github.com/verrazzano/verrazzano@v1.7.1/tests/e2e/config/scripts/create-external-os.sh

github.com/verrazzano/verrazzano@v1.7.1/tests/e2e/config/scripts/create-external-os.sh (about)

     1  #!/bin/bash
     2  
     3  #
     4  # Copyright (c) 2021, 2022, Oracle and/or its affiliates.
     5  # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
     6  #
     7  
     8  if [ "$EXTERNAL_ELASTICSEARCH" != "true" ]; then
     9    echo "Skipping creating external Elasticsearch when not using EXTERNAL_ELASTICSEARCH"
    10    exit 0
    11  fi
    12  
    13  if [ "$CLUSTER_NUMBER" != "1" ]; then
    14    echo "Skipping creating external Elasticsearch on a managed cluster"
    15    exit 0
    16  fi
    17  
    18  SCRIPT_DIR=$(cd $(dirname "$0"); pwd -P)
    19  
    20  # This corresponds to OpenSearch 2.3.0
    21  OPENSEARCH_CHART_VERSION="2.6.0"
    22  
    23  # Install OpenSearch
    24  helm repo add opensearch https://opensearch-project.github.io/helm-charts/
    25  helm repo update
    26  helm upgrade --install opensearch opensearch/opensearch --version "$OPENSEARCH_CHART_VERSION" \
    27    -f "$SCRIPT_DIR"/opensearch.yaml
    28  
    29  # Discover the LoadBalancer IP
    30  until [ -n "$(kubectl get svc opensearch-cluster-master -o jsonpath='{.status.loadBalancer.ingress[0].ip}')" ]; do
    31      sleep 3
    32  done
    33  
    34  EXTERNAL_IP="$(kubectl get svc opensearch-cluster-master -o jsonpath='{.status.loadBalancer.ingress[0].ip}')"
    35  
    36  echo "bootstrapping certificates for LoadBalancer @ $EXTERNAL_IP"
    37  
    38  sed -i "s/subjectAltName = critical,IP:.*/subjectAltName = critical,IP:$EXTERNAL_IP/" "$SCRIPT_DIR"/cert.conf
    39  # create root ca key
    40  echo -n '' > index.txt
    41  echo -n '00' > serial.txt
    42  openssl genrsa -out root-key.pem 2048
    43  openssl req -x509 -new -config "$SCRIPT_DIR"/root.conf -key root-key.pem -out root-ca.pem -batch
    44  openssl genrsa -out server_key.pem 2048
    45  openssl req -new -config "$SCRIPT_DIR"/cert.conf -key server_key.pem -out cert.csr -batch
    46  openssl ca -config "$SCRIPT_DIR"/root.conf -keyfile root-key.pem -cert root-ca.pem \
    47    -policy signing_policy -extensions signing_node_req \
    48    -in cert.csr -out cert.pem -outdir "$SCRIPT_DIR" -batch -keyform PEM
    49  openssl pkcs8 -topk8 -inform PEM -in server_key.pem -out key.pem -nocrypt
    50  certdata=$(cat cert.pem)
    51  echo "-----${certdata#*-----}" > cert.pem
    52  
    53  # this secret is used by OpenSearch for loading certificates
    54  kubectl create secret generic opensearch-certificates \
    55    --from-file=cert.pem \
    56    --from-file=key.pem \
    57    --from-file=root-ca.pem
    58  
    59  helm upgrade --install opensearch opensearch/opensearch --version "$OPENSEARCH_CHART_VERSION" \
    60    -f "$SCRIPT_DIR"/opensearch.yaml \
    61    --set service.loadBalancerIP="$EXTERNAL_IP"
    62  
    63  kubectl get namespace -o=name | grep "verrazzano-install"
    64  if [ $? -ne 0 ]; then
    65    echo "External OpenSearch - Create the verrazzano-install namespace"
    66    kubectl create namespace verrazzano-install
    67  fi
    68  cp root-ca.pem "$SCRIPT_DIR"/ca-bundle
    69  cat cert.pem >> "$SCRIPT_DIR"/ca-bundle
    70  
    71  # this secret is used by Verrazzano for loading certificates and credentials
    72  kubectl -n verrazzano-install create secret generic external-es-secret --from-literal=username=admin --from-literal=password=admin --from-file="${SCRIPT_DIR}"/ca-bundle