github.com/decred/politeia@v1.4.0/politeiawww/scripts/cockroachcerts.sh

github.com/decred/politeia@v1.4.0/politeiawww/scripts/cockroachcerts.sh (about)

     1  #!/usr/bin/env bash
     2  
     3  # This script creates the certificates required to run a CockroachDB node
     4  # locally. This includes creating a CA certificate, a node certificate, and a
     5  # client certificate for the root user. The root user is used to open a sql
     6  # shelL.
     7  #
     8  # More information on CockroachDB certificate usage can be found at:
     9  # https://www.cockroachlabs.com/docs/stable/create-security-certificates.html
    10  
    11  set -ex
    12  
    13  # Database usernames
    14  readonly USER_POLITEIAD="politeiad"
    15  readonly USER_POLITEIAWWW="politeiawww"
    16  
    17  # COCKROACHDB_DIR is where all of the certificates will be created.
    18  COCKROACHDB_DIR=$1
    19  if [ "${COCKROACHDB_DIR}" == "" ]; then
    20    COCKROACHDB_DIR="${HOME}/.cockroachdb"
    21  fi
    22  
    23  # Create cockroachdb directories.
    24  mkdir -p "${COCKROACHDB_DIR}/certs/node"
    25  mkdir -p "${COCKROACHDB_DIR}/certs/clients/root"
    26  mkdir -p "${COCKROACHDB_DIR}/certs/clients/${USER_POLITEIAD}"
    27  mkdir -p "${COCKROACHDB_DIR}/certs/clients/${USER_POLITEIAWWW}"
    28  
    29  
    30  # Create CA certificate and key.
    31  cockroach cert create-ca \
    32    --certs-dir="${COCKROACHDB_DIR}/certs" \
    33    --ca-key="${COCKROACHDB_DIR}/ca.key" \
    34  
    35  # Create the node certificate and key.  These files, node.crt and node.key,
    36  # will be used to secure communication between nodes. You would generate these
    37  # separately for each node with a unique addresses.  The node certificate that
    38  # is generated here is for a CockroachDB node that is running locally.  See the
    39  # CockroachDB docs for instructions on generating node certificates for a
    40  # CockroachDB cluster.
    41  # https://www.cockroachlabs.com/docs/stable/manual-deployment.html
    42  cp "${COCKROACHDB_DIR}/certs/ca.crt" "${COCKROACHDB_DIR}/certs/node"
    43  cockroach cert create-node localhost \
    44    $(hostname) \
    45    localhost \
    46    127.0.0.1 \
    47    --certs-dir="${COCKROACHDB_DIR}/certs/node" \
    48    --ca-key="${COCKROACHDB_DIR}/ca.key"
    49  
    50  # Create the client certificate and key for the root user.  These files,
    51  # client.root.crt and client.root.key, will be used to secure communication
    52  # between the built-in SQL shell and the cluster.
    53  cp "${COCKROACHDB_DIR}/certs/ca.crt" "${COCKROACHDB_DIR}/certs/clients/root"
    54  cockroach cert create-client root \
    55    --certs-dir="${COCKROACHDB_DIR}/certs/clients/root" \
    56    --ca-key="${COCKROACHDB_DIR}/ca.key"
    57  
    58  # Create the client certificate and key for the politeiad user.
    59  cp "${COCKROACHDB_DIR}/certs/ca.crt" \
    60    "${COCKROACHDB_DIR}/certs/clients/${USER_POLITEIAD}"
    61  
    62  cockroach cert create-client ${USER_POLITEIAD} \
    63    --certs-dir="${COCKROACHDB_DIR}/certs/clients/${USER_POLITEIAD}" \
    64    --ca-key="${COCKROACHDB_DIR}/ca.key"
    65  
    66  # Create the client certificate and key for politeiawww user.
    67  cp "${COCKROACHDB_DIR}/certs/ca.crt" \
    68    "${COCKROACHDB_DIR}/certs/clients/${USER_POLITEIAWWW}"
    69  
    70  cockroach cert create-client ${USER_POLITEIAWWW} \
    71    --certs-dir="${COCKROACHDB_DIR}/certs/clients/${USER_POLITEIAWWW}" \
    72    --ca-key="${COCKROACHDB_DIR}/ca.key"