External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-27 05:45:02 -02:30
Code Issues Packages Projects Releases Wiki Activity

Rename/relocate receptor cert and keys (#14091)

Browse Source
This commit is contained in:
Hao Liu
2023-06-09 12:57:04 -04:00
committed by GitHub
parent 044d6bf97c
commit b96564da55
3 changed files with 9 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
awx/api/templates/instance_install_bundle/group_vars/all.yml
View File

@@ -9,7 +9,7 @@ receptor_work_commands:
params: worker params: worker
allowruntimeparams: true allowruntimeparams: true
verifysignature: true verifysignature: true
custom_worksign_public_keyfile: receptor/work-public-key.pem custom_worksign_public_keyfile: receptor/work_public_key.pem
custom_tls_certfile: receptor/tls/receptor.crt custom_tls_certfile: receptor/tls/receptor.crt
custom_tls_keyfile: receptor/tls/receptor.key custom_tls_keyfile: receptor/tls/receptor.key
custom_ca_certfile: receptor/tls/ca/receptor-ca.crt custom_ca_certfile: receptor/tls/ca/receptor-ca.crt

16
awx/api/views/instance_install_bundle.py
View File

@@ -57,13 +57,11 @@ class InstanceInstallBundle(GenericAPIView):
with io.BytesIO() as f: with io.BytesIO() as f:
with tarfile.open(fileobj=f, mode='w:gz') as tar: with tarfile.open(fileobj=f, mode='w:gz') as tar:
# copy /etc/receptor/tls/ca/receptor-ca.crt to receptor/tls/ca in the tar file # copy /etc/receptor/tls/ca/mesh-CA.crt to receptor/tls/ca in the tar file
tar.add( tar.add(os.path.realpath('/etc/receptor/tls/ca/mesh-CA.crt'), arcname=f"{instance_obj.hostname}_install_bundle/receptor/tls/ca/mesh-CA.crt")
os.path.realpath('/etc/receptor/tls/ca/receptor-ca.crt'), arcname=f"{instance_obj.hostname}_install_bundle/receptor/tls/ca/receptor-ca.crt"
)
# copy /etc/receptor/signing/work-public-key.pem to receptor/work-public-key.pem # copy /etc/receptor/work_public_key.pem to receptor/work_public_key.pem
tar.add('/etc/receptor/signing/work-public-key.pem', arcname=f"{instance_obj.hostname}_install_bundle/receptor/work-public-key.pem") tar.add('/etc/receptor/work_public_key.pem', arcname=f"{instance_obj.hostname}_install_bundle/receptor/work_public_key.pem")
# generate and write the receptor key to receptor/tls/receptor.key in the tar file # generate and write the receptor key to receptor/tls/receptor.key in the tar file
key, cert = generate_receptor_tls(instance_obj) key, cert = generate_receptor_tls(instance_obj)
@@ -161,14 +159,14 @@ def generate_receptor_tls(instance_obj):
.sign(key, hashes.SHA256()) .sign(key, hashes.SHA256())
) )
# sign csr with the receptor ca key from /etc/receptor/ca/receptor-ca.key # sign csr with the receptor ca key from /etc/receptor/ca/mesh-CA.key
with open('/etc/receptor/tls/ca/receptor-ca.key', 'rb') as f: with open('/etc/receptor/tls/ca/mesh-CA.key', 'rb') as f:
ca_key = serialization.load_pem_private_key( ca_key = serialization.load_pem_private_key(
f.read(), f.read(),
password=None, password=None,
) )
with open('/etc/receptor/tls/ca/receptor-ca.crt', 'rb') as f: with open('/etc/receptor/tls/ca/mesh-CA.crt', 'rb') as f:
ca_cert = x509.load_pem_x509_certificate(f.read()) ca_cert = x509.load_pem_x509_certificate(f.read())
cert = ( cert = (

2
awx/main/tasks/receptor.py
View File

@@ -665,7 +665,7 @@ RECEPTOR_CONFIG_STARTER = (
{ {
'tls-client': { 'tls-client': {
'name': 'tlsclient', 'name': 'tlsclient',
'rootcas': '/etc/receptor/tls/ca/receptor-ca.crt', 'rootcas': '/etc/receptor/tls/ca/mesh-CA.crt',
'cert': '/etc/receptor/tls/receptor.crt', 'cert': '/etc/receptor/tls/receptor.crt',
'key': '/etc/receptor/tls/receptor.key', 'key': '/etc/receptor/tls/receptor.key',
'mintls13': False, 'mintls13': False,