Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / mcp / cvp-configuration / b57876a32c482a0de91a7029f1f8c31b20d7cb41 / . / scripts / manual_create_signed_images.sh
blob: 55e4ace4b4f81960fd41db8b3917183dd4b5694c [file] [log] [blame]
Alexdb7786b2022-02-21 17:58:29 -0600[diff] [blame]1#!/bin/bash
Alexf59c7392022-04-18 19:10:14 -0500[diff] [blame]2
3echo "Preparing certs"
Alexdb7786b2022-02-21 17:58:29 -0600[diff] [blame]4openssl genrsa -out image_key.pem 1024
5openssl rsa -pubout -in image_key.pem -out image_key.pem.pub
Alexf59c7392022-04-18 19:10:14 -0500[diff] [blame]6openssl req -new -key image_key.pem -out image_req.crt -config image_crt.cnf
Alexdb7786b2022-02-21 17:58:29 -0600[diff] [blame]7openssl x509 -req -days 180 -in image_req.crt -signkey image_key.pem -out image_cert.crt
8
Alexf59c7392022-04-18 19:10:14 -0500[diff] [blame]9echo "Save secret to Barbican storage"
10openstack secret store --name cvp.images --algorithm RSA --expiration $(date +"%Y-%m-%d" -d "180 days") --secret-type certificate --payload-content-type "application/octet-stream" --payload-content-encoding base64 --payload "$(base64 image_cert.crt)"
Alexdb7786b2022-02-21 17:58:29 -0600[diff] [blame]11
Alexf59c7392022-04-18 19:10:14 -0500[diff] [blame]12echo "Exporting ID from 'Secret href' property"
13export s_uuid=$(openstack secret list --name cvp.images -c "Secret href" -f value | rev | cut -d'/' -f1 | rev)
14echo "Exported '$s_uuid'"
Alexdb7786b2022-02-21 17:58:29 -0600[diff] [blame]15
Alexf59c7392022-04-18 19:10:14 -0500[diff] [blame]16echo "Converting images to Raw"
Alexdb7786b2022-02-21 17:58:29 -0600[diff] [blame]17qemu-img convert -f qcow2 -O raw -p cvp.ubuntu.2004 /var/tmp/cvp.ubuntu.2004.raw
18qemu-img convert -f qcow2 -O raw -p cvp.ubuntu.1604 /var/tmp/cvp.ubuntu.1604.raw
Ievgeniia Zadorozhna1cb5b102024-01-19 04:31:09 +0100[diff] [blame]19qemu-img convert -f qcow2 -O raw -p cvp.cirros.61 /var/tmp/cvp.cirros.61.raw
20qemu-img convert -f qcow2 -O raw -p cvp.cirros.62 /var/tmp/cvp.cirros.62.raw
Alexdb7786b2022-02-21 17:58:29 -0600[diff] [blame]21
Alexf59c7392022-04-18 19:10:14 -0500[diff] [blame]22echo "Signing images"
Ievgeniia Zadorozhna1cb5b102024-01-19 04:31:09 +0100[diff] [blame]23openssl dgst -sha256 -sign image_key.pem -sigopt rsa_padding_mode:pss -out cvp.cirros.61.raw.signature /var/tmp/cvp.cirros.61.raw
24openssl dgst -sha256 -sign image_key.pem -sigopt rsa_padding_mode:pss -out cvp.cirros.62.raw.signature /var/tmp/cvp.cirros.62.raw
Alexdb7786b2022-02-21 17:58:29 -0600[diff] [blame]25openssl dgst -sha256 -sign image_key.pem -sigopt rsa_padding_mode:pss -out cvp.ubuntu.1604.raw.signature /var/tmp/cvp.ubuntu.1604.raw
26openssl dgst -sha256 -sign image_key.pem -sigopt rsa_padding_mode:pss -out cvp.ubuntu.2004.raw.signature /var/tmp/cvp.ubuntu.2004.raw
27
Alexf59c7392022-04-18 19:10:14 -0500[diff] [blame]28echo "Generating base64 equivalents"
Ievgeniia Zadorozhna1cb5b102024-01-19 04:31:09 +0100[diff] [blame]29base64 -w 0 cvp.cirros.61.raw.signature >cvp.cirros.61.raw.signature.b64
30base64 -w 0 cvp.cirros.62.raw.signature >cvp.cirros.62.raw.signature.b64
Alexdb7786b2022-02-21 17:58:29 -0600[diff] [blame]31base64 -w 0 cvp.ubuntu.1604.raw.signature >cvp.ubuntu.1604.raw.signature.b64
32base64 -w 0 cvp.ubuntu.2004.raw.signature >cvp.ubuntu.2004.raw.signature.b64
33
Alexf59c7392022-04-18 19:10:14 -0500[diff] [blame]34echo "Exporting vars"
Ievgeniia Zadorozhna1cb5b102024-01-19 04:31:09 +0100[diff] [blame]35export cirros61_sign=$(cat cvp.cirros.61.raw.signature.b64)
36export cirros62_sign=$(cat cvp.cirros.62.raw.signature.b64)
Alexdb7786b2022-02-21 17:58:29 -0600[diff] [blame]37export ubuntu1604_sign=$(cat cvp.ubuntu.1604.raw.signature.b64)
38export ubuntu2004_sign=$(cat cvp.ubuntu.2004.raw.signature.b64)
39
Ievgeniia Zadorozhna1cb5b102024-01-19 04:31:09 +0100[diff] [blame]40echo "Uploading 'cvp.cirros.61.raw.signed''"
41glance image-create --name cvp.cirros.61.raw.signed --container-format bare --disk-format raw --property img_signature="$cirros61_sign" --property img_signature_certificate_uuid="$s_uuid" --property img_signature_hash_method='SHA-256' --property img_signature_key_type='RSA-PSS' < /var/tmp/cvp.cirros.61.raw
42echo "Uploading 'cvp.cirros.62.raw.signed''"
43glance image-create --name cvp.cirros.62.raw.signed --container-format bare --disk-format raw --property img_signature="$cirros62_sign" --property img_signature_certificate_uuid="$s_uuid" --property img_signature_hash_method='SHA-256' --property img_signature_key_type='RSA-PSS' < /var/tmp/cvp.cirros.62.raw
Alexf59c7392022-04-18 19:10:14 -0500[diff] [blame]44echo "Uploading 'cvp.ubuntu.1604.raw.signed''"
Alexdb7786b2022-02-21 17:58:29 -0600[diff] [blame]45glance image-create --name cvp.ubuntu.1604.raw.signed --container-format bare --disk-format raw --property img_signature="$ubuntu1604_sign" --property img_signature_certificate_uuid="$s_uuid" --property img_signature_hash_method='SHA-256' --property img_signature_key_type='RSA-PSS' < /var/tmp/cvp.ubuntu.1604.raw
Alexf59c7392022-04-18 19:10:14 -0500[diff] [blame]46echo "Uploading 'cvp.ubuntu.2004.raw.signed''"
Alexdb7786b2022-02-21 17:58:29 -0600[diff] [blame]47glance image-create --name cvp.ubuