Skip to content

Commit b2a733e

Browse files
author
roman
committed
Internal directory structure changed to have a better separation of input/output volumes e.g. for usage in k8s.
1 parent 58d251f commit b2a733e

File tree

13 files changed

+43
-42
lines changed

13 files changed

+43
-42
lines changed

Dockerfile

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -7,11 +7,13 @@ RUN apk update \
77
&& apk add --update bash openjdk11-jre-headless~11.0 openssl3 py3-jinja2 py3-yaml\
88
&& rm -rf /var/cache/apk/*
99

10-
RUN mkdir -p /opt/certs
10+
RUN mkdir -p /opt/scripts
1111

12-
ADD *.sh /opt/certs/
13-
ADD create_configs.py /opt/certs/
14-
ADD cert.template /opt/certs/
15-
WORKDIR /opt/certs
12+
COPY *.sh /opt/scripts
13+
COPY create_configs.py /opt/scripts
14+
COPY cert.template /opt/scripts
1615

17-
CMD ["/opt/certs/run.sh"]
16+
WORKDIR /opt/scripts
17+
ENV CERTDIR=/mnt/certs
18+
19+
CMD ["/opt/scripts/run.sh"]

README.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -83,11 +83,11 @@ Description of the fields:
8383
| CN_as_SAN | Add CN as SAN in addition (required by many clients/browsers) - true/false (default: true) |
8484

8585
* Pull the docker image (from docker hub) or build locally with `./build_docker_image.sh`
86-
* Run the docker image - you need to mount the `hosts.txt` to `/opt/certs/hosts.txt` and a destination directory where the configs and certificates will be placed to `/opt/certs/current` - e.g.:
86+
* Run the docker image - you need to mount the `hosts.txt` to `/mnt/config/hosts.txt` and a destination directory where the configs and certificates will be placed to `/mnt/certs` - e.g.:
8787
```bash
8888
docker run --rm \
89-
-v $(pwd)/hosts.txt:/opt/certs/hosts.txt \
90-
-v $(pwd)/certs:/opt/certs/current \
89+
-v $(pwd)/hosts.txt:/mnt/config/hosts.txt \
90+
-v $(pwd)/certs:/mnt/certs \
9191
schmitzi/openssl-alpine-j11:1.0.0
9292
```
9393
* The following optional parameters can be provided as environment variables using `-e`:

build_docker_image.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
11
#!/usr/bin/env bash
22

3-
docker build ./scripts -t schmitzi/openssl-alpine-j11:1.2.0 -f Dockerfile
3+
docker build ./scripts -t schmitzi/openssl-alpine-j11:1.3.0 -f Dockerfile

examples/confluent-platform/run_cp.sh

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,6 @@
22

33
docker run --rm \
44
-e PASSWD=changeIt -e DAYS=389 -e DAYS_CA=3650 \
5-
-v $(pwd)/hosts.yml:/opt/certs/hosts.txt \
6-
-v $(pwd)/certs:/opt/certs/current \
7-
schmitzi/openssl-alpine-j11:1.2.0
5+
-v $(pwd)/hosts.yml:/mnt/config/hosts.txt \
6+
-v $(pwd)/certs:/mnt/certs \
7+
schmitzi/openssl-alpine-j11:1.3.0

examples/csr-test/run_test_yaml.sh

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,6 @@
22

33
docker run --rm \
44
-e PREPARE_CSR_ONLY=yes \
5-
-v $(pwd)/hosts.yml:/opt/certs/hosts.txt \
6-
-v $(pwd)/certs:/opt/certs/current \
7-
schmitzi/openssl-alpine-j11:1.2.0
5+
-v $(pwd)/hosts.yml:/mnt/config/hosts.txt \
6+
-v $(pwd)/certs:/mnt/certs \
7+
schmitzi/openssl-alpine-j11:1.3.0

examples/encrypted-ca-key/run_test.sh

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,6 @@
22

33
docker run --rm \
44
-e CA_KEYPASSWD=xyz123 -e PASSWD=changeIt -e DAYS=389 -e DAYS_CA=3650 \
5-
-v $(pwd)/hosts.yml:/opt/certs/hosts.txt \
6-
-v $(pwd)/certs:/opt/certs/current \
7-
schmitzi/openssl-alpine-j11:1.2.0
5+
-v $(pwd)/hosts.yml:/mnt/config/hosts.txt \
6+
-v $(pwd)/certs:/mnt/certs \
7+
schmitzi/openssl-alpine-j11:1.3.0

