Browse code
Don't make root CA if it exists
To support multinode testing where we just copy the CA to all the
instances don't remake the CA if it already exists.
The end result is that you can trusty a single chain and all your
clients will be happy regardless of which host they are talking to.
Change-Id: I90892e6828a59fa37af717361a2f1eed15a87ae4
Clark Boylan authored on 2016/09/24 05:33:40Showing 1 changed files
| ... | ... |
@@ -322,15 +322,17 @@ function make_root_CA {
|
| 322 | 322 |
create_CA_base $ca_dir |
| 323 | 323 |
create_CA_config $ca_dir 'Root CA' |
| 324 | 324 |
|
| 325 |
- # Create a self-signed certificate valid for 5 years |
|
| 326 |
- $OPENSSL req -config $ca_dir/ca.conf \ |
|
| 327 |
- -x509 \ |
|
| 328 |
- -nodes \ |
|
| 329 |
- -newkey rsa \ |
|
| 330 |
- -days 21360 \ |
|
| 331 |
- -keyout $ca_dir/private/cacert.key \ |
|
| 332 |
- -out $ca_dir/cacert.pem \ |
|
| 333 |
- -outform PEM |
|
| 325 |
+ if [ ! -r "$ca_dir/cacert.pem" ]; then |
|
| 326 |
+ # Create a self-signed certificate valid for 5 years |
|
| 327 |
+ $OPENSSL req -config $ca_dir/ca.conf \ |
|
| 328 |
+ -x509 \ |
|
| 329 |
+ -nodes \ |
|
| 330 |
+ -newkey rsa \ |
|
| 331 |
+ -days 21360 \ |
|
| 332 |
+ -keyout $ca_dir/private/cacert.key \ |
|
| 333 |
+ -out $ca_dir/cacert.pem \ |
|
| 334 |
+ -outform PEM |
|
| 335 |
+ fi |
|
| 334 | 336 |
} |
| 335 | 337 |
|
| 336 | 338 |
# If a non-system python-requests is installed then it will use the |
| ... | ... |
@@ -507,7 +509,7 @@ function cleanup_CA {
|
| 507 | 507 |
sudo update-ca-certificates |
| 508 | 508 |
fi |
| 509 | 509 |
|
| 510 |
- rm -rf "$DATA_DIR/CA" "$DEVSTACK_CERT" |
|
| 510 |
+ rm -rf "$INT_CA_DIR" "$ROOT_CA_DIR" "$DEVSTACK_CERT" |
|
| 511 | 511 |
} |
| 512 | 512 |
|
| 513 | 513 |
# Tell emacs to use shell-script-mode |