diff options
author | Christian Poessinger <christian@poessinger.com> | 2022-07-04 09:22:31 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-07-04 09:22:31 +0200 |
commit | 62ad5e0330d64a73b79c2d5cdaeedeaa3dcb184c (patch) | |
tree | 1166cca1864a4a831971251bfbd2af40806ae64c | |
parent | 89fe9a919fc745cdefed65b24020a0c795366974 (diff) | |
parent | 53d229d200f9ce507c1cd5e01adc1fcfb769a856 (diff) | |
download | vyos-build-62ad5e0330d64a73b79c2d5cdaeedeaa3dcb184c.tar.gz vyos-build-62ad5e0330d64a73b79c2d5cdaeedeaa3dcb184c.zip |
Merge pull request #248 from sarthurdev/ovpn_pki
smoketest: Move PKI file generate to script in vyos-1x
-rwxr-xr-x | scripts/check-qemu-install | 42 |
1 files changed, 3 insertions, 39 deletions
diff --git a/scripts/check-qemu-install b/scripts/check-qemu-install index 2488baf3..61e206a4 100755 --- a/scripts/check-qemu-install +++ b/scripts/check-qemu-install @@ -520,50 +520,14 @@ try: c.sendline('echo "x39C77eavJNpvYbNzPSG3n1D68rHYei6q3AEBEyL1z8=" | sudo tee /config/auth/wireguard/default/public.key') c.expect(op_mode_prompt) - log.info('Generating some OpenVPN keys') - subject = '/C=DE/ST=BY/O=VyOS/localityName=Cloud/commonName=vyos/' \ - 'organizationalUnitName=VyOS/emailAddress=maintainers@vyos.io/' - ca_subject = '/C=DE/ST=BY/O=VyOS/localityName=Cloud/commonName=vyos\ CA/' \ - 'organizationalUnitName=VyOS/emailAddress=maintainers@vyos.io/' - subca_subject = '/C=DE/ST=BY/O=VyOS/localityName=Cloud/commonName=vyos\ SubCA/' \ - 'organizationalUnitName=VyOS/emailAddress=maintainers@vyos.io/' - ca_cert = '/config/auth/ovpn_test_ca.pem' - ca_cert_chain = '/config/auth/ovpn_test_chain.pem' - subca_cert = '/config/auth/ovpn_test_subca.pem' - subca_csr = '/tmp/subca.csr' - subca_key = '/config/auth/ovpn_test_subca.key' - ssl_cert = '/config/auth/ovpn_test_server.pem' - ssl_key = '/config/auth/ovpn_test_server.key' - dh_pem = '/config/auth/ovpn_test_dh.pem' - s2s_key = '/config/auth/ovpn_test_site2site.key' - auth_key = '/config/auth/ovpn_test_tls_auth.key' - - c.sendline(f'openssl req -newkey rsa:4096 -new -nodes -x509 -days 3650 '\ - f'-keyout {ssl_key} -out {ssl_cert} -subj {subject}') - c.expect(op_mode_prompt, timeout=600) - c.sendline(f'openssl req -new -x509 -extensions v3_ca -key {ssl_key} -out {ca_cert} -subj {ca_subject}') - c.expect(op_mode_prompt, timeout=600) - c.sendline(f'openssl req -newkey rsa:2048 -new -nodes -keyout {subca_key} -out {subca_csr} -subj {subca_subject}') - c.expect(op_mode_prompt, timeout=600) - c.sendline(f'openssl x509 -req -CA {ca_cert} -CAkey {ssl_key} -set_serial 01 -extfile /etc/ssl/openssl.cnf -extensions v3_ca -days 3650 -out {subca_cert} -in {subca_csr}') - c.expect(op_mode_prompt, timeout=600) - c.sendline(f'cat {subca_cert} {ca_cert} > {ca_cert_chain}') - c.expect(op_mode_prompt, timeout=600) - c.sendline(f'openssl dhparam -out {dh_pem} 2048') - c.expect(op_mode_prompt, timeout=600) - c.sendline(f'openvpn --genkey secret {s2s_key}') - c.expect(op_mode_prompt) - c.sendline(f'openvpn --genkey secret {auth_key}') - c.expect(op_mode_prompt) + log.info('Generating PKI objects') + c.sendline(f'/usr/bin/vyos-configtest-pki') + c.expect(op_mode_prompt, timeout=900) script_file = '/config/scripts/vyos-foo-update.script' c.sendline(f'echo "#!/bin/sh" > {script_file}; chmod 775 {script_file}') c.expect(op_mode_prompt) - for file in [ca_cert, ca_cert_chain, ssl_cert, ssl_key, dh_pem, s2s_key, auth_key]: - c.sendline(f'sudo chown openvpn:openvpn {file}') - c.expect(op_mode_prompt) - log.info('Executing load config tests') c.sendline('/usr/bin/vyos-configtest') i = c.expect(['\n +Invalid command:', 'No such file or directory', |