diff --git a/manifest-generation/bosh-lite-stubs/property-overrides.yml b/manifest-generation/bosh-lite-stubs/property-overrides.yml index 060b3809e7..d40a9b30e7 100644 --- a/manifest-generation/bosh-lite-stubs/property-overrides.yml +++ b/manifest-generation/bosh-lite-stubs/property-overrides.yml @@ -1017,3 +1017,89 @@ property_overrides: I0YSumzEeQMcFbg0LUYayZ9PlhPgLosMba9BDK/K244OZvmGyRr1ANnnASsQg4cK vsHDEV4jBWxHAw41ArfNLg9vA8ojf/1EU4E2d5GU5fVe -----END CERTIFICATE----- + cc_uploader: + cc: + client_cert: | + -----BEGIN CERTIFICATE----- + MIIEIjCCAgqgAwIBAgIRAKvKRcJmrPpUQSmougsN2oIwDQYJKoZIhvcNAQELBQAw + EDEOMAwGA1UEAxMFYmJzQ0EwHhcNMTcwMzA3MjAyMDQ3WhcNMTkwMzA3MjAyMDQ3 + WjAWMRQwEgYDVQQDDAtjY191cGxvYWRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP + ADCCAQoCggEBAJKtmuPJYqW2n/vgU5Idu6hsgtG/GTahlCEFg3JwSADZb2h4ciyD + yC/NTtVmFydl5RQp8FT4TDvzzEUvS410KyLeVsVIBGFqpPI2zVN6IsonFS1GQjC1 + 2mdJx+6bIIwCN9t89qUZ4Xi6x8MZUNWeRH+9kS9XovAjq8Z+GyEaXrM+PsxiGa8t + bmxDANTX4ftoI2HGYK18oSJNNHZsRRlh3M/tAYQwlAbq1oyoSaKRESsDnRXih+3I + CUOOIcdj2zWPoMbzvczvC9+rY8O6n2tadecAHwWn2p76juSNAUxCwTIFwcqu5leu + 46zEJMFFbUczHoYR05v7OPNE85qGnx7QSfsCAwEAAaNxMG8wDgYDVR0PAQH/BAQD + AgO4MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUBKzC + xgL5oUwhn3RXxpMhfqmY/SkwHwYDVR0jBBgwFoAU2HFnsP9JOWRvKvDs5YSkjx+r + /LMwDQYJKoZIhvcNAQELBQADggIBABiORxMw4vkMVFM8/53JDX9XlWn+dqZqd1K8 + dxuuWcMF0esTc9mcTpZh1PoMOTapAvocyLNSgxOZVPE5nG0WXR+RvjTJm3R9Oj0e + h8tTrfu+wiBVpBcvViUI1QqIMvUZhGKmJi/hi3jPKEF3qzCIW2rwBsFEtC4XYAdS + mp5Rp+OIQ5+Bd0PisV/UuRJdutcol/eIppgYORbwNnrOqo80P1Uews56B3qegX80 + EF7kV45z6iyE5zmSyaQmPeC0SmcKGMTsrrYCKefPXys3v/tqURwtknV7O4soSmI4 + gvBUzPjNm0eZ5ALL+rP37Q/rjZGiRHgpUuQOnbUhzwDx8lfpgP7x9/BBC43cK2d0 + +Dz6u+Edn3JUmtKd0fR30kb6dwApiTAwrRTrRU9ruKkvO4h79fWfSrObtkJbuYTI + ZDy+yTqU/a2/Yf7p4E/0A5KWRmSJisIU3OEHwoElfKUHMjhDXE59muY5t4gjnxC1 + yp30k3gi5AKQ5IQ5eJhHYjdtJ2wycUx15KVLTdDYZCxdgv1Qt1hWCsW4/gi1PyID + biK8gzDiLZk9NbYKbkbla722mefYFVijY10zc5+TW0wclPDPruVrnHZc3dk2XRU6 + nqs+JOi2f77k3JBj2+vSYadnAEsd801Z37Pm7td4XrPLzsOpenqyoFmB0JBYPz1l + 9dO0xzBb + -----END CERTIFICATE----- + client_key: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAkq2a48lipbaf++BTkh27qGyC0b8ZNqGUIQWDcnBIANlvaHhy + LIPIL81O1WYXJ2XlFCnwVPhMO/PMRS9LjXQrIt5WxUgEYWqk8jbNU3oiyicVLUZC + MLXaZ0nH7psgjAI323z2pRnheLrHwxlQ1Z5Ef72RL1ei8COrxn4bIRpesz4+zGIZ + ry1ubEMA1Nfh+2gjYcZgrXyhIk00dmxFGWHcz+0BhDCUBurWjKhJopERKwOdFeKH + 7cgJQ44hx2PbNY+gxvO9zO8L36tjw7qfa1p15wAfBafanvqO5I0BTELBMgXByq7m + V67jrMQkwUVtRzMehhHTm/s480TzmoafHtBJ+wIDAQABAoIBAQCFVs58jqFf1eIf + /jDanq7ukB5ogFlyYXaggjuZd9rs8r0lcoEQWIhOdExbEGCyDx4ts2ZoSAQ9aAbl + SfZb1CQ2oXquAycATAtAqXMElP41WUwWCU24rEisJtVa4qi2vnl6zWIGer2Om/Vn + NYdXenX4ziLCr99OgI7ydcdB05ANToNCkMKkfbqAb72OaEBe6R0D3EdRpZ0vRssf + n5F+zz+rv8Lf2pyGJ+9BvONfqw02D/ndslD+bE2wzOrZn5g2kUFRQ8f59OdaKK7j + HyjCiyGljydvDgAkNJyE/uZUyZqTrNw8OgP2dKHXC3DdUk5OCg/YlTL6NDaQNjlA + 73b2JAlpAoGBAMNRyfjaECi+ac0temW3X0ii8+ck2JCxD8b7mY9cwpYZBOonE22g + zhtQZUe4lrlmmOtk01sR5P3hAsmsLtIA9TfqNjYJOV5Jy0oV0N/aYlpzmU5v9yy+ + ulV7CdNTIIbgThMuiEEKy21MvTaM1oPL8Py2ih9CRx2s4EQmMheZutJXAoGBAMA/ + QeeQ2NE9RpBRLFv15GzXl8cJ0P50q0TlwjEfVUJPYv2AgX7K6r0gobUsE4K6Tzyh + hmVOD2WvY3cwK42jGPShrZ836szQw9xJBBW67woyDebw38OzCPdvHAv9Z7iSQG3N + hrh63iQ5ELlBIDBkienNIvFSkdxbaAbCZgkfRqb9AoGAH27jNTRK03PJbSa7gvEe + 2X64B+PrImYMZvaIwQSpoCRIoTJGsybk5Ipssj0nrJCxXXitdwOLObxjiXc3Vb6n + uCbuMIYNgHoZyEN4iP4JRAtEidYFDmNnc2hIrYS8QFiK2BVuAiGtmVp3PPcvcqh4 + kQMDeYJeFY2DzhPjjd7ErSMCgYBAvw07KBVdov147V27Ov1LivCbIDs696AW/CqC + 0MKuKn50UitKwJx+RdcwZT/M72JwURYqWDfnT0J4icihUyS8fxcyYGq7wDO2pQCz + MNoA3QrBlK5IAqwqaUlQ4G9mQhtg369Xwkm+eVmgisaEhdfM3kG+dMibJk3KuP4U + ZGwvIQKBgQC8eHpQO008Fr09iJLFf5sGafppx3xvDQBE25s1Dwm4EkLytiUFbTq0 + iyWTwfESjW5Z89QyL0C+/UqguYuhX6NQmfPYa8gZGxAAfm7kbUmLD2eYuFFvQen2 + +swie3/jwbmKrTqSZfTatXzgWpFtgvotdeoauYA/XlFdaC2zdfYycQ== + -----END RSA PRIVATE KEY----- + ca_cert: | + -----BEGIN CERTIFICATE----- + MIIE/TCCAuegAwIBAgIBATALBgkqhkiG9w0BAQswEDEOMAwGA1UEAxMFYmJzQ0Ew + HhcNMTUwOTE1MjIyOTE4WhcNMjUwOTE1MjIyOTIxWjAQMQ4wDAYDVQQDEwViYnND + QTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKjxJkuxVD5jrls2jXfB + ZsWd3HisgpdpgrTObOeJnrb6g4BB7GOSqMlZDEl0ROEBuT4Ax+tSEyhO8FgDR6Mq + Ey8h/HyOmCOsxt+0ZOlgmY04eGrSgkzhG41UiBEkezgFdxNCB8NZjTwwQmO2qjM7 + BsTS9SaEh11HdpIhoeu22aqXuP0r56ZaRC7rfPb+U9SaWaygwMfgXZ7ZDBizHz+n + gRSvQ+KnvHG1nZGR+vwuNikBdby8YRBVXaGjF1I7uZh/kcPm2XX9RwHaXSIgGyuK + C+YJy95L4WdX2sgm8Mm+mhIKRnGggBbmUmbDT8URkYIu11YEI/FqH/+WmEPv0UC7 + U1rSVkQVhlHgO6Ohjoe251jw9U1UR0qXsfI/2maPESxJW2FDXOrBCzMK0/Us+y7M + rBRLhLkYJmv9GUFQG1M3eOfP6VIMMm6wZ1+2untcI7Eb+HZxhO91ddYlKNbFpZ7P + f0P0GuopPE6kzX3gFoivEHxIslumeoVDgMzQ4uj1TYGmOtjuiD48kIrVaeEKUcxN + 7YzSt3tTZ+a1GKqFcuj+g/rbUYLBT5Ztj89O3AahnCzCymOJ3EkWQ4aJzdAs3KEG + RxGs2zzsBKkTp+UXXv4q/GrZ+J/PjqY9285TaQx3MZmdLdIyNoh6UwwFPdyEYsTv + xhtJb5NdjY9K56mkeVEkfuGtAgMBAAGjZjBkMA4GA1UdDwEB/wQEAwIABjASBgNV + HRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTYcWew/0k5ZG8q8OzlhKSPH6v8szAf + BgNVHSMEGDAWgBTYcWew/0k5ZG8q8OzlhKSPH6v8szALBgkqhkiG9w0BAQsDggIB + AFt3ueVxYhu5vT1IKL/xIuxfl8SXZqaJSg35DqJ6FlEDU+E/mjflrPMsV5Iz5ycd + JMO3hN9ipilkfx5m7gTIDcxl0izej2jlI2uncjLT6MsPI1+LsRxyVDR4+MDvM7ce + myfpIPNQlGQI/cTkmOT+tTaffwf6PLcvT/HvJivax/y0tIsCIqtTSoM6eoi6D9jN + n/VkMsZpaxxIt0nm87ZgcWA6IVPdtO51eLWlJyfz8/V8f/ySARUMdMSVkFiS6OMS + nxsrQGPLOOWTYepV6XD4GP9zDYL4aLArGfWprq79KHAtRYtGHixgcxFgbfBnon2y + 6HG1vDa/sVFrleSwBRsCtVRgYvAShdn50hL4JgSn8OjkkTVB1wz74bqCj001RHfS + dxKhfzBPQsqsdGCMZKkRGUpUavM3qW/UAxbYgkjcS04hzmjyC/I1sKpDebQJyX9i + 66F3zR7eRzwH7Y8s5PTo+dYZJmNxtN7vJKq++8Cg707XUzBT/U2SQV84TOsZO70Q + Hl7GKY3NdpVEslyiwMdi6DyhTH+MV3HMkEds16wCRNAVriSXPeg/GYNhQqcdTceU + I0YSumzEeQMcFbg0LUYayZ9PlhPgLosMba9BDK/K244OZvmGyRr1ANnnASsQg4cK + vsHDEV4jBWxHAw41ArfNLg9vA8ojf/1EU4E2d5GU5fVe + -----END CERTIFICATE----- diff --git a/manifest-generation/diego.yml b/manifest-generation/diego.yml index 6271fca2c2..d87a2f3083 100644 --- a/manifest-generation/diego.yml +++ b/manifest-generation/diego.yml @@ -689,6 +689,10 @@ properties: cc_uploader: dropsonde_port: (( config_from_cf.metron_agent.dropsonde_incoming_port )) log_level: (( property_overrides.cc_uploader.log_level || nil )) + cc: + ca_cert: (( property_overrides.cc_uploader.cc.ca_cert )) + client_cert: (( property_overrides.cc_uploader.cc.client_cert )) + client_key: (( property_overrides.cc_uploader.cc.client_key )) nsync: diego_privileged_containers: (( property_overrides.nsync.diego_privileged_containers || nil )) dropsonde_port: (( config_from_cf.metron_agent.dropsonde_incoming_port )) diff --git a/scripts/generate-cc-uploader-certs b/scripts/generate-cc-uploader-certs new file mode 100755 index 0000000000..72110c2ac4 --- /dev/null +++ b/scripts/generate-cc-uploader-certs @@ -0,0 +1,40 @@ +#!