Gitiles
Code Review Sign In
gerrit.opencord.org / helm-charts / 4da1d15442ccb1a6a6b34f1d56c9dc2ba7049d2a^! / . / scripts
commit4da1d15442ccb1a6a6b34f1d56c9dc2ba7049d2a[log] [tgz]
authorZack Williams <zdw@opennetworking.org>Fri Dec 14 11:40:36 2018 -0700
committerZack Williams <zdw@opennetworking.org>Fri Dec 14 12:34:00 2018 -0700
tree9ccb2232d07e32d336a7d128ff58b46a8cdd870e
parent51f49cb3f01f52bfbe2c5c3b282ae9990fcd56fa [diff]
Load XOS certificates from files rather than embedding in the values file

Change-Id: Iebcba439adfdb8e9358067a0e84ab790b39a17d4

diff --git a/scripts/pki/.gitignore b/scripts/pki/.gitignore
index 6ec615a..3c69f2e 100644
--- a/scripts/pki/.gitignore
+++ b/scripts/pki/.gitignore

@@ -2,4 +2,3 @@
 *.key
 *.csr
 root_ca
-helm_xos_pki.yaml

diff --git a/scripts/pki/Makefile b/scripts/pki/Makefile
index 70fce4f..2b27fe7 100644
--- a/scripts/pki/Makefile
+++ b/scripts/pki/Makefile

@@ -25,7 +25,7 @@
 # utility/validation targets
 
 help:
-	@echo "Usually you want to run 'make helm_xos_pki.yaml'"
+	@echo "Usually you want to run 'make all_certs'"
 
 validate:
 	 openssl verify -verbose -purpose sslserver -CAfile xos-CA.pem xos-core.crt
@@ -44,21 +44,8 @@
 
 all_certs: xos-core.pem
 
-helm_xos_pki.yaml: xos-CA.pem xos-core.pem xos-core.key
-	@echo "Creating helm compatible YAML file containing certs"
-	@echo "---" > $@
-	@echo "# Certificates can be regenerated with scripts/pki/Makefile" >> $@
-	@echo "# Created on: `date -u`, good for $(EXPIRATION_DAYS) days" >> $@
-	@echo "ca_cert_chain: |" >> $@
-	@cat xos-CA.pem | base64 | sed 's/^/  /' >> $@
-	@echo "secrets:" >> $@
-	@echo "  core_api_cert: |" >> $@
-	@cat xos-core.pem | base64 | sed 's/^/    /' >> $@
-	@echo "  core_api_key: |" >> $@
-	@cat xos-core.key | base64 | sed 's/^/    /' >> $@
-
 clean:
-	rm -rf root_ca *.pem *.key *.csr helm_xos_pki.yaml
+	rm -rf root_ca *.pem *.key *.csr
 
 # CA creation
 root_ca:

diff --git a/scripts/pki/README.md b/scripts/pki/README.md
index 302b3e1..2aeaea1 100644
--- a/scripts/pki/README.md
+++ b/scripts/pki/README.md

@@ -1,7 +1,12 @@
-# XOS certificate generation
+# XOS Certificate Generation
 
-Run `make` on a system with the `openssl` cli tool installed to see options.
+To create certificates for use with XOS, you'll need a system with `make` and
+the `openssl` cli tool.
 
-Most likely you'll want to run `make helm_xos_pki.yaml` to generate a helm
-values file with base64 encoded certificates in it.
+Most frequently you'll want to run `make all_certs`, then copy the files:
 
+- `xos-CA.pem`
+- `xos-core.pem`
+- `xos-core.key`
+
+into the `xos-core/pki` chart directory.