spiffe
/
spire-tutorials
mirror of https://github.com/spiffe/spire-tutorials.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
spire-tutorials/nested-spire/scripts/set-env.sh

117 lines
3.3 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
set -e
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
norm=$(tput sgr0) || true
green=$(tput setaf 2) || true
red=$(tput setaf 1) || true
bold=$(tput bold) || true
timestamp() {
date -u "+[%Y-%m-%dT%H:%M:%SZ]"
}
log() {
echo "${bold}$(timestamp) $*${norm}"
}
setup() {
# Generates certs
go run "${DIR}/gencerts.go" "$@"
}
fingerprint() {
# calculate the SHA1 digest of the DER bytes of the certificate using the
# "coreutils" output format (`-r`) to provide uniform output from
# `openssl sha1` on macOS and linux.
openssl x509 -in "$1" -outform DER | openssl sha1 -r | awk '{print $1}'
}
check-entry-is-propagated() {
# Check at most 30 times that the agent has successfully synced down the workload entry.
# Wait one second between checks.
log "Checking registration entry is propagated..."
for ((i=1;i<=30;i++)); do
if docker-compose logs $1 | grep -qe "$2"; then
log "${green}Entry is propagated.${nn}"
return 0
fi
sleep 1
done
log "${red}timed out waiting for the entry to be progagated to the agent${norm}"
exit 1
}
# create a shared folder for root agent socket to be accessed by nestedA and nestedB servers
mkdir -p sharedRootSocket
# Starts root SPIRE deployment
log "Generate certificates for the root SPIRE deployment"
setup root/server root/agent
log "Start root server"
docker-compose up -d root-server
log "bootstrapping root-agent."
docker-compose exec -T root-server /opt/spire/bin/spire-server bundle show > root/agent/bootstrap.crt
log "Start root agent"
docker-compose up -d root-agent
# Creates registration entries for the nested servers
log "creating nestedA downstream registration entry..."
docker-compose exec -T root-server \
/opt/spire/bin/spire-server entry create \
-parentID "spiffe://example.org/spire/agent/x509pop/$(fingerprint root/agent/agent.crt.pem)" \
-spiffeID "spiffe://example.org/nestedA" \
-selector "docker:label:org.example.name:nestedA-server" \
-downstream \
-ttl 3600
check-entry-is-propagated root-agent spiffe://example.org/nestedA
log "creating nestedB downstream registration entry..."
docker-compose exec -T root-server \
/opt/spire/bin/spire-server entry create \
-parentID "spiffe://example.org/spire/agent/x509pop/$(fingerprint root/agent/agent.crt.pem)" \
-spiffeID "spiffe://example.org/nestedB" \
-selector "docker:label:org.example.name:nestedB-server" \
-downstream \
-ttl 3600
check-entry-is-propagated root-agent spiffe://example.org/nestedB
# Starts nestedA SPIRE deployment
log "Generate certificates for the nestedA deployment"
setup nestedA/server nestedA/agent
log "Starting nestedA-server.."
docker-compose up -d nestedA-server
log "bootstrapping nestedA agent..."
docker-compose exec -T nestedA-server /opt/spire/bin/spire-server bundle show > nestedA/agent/bootstrap.crt
log "Starting nestedA-agent..."
docker-compose up -d nestedA-agent
# Starts nestedB SPIRE deployment
log "Generate certificates for the nestedB deployment"
setup nestedB/server nestedB/agent
log "Starting nestedB-server.."
docker-compose up -d nestedB-server
log "bootstrapping nestedB agent..."
docker-compose exec -T nestedB-server /opt/spire/bin/spire-server bundle show > nestedB/agent/bootstrap.crt
log "Starting nestedB-agent..."
docker-compose up -d nestedB-agent
Reference in New Issue View Git Blame Copy Permalink