/bin/bash + +set -e -x + +usage() { + >&2 echo " Usage: + $0 DIEGO_CA_NAME DIEGO_CA_CERT_DIRECTORY + + Ex: + $0 diegoCA ~/workspace/diego-release/diego-certs/ +" + exit 1 +} + +ca_name=$1 +ca_cert_directory=$2 + +if [ -z "${ca_name}" ]; then + >&2 echo "Specify a CA" + usage +fi + +if [ ! -d "${ca_cert_directory}" ]; then + >&2 echo "Specify location of CA cert and key" + usage +fi + +# Install certstrap +go get -v github.com/square/certstrap + +# Place keys and certificates here +output_path="diego-certs/cc-uploader-certs" +mkdir -p ${output_path} + +client_cn='cc_uploader' +certstrap --depot-path ${ca_cert_directory} request-cert --passphrase '' --common-name $client_cn +certstrap --depot-path ${ca_cert_directory} sign $client_cn --CA $ca_name +mv -f "${ca_cert_directory}/${client_cn}.key" "${output_path}/client.key" +mv -f "${ca_cert_directory}/${client_cn}.csr" "${output_path}/client.csr" +mv -f "${ca_cert_directory}/${client_cn}.crt" "${output_path}/client.crt" diff --git a/scripts/generate-diego-certs b/scripts/generate-diego-certs index c88d5f1d86..6ecb0d72d0 100755 --- a/scripts/generate-diego-certs +++ b/scripts/generate-diego-certs @@ -5,11 +5,12 @@ set -e -x existing_depot="$1" pushd `dirname "$0"`/.. - scripts/generate-bbs-certs cf-diego-ca "$existing_depot" - scripts/generate-locket-certs cf-diego-ca "$existing_depot" - scripts/generate-rep-certs cf-diego-ca "$existing_depot" - scripts/generate-auctioneer-certs cf-diego-ca "$existing_depot" - scripts/generate-tps-certs cf-diego-ca "$existing_depot" + scripts/generate-bbs-certs cf-diego-ca "$existing_depot" + scripts/generate-locket-certs cf-diego-ca "$existing_depot" + scripts/generate-rep-certs cf-diego-ca "$existing_depot" + scripts/generate-auctioneer-certs cf-diego-ca "$existing_depot" + scripts/generate-tps-certs cf-diego-ca "$existing_depot" + scripts/generate-cc-uploader-certs cf-diego-ca "$existing_depot" popd echo "Outputted certs to diego-certs"