From 20c4cc9b24912e2fe8850c2d8926f285f983c0bf Mon Sep 17 00:00:00 2001 From: lework Date: Wed, 1 Jul 2020 14:42:38 +0800 Subject: [PATCH] update --- python/supervisor_healthCheck.py | 4 +- shell/cfssl.sh | 205 +++++++++++++++++++++++++++++++ shell/ip.sh | 9 ++ 3 files changed, 216 insertions(+), 2 deletions(-) create mode 100644 shell/cfssl.sh diff --git a/python/supervisor_healthCheck.py b/python/supervisor_healthCheck.py index 72653f2..6790bb5 100644 --- a/python/supervisor_healthCheck.py +++ b/python/supervisor_healthCheck.py @@ -810,8 +810,8 @@ class HealthCheck(object): for i,t in enumerate(threads): if not t.isAlive(): thread_name = t.getName() - self.log('[ERROR] Exception in %s (catch by main): %s' % (thread_name, t.get_exception())) - self.log('[ERROR] Create new Thread!') + self.log('ERROR', 'Exception in %s (catch by main): %s' % (thread_name, t.get_exception())) + self.log('ERROR', 'Create new Thread!') t = WorkerThread(target=self.check, args=(threads_data[thread_name],), name=thread_name) t.setDaemon(True) t.start() diff --git a/shell/cfssl.sh b/shell/cfssl.sh new file mode 100644 index 0000000..82ad17f --- /dev/null +++ b/shell/cfssl.sh @@ -0,0 +1,205 @@ +#!/bin/bash +# +# Author: lework +# Desc: Use cfssl tool to conveniently generate self-signed certificates. +# Date: 2020/07/01 + +set -o errexit # Exit on most errors (see the manual) +set -o errtrace # Make sure any error trap is inherited +set -o nounset # Disallow expansion of unset variables +set -o pipefail # Use last non-zero exit code in a pipeline + + +###################################################################################################### +# environment configuration +###################################################################################################### + +# Colors +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[0;33m' +BLUE='\033[0;36m' +PLAIN='\033[0m' + + +CFSSL_VERSION="1.4.1" + + +###################################################################################################### +# function +###################################################################################################### + +echo_title() { + echo -e "${GREEN}$1${PLAIN}" +} + +function check() { + for bin in cfssl cfssl-certinfo cfssljson + do + if ! $(command -v ${bin} > /dev/null 2>&1);then + echo_title "[Installing] $bin..." + curl -sSL https://github.com/cloudflare/cfssl/releases/download/v${CFSSL_VERSION}/{$bin}_${CFSSL_VERSION}_linux_amd64 > /tmp/${bin} + sudo install /tmp/${bin} /usr/local/bin/${bin} + fi + done + + if ! $(command -v openssl > /dev/null 2>&1);then + echo_title "[Installing] openssl..." + command -v yum > /dev/null 2>&1 && yum -y install openssl + command -v apt-get > /dev/null 2>&1 && apt-get install openssl -y + fi +} + + +function ca() { + project=${1:-demo} + server_hostname="${2:-server.${project}.com}" + client_hostname="${3:-client.${project}.com}" + + [ ! -d "${project}_ca" ] && mkdir "${project}_ca" + cd "${project}_ca" + + echo_title "\n[Generating] cfssl config..." + cat << EOF > cfssl-config.json +{ + "signing": { + "default": { + "expiry": "87600h", + "usages": [ + "signing", + "digital signature", + "key encipherment", + "server auth", + "client auth" + ] + }, + "profiles": { + "peer": { + "expiry": "87600h", + "usages": [ + "signing", + "digital signature", + "key encipherment", + "server auth", + "client auth" + ] + }, + "server": { + "expiry": "87600h", + "usages": [ + "signing", + "digital signature", + "key encipherment", + "server auth" + ] + }, + "client": { + "expiry": "87600h", + "usages": [ + "signing", + "digital signature", + "key encipherment", + "client auth" + ] + } + } + } +} +EOF + + echo_title "\n[Generating] ca csr..." + cat << EOF > ca-csr.json +{ + "CN": "${project^^} CA", + "key": { + "algo": "ecdsa", + "size": 256 + }, + "names": [ + { + "C": "CN", + "ST": "Shanghai", + "L": "Shanghai", + "O": "${project}", + "OU": "${project^^} Service" + } + ] +} +EOF + + echo_title "\n[Generating] csr..." + cat << EOF > csr.json +{ + "key": { + "algo": "ecdsa", + "size": 256 + }, + "names": [ + { + "C": "CN", + "ST": "Shanghai", + "L": "Shanghai", + "O": "${project}", + "OU": "${project^^} Service" + } + ] +} +EOF + + echo_title "\n[Generating] certificate authority..." + cfssl gencert -initca ca-csr.json | cfssljson -bare ca + + echo_title "\n[Generating] server certificate..." + cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=cfssl-config.json \ + -hostname="${server_hostname},localhost,127.0.0.1" csr.json \ + | cfssljson -bare server + + echo_title "\n[Generating] client certificate..." + cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=cfssl-config.json \ + -hostname="${client_hostname},localhost,127.0.0.1" csr.json \ + | cfssljson -bare client + + echo_title "\n[Generating] server and client node certificate..." + cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=cfssl-config.json \ + -hostname="${server_hostname},${client_hostname},localhost,127.0.0.1" csr.json \ + | cfssljson -bare dev + + echo_title "\n[Generating] user certificates..." + cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=cfssl-config.json \ + -profile=client csr.json | cfssljson -bare user + openssl pkcs12 -export -inkey user-key.pem -in user.pem -out user.pfx -password pass: + + echo_title "\n[Generating] The $(pwd) directory file list..." + ls -al . +} + + +usage_help() { + cat <