examples/test/run_test_json.sh

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,6 @@
22

33
docker run --rm \
44
-e PASSWD=changeIt -e DAYS=389 -e DAYS_CA=3650 \
5-
-v $(pwd)/hosts.json:/opt/certs/hosts.txt \
6-
-v $(pwd)/certs:/opt/certs/current \
7-
schmitzi/openssl-alpine-j11:1.2.0
5+
-v $(pwd)/hosts.json:/mnt/config/hosts.txt \
6+
-v $(pwd)/certs:/mnt/certs \
7+
schmitzi/openssl-alpine-j11:1.3.0

examples/test/run_test_yaml.sh

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,6 @@
22

33
docker run --rm \
44
-e PASSWD=changeIt -e DAYS=389 -e DAYS_CA=3650 \
5-
-v $(pwd)/hosts.yml:/opt/certs/hosts.txt \
6-
-v $(pwd)/certs:/opt/certs/current \
7-
schmitzi/openssl-alpine-j11:1.2.0
5+
-v $(pwd)/hosts.yml:/mnt/config/hosts.txt \
6+
-v $(pwd)/certs:/mnt/certs \
7+
schmitzi/openssl-alpine-j11:1.3.0

scripts/check_ca.sh

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
#!/usr/bin/env bash
22

33
# Check if the provided CA Key is "encrypted" - using the first line of the ca-root.key file
4-
first_line=$(head -n 1 /opt/certs/current/ca-root.key)
4+
first_line=$(head -n 1 /mnt/certs/ca-root.key)
55

66
# Check if the first line contains "ENCRYPTED"
77
if [[ "$first_line" == *"ENCRYPTED"* ]]; then
@@ -12,14 +12,14 @@ if [[ "$first_line" == *"ENCRYPTED"* ]]; then
1212
fi
1313

1414
# Capture the modulus of the public certificate
15-
public_modulus=$(openssl x509 -modulus -noout -in /opt/certs/current/ca-root.crt 2>/dev/null | openssl md5)
15+
public_modulus=$(openssl x509 -modulus -noout -in /mnt/certs/ca-root.crt 2>/dev/null | openssl md5)
1616

1717
if [[ -z "$CA_KEYPASSWD" ]]; then
1818
# Capture the modulus of the private key
19-
private_modulus=$(openssl rsa -modulus -noout -in /opt/certs/current/ca-root.key 2>/dev/null | openssl md5)
19+
private_modulus=$(openssl rsa -modulus -noout -in /mnt/certs/ca-root.key 2>/dev/null | openssl md5)
2020
else
2121
# Capture the modulus of the private key (with password)
22-
private_modulus=$(openssl rsa -modulus -noout -in /opt/certs/current/ca-root.key -passin pass:$CA_KEYPASSWD 2>/dev/null | openssl md5)
22+
private_modulus=$(openssl rsa -modulus -noout -in /mnt/certs/ca-root.key -passin pass:$CA_KEYPASSWD 2>/dev/null | openssl md5)
2323
fi
2424

2525
# Compare the two modulis
@@ -28,4 +28,4 @@ if [ "$public_modulus" != "$private_modulus" ]; then
2828
exit 1
2929
fi
3030

31-
cat current/ca-root.crt > current/ca-root.pem
31+
cat /mnt/certs/ca-root.crt > /mnt/certs/ca-root.pem

scripts/create_configs.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
import yaml
44

55
# Read hosts input and extract global settings
6-
with open('./hosts.txt') as input_file:
6+
with open('/mnt/config/hosts.txt') as input_file:
77
hosts = yaml.load(input_file, Loader=yaml.FullLoader)
88
globals = hosts['global'] if 'global' in hosts else {}
99

@@ -18,5 +18,5 @@
1818

1919
output_filename = host['fileName']+'.cnf' if 'fileName' in host else host['CN']+'.cnf'
2020

21-
with open('./current/'+output_filename, "w") as out_file:
21+
with open('/mnt/certs/'+output_filename, "w") as out_file:
2222
out_file.write(outputCertConfig)

0 commit comments

Comments
 (0)