Skip to content

Commit cbc614d

Browse files
deajandeajan
authored
Add logs to keystore-setup and fix password regex (apache#10723)
1 parent 5da7d2d commit cbc614d

File tree

1 file changed

+49
-19
lines changed

1 file changed

+49
-19
lines changed

scripts/util/keystore-setup

Lines changed: 49 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -25,52 +25,82 @@ CSR_FILE="$5"
2525
ALIAS="cloud"
2626
LIBVIRTD_FILE="/etc/libvirt/libvirtd.conf"
2727

28+
if type -p logger > /dev/null; then
29+
LOGGER_CMD="$(type -p logger) -t cloudstack-keystore-setup"
30+
else
31+
LOG_FILE="/var/log/cloudstack/agent/cloudstack-keystore-setup.log"
32+
log() {
33+
if [ "${1}" != "" ]; then
34+
__log_line="${1}"
35+
else
36+
read -r __log_line
37+
fi
38+
39+
echo "${__log_line}" >> "${LOG_FILE}"
40+
echo "${__log_line}"
41+
}
42+
LOGGER_CMD=log
43+
fi
44+
45+
$LOGGER_CMD "$(date) - starting keystore-setup"
46+
2847
# Re-use existing password or use the one provided
2948
if [ -f "$PROPS_FILE" ]; then
30-
OLD_PASS=$(sed -n '/keystore.passphrase/p' "$PROPS_FILE" 2>/dev/null | sed 's/keystore.passphrase=//g' 2>/dev/null)
31-
if [ ! -z "${OLD_PASS// }" ]; then
49+
$LOGGER_CMD "Previous props file exists, trying to extract password"
50+
OLD_PASS=$(sed -n '/^keystore.passphrase/p' "$PROPS_FILE" | sed 's/^keystore.passphrase=//g')
51+
if [ -n "${OLD_PASS// }" ]; then
3252
KS_PASS="$OLD_PASS"
53+
$LOGGER_CMD "Password extraction successful"
3354
else
34-
sed -i "/keystore.passphrase.*/d" $PROPS_FILE 2> /dev/null || true
35-
echo "keystore.passphrase=$KS_PASS" >> $PROPS_FILE
55+
sed -i "/^keystore.passphrase.*/d" "$PROPS_FILE" 2>&1 | $LOGGER_CMD || true
56+
echo "keystore.passphrase=$KS_PASS" >> "$PROPS_FILE"
57+
if [ $? != 0 ]; then
58+
$LOGGER_CMD "Could not add new password to agent.properties"
59+
else
60+
$LOGGER_CMD "New keystore password set"
61+
fi
3662
fi
3763
fi
3864

3965
if [ -f "$KS_FILE" ]; then
40-
keytool -delete -noprompt -alias "$ALIAS" -keystore "$KS_FILE" -storepass "$KS_PASS" > /dev/null 2>&1 || true
66+
$LOGGER_CMD "keystore file exists. Deleting current entries"
67+
keytool -delete -noprompt -alias "$ALIAS" -keystore "$KS_FILE" -storepass "$KS_PASS" 2>&1 | $LOGGER_CMD
68+
[ $? -ne 0 ] && $LOGGER_CMD "Failed to delete current entries"
4169
fi
4270

71+
$LOGGER_CMD "Generating new key"
4372
CN=$(hostname --fqdn)
44-
keytool -genkey -storepass "$KS_PASS" -keypass "$KS_PASS" -alias "$ALIAS" -keyalg RSA -validity "$KS_VALIDITY" -dname cn="$CN",ou="cloudstack",o="cloudstack",c="cloudstack" -keystore "$KS_FILE" > /dev/null 2>&1
73+
keytool -genkey -storepass "$KS_PASS" -keypass "$KS_PASS" -alias "$ALIAS" -keyalg RSA -validity "$KS_VALIDITY" -dname cn="$CN",ou="cloudstack",o="cloudstack",c="cloudstack" -keystore "$KS_FILE" 2>&1 | $LOGGER_CMD
4574

4675
# Generate CSR
47-
rm -f "$CSR_FILE"
76+
$LOGGER_CMD "Generating CSR"
77+
[ -f "$CSR_FILE" ] && rm -f "$CSR_FILE"
4878
addresses=$(ip address | grep inet | awk '{print $2}' | sed 's/\/.*//g' | grep -v '^169.254.' | grep -v '^127.0.0.1' | egrep -v '^::1|^fe80' | grep -v '^::1' | sed 's/^/ip:/g' | tr '\r\n' ',')
49-
keytool -certreq -storepass "$KS_PASS" -alias "$ALIAS" -file $CSR_FILE -keystore "$KS_FILE" -ext san="$addresses" > /dev/null 2>&1
50-
79+
$LOGGER_CMD "Found following SAN addresses to add to CSR: ${addresses}"
80+
keytool -certreq -storepass "$KS_PASS" -alias "$ALIAS" -file "$CSR_FILE" -keystore "$KS_FILE" -ext san="$addresses" 2>&1 | $LOGGER_CMD
5181
if [ $? -ne 0 ];then
52-
echo "Failed to generate CSR file, retrying after removing existing settings"
82+
$LOGGER_CMD "Failed to generate CSR file, retrying after removing existing settings"
5383

5484
if [ -f "$LIBVIRTD_FILE" ]; then
55-
echo "Reverting libvirtd to not listen on TLS"
85+
$LOGGER_CMD "Reverting libvirtd to not listen on TLS"
5686
sed -i "s,^listen_tls=1,listen_tls=0,g" $LIBVIRTD_FILE
5787
systemctl restart libvirtd
5888
fi
5989

60-
echo "Removing cloud.* files in /etc/cloudstack/agent"
61-
rm -f /etc/cloudstack/agent/cloud.*
90+
$LOGGER_CMD "Removing cloud.* files in /etc/cloudstack/agent"
91+
rm -f /etc/cloudstack/agent/cloud.* || $LOGGER_CMD "Could not remove /etc/cloudstack/agent/cloud.*"
6292

63-
echo "Retrying to generate CSR file"
64-
keytool -certreq -storepass "$KS_PASS" -alias "$ALIAS" -file $CSR_FILE -keystore "$KS_FILE" -ext san="$addresses" >/dev/null 2>&1
93+
$LOGGER_CMD "Retrying to generate CSR file"
94+
keytool -certreq -storepass "$KS_PASS" -alias "$ALIAS" -file "$CSR_FILE" -keystore "$KS_FILE" -ext san="$addresses" 2>&1 | $LOGGER_CMD
6595
if [ $? -ne 0 ];then
66-
echo "Failed to generate CSR file while retrying"
96+
$LOGGER_CMD "Failed to generate CSR file while retrying"
6797
exit 1
6898
fi
6999
fi
70100

71101
cat "$CSR_FILE"
72102

73103
# Fix file permissions
74-
chmod 600 $KS_FILE
75-
chmod 600 $PROPS_FILE
76-
chmod 600 $CSR_FILE
104+
chmod 600 "$KS_FILE" || $LOGGER_CMD "Cannot chmod $KS_FILE"
105+
chmod 600 "$PROPS_FILE" || $LOGGER_CMD "Cannot chmod $PROPS_FILE"
106+
chmod 600 "$CSR_FILE" || $LOGGER_CMD "Cannot chmod $CSR_FILE"

0 commit comments

Comments
 (0)