replace spaces with dashes and make lower case
|
|
echo -e "project name: $project"
|
|
|
|
## Create TLS Certificate
|
|
mkdir -p secrets
|
|
tls_privkey_file=$(realpath "secrets/${project}-letsencrypt.private.key")
|
|
tls_pubkey_file=$(realpath "secrets/${project}-tls.public.pub")
|
|
csr_privkey_file=$(realpath "secrets/${project}-csr.private.key")
|
|
csr_file=$(realpath "secrets/${project}-csr.pem")
|
|
chain_file=$(realpath "secrets/${project}-tls-chain.pem")
|
|
crt_file=$(realpath "secrets/${project}-crt.pem")
|
|
|
|
## Exit if we have the files we need
|
|
if [ -s "$csr_privkey_file" ] && [ -s "$crt_file" ]
|
|
then
|
|
grafana_tls_key=$(base64 "$csr_privkey_file")
|
|
printf "\nGRAFANA_TLS_KEY=\"%s\"\n" "$grafana_tls_key"
|
|
"$script_dir"/scripts/save-env-value.sh "$project" "GRAFANA_TLS_KEY" "$grafana_tls_key" > /dev/null
|
|
grafana_tls_crt=$(base64 "$crt_file")
|
|
printf "\nGRAFANA_TLS_CRT=\"%s\"\n" "$grafana_tls_crt"
|
|
"$script_dir"/scripts/save-env-value.sh "$project" "GRAFANA_TLS_CRT" "$grafana_tls_crt" > /dev/null
|
|
exit 0
|
|
fi
|
|
|
|
if [ ! -s "$tls_privkey_file" ]; then
|
|
openssl genrsa 4096 > "$tls_privkey_file"
|
|
fi
|
|
tls_pubkey=$(openssl rsa -in "$tls_privkey_file" -pubout)
|
|
echo "$tls_pubkey" > "$tls_pubkey_file"
|
|
printf '\nStep #1: Account Public Key:\n%s\n\n' "$tls_pubkey"
|
|
|
|
if [ ! -s "$csr_privkey_file" ]; then
|
|
openssl genrsa 4096 > "$csr_privkey_file"
|
|
fi
|
|
if [[ -s "$csr_privkey_file" ]]; then
|
|
grafana_tls_key=$(base64 "$csr_privkey_file")
|
|
# printf "\nGRAFANA_TLS_KEY=\"%s\"\n" "$grafana_tls_key"
|
|
"$script_dir"/scripts/save-env-value.sh "$project" "GRAFANA_TLS_KEY" "$grafana_tls_key" > /dev/null
|
|
fi
|
|
|
|
if [ ! -s "$csr_file" ]; then
|
|
domain=$2
|
|
read -rp "is this domain correct (${domain})? (y/n)? " answer
|
|
case ${answer:0:1} in
|
|
y|Y )
|
|
;;
|
|
* )
|
|
read -rp "Enter your registered domain name where you will view grafana metrics (Ex. grafana.switchboard.com): " domain
|
|
;;
|
|
esac
|
|
email=$3
|
|
read -rp "is this email correct (${email})? (y/n)? " answer
|
|
case ${answer:0:1} in
|
|
y|Y )
|
|
;;
|
|
* )
|
|
read -rp "Enter an email for your TLS CRT: " email
|
|
;;
|
|
esac
|
|
"$script_dir"/scripts/save-env-value.sh "$project" "GRAFANA_HOSTNAME" "$domain"
|
|
openssl req -new -nodes -key "$csr_privkey_file" -out "$csr_file" -subj "/CN=${domain}/emailAddress=${email}"
|
|
fi
|
|
tls_csr=$(<"$csr_file")
|
|
printf '\nStep#2: Certificate Signing Request:\n%s\n' "$tls_csr"
|
|
|
|
|
|
if [ -s "$chain_file" ]
|
|
then
|
|
if [[ ! -f "$crt_file" || ! -s "$crt_file" ]]; then
|
|
openssl x509 -in "$chain_file" -out "$crt_file"
|
|
fi
|
|
grafana_tls_crt=$(base64 "$crt_file")
|
|
printf "\nGRAFANA_TLS_CRT=\"%s\"\n" "$grafana_tls_crt"
|
|
"$script_dir"/scripts/save-env-value.sh "$project" "GRAFANA_TLS_KEY" "$grafana_tls_key" > /dev/null
|
|
exit 0
|
|
else
|
|
printf '\nPrivate Key File: %s' "$tls_privkey_file"
|
|
printf '\nPublic Key File: %s' "$tls_pubkey_file"
|
|
printf '\nCert Signing Request File: %s' "$csr_file"
|
|
|
|
printf "\n\nComplete the steps at https://gethttpsforfree.com and save the entire TLS certificate chain to:\n\t%s\n" "$chain_file"
|
|
|
|
echo -e "\n\texport PRIV_KEY=\"$tls_privkey_file\""
|
|
exit 0
|
|
fi
|
|
|
|
exit 0
|