diff options
| author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2022-06-30 12:28:09 +0200 |
|---|---|---|
| committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2022-06-30 15:45:23 +0200 |
| commit | 53d229d200f9ce507c1cd5e01adc1fcfb769a856 (patch) | |
| tree | e04677df2afd7f0bc8464ea2c5b1a87ef85632fe /scripts | |
| parent | 18a5f453459c92e88fddfed3523937892f7a2edd (diff) | |
| download | vyos-build-53d229d200f9ce507c1cd5e01adc1fcfb769a856.tar.gz vyos-build-53d229d200f9ce507c1cd5e01adc1fcfb769a856.zip | |
smoketest: Move PKI file generate to script in vyos-1x
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/check-qemu-install | 42 |
1 files changed, 3 insertions, 39 deletions
diff --git a/scripts/check-qemu-install b/scripts/check-qemu-install index 2488baf3..61e206a4 100755 --- a/scripts/check-qemu-install +++ b/scripts/check-qemu-install @@ -520,50 +520,14 @@ try: c.sendline('echo "x39C77eavJNpvYbNzPSG3n1D68rHYei6q3AEBEyL1z8=" | sudo tee /config/auth/wireguard/default/public.key') c.expect(op_mode_prompt) - log.info('Generating some OpenVPN keys') - subject = '/C=DE/ST=BY/O=VyOS/localityName=Cloud/commonName=vyos/' \ - 'organizationalUnitName=VyOS/emailAddress=maintainers@vyos.io/' - ca_subject = '/C=DE/ST=BY/O=VyOS/localityName=Cloud/commonName=vyos\ CA/' \ - 'organizationalUnitName=VyOS/emailAddress=maintainers@vyos.io/' - subca_subject = '/C=DE/ST=BY/O=VyOS/localityName=Cloud/commonName=vyos\ SubCA/' \ - 'organizationalUnitName=VyOS/emailAddress=maintainers@vyos.io/' - ca_cert = '/config/auth/ovpn_test_ca.pem' - ca_cert_chain = '/config/auth/ovpn_test_chain.pem' - subca_cert = '/config/auth/ovpn_test_subca.pem' - subca_csr = '/tmp/subca.csr' - subca_key = '/config/auth/ovpn_test_subca.key' - ssl_cert = '/config/auth/ovpn_test_server.pem' - ssl_key = '/config/auth/ovpn_test_server.key' - dh_pem = '/config/auth/ovpn_test_dh.pem' - s2s_key = '/config/auth/ovpn_test_site2site.key' - auth_key = '/config/auth/ovpn_test_tls_auth.key' - - c.sendline(f'openssl req -newkey rsa:4096 -new -nodes -x509 -days 3650 '\ - f'-keyout {ssl_key} -out {ssl_cert} -subj {subject}') - c.expect(op_mode_prompt, timeout=600) - c.sendline(f'openssl req -new -x509 -extensions v3_ca -key {ssl_key} -out {ca_cert} -subj {ca_subject}') - c.expect(op_mode_prompt, timeout=600) - c.sendline(f'openssl req -newkey rsa:2048 -new -nodes -keyout {subca_key} -out {subca_csr} -subj {subca_subject}') - c.expect(op_mode_prompt, timeout=600) - c.sendline(f'openssl x509 -req -CA {ca_cert} -CAkey {ssl_key} -set_serial 01 -extfile /etc/ssl/openssl.cnf -extensions v3_ca -days 3650 -out {subca_cert} -in {subca_csr}') - c.expect(op_mode_prompt, timeout=600) - c.sendline(f'cat {subca_cert} {ca_cert} > {ca_cert_chain}') - c.expect(op_mode_prompt, timeout=600) - c.sendline(f'openssl dhparam -out {dh_pem} 2048') - c.expect(op_mode_prompt, timeout=600) - c.sendline(f'openvpn --genkey secret {s2s_key}') - c.expect(op_mode_prompt) - c.sendline(f'openvpn --genkey secret {auth_key}') - c.expect(op_mode_prompt) + log.info('Generating PKI objects') + c.sendline(f'/usr/bin/vyos-configtest-pki') + c.expect(op_mode_prompt, timeout=900) script_file = '/config/scripts/vyos-foo-update.script' c.sendline(f'echo "#!/bin/sh" > {script_file}; chmod 775 {script_file}') c.expect(op_mode_prompt) - for file in [ca_cert, ca_cert_chain, ssl_cert, ssl_key, dh_pem, s2s_key, auth_key]: - c.sendline(f'sudo chown openvpn:openvpn {file}') - c.expect(op_mode_prompt) - log.info('Executing load config tests') c.sendline('/usr/bin/vyos-configtest') i = c.expect(['\n +Invalid command:', 'No such file or directory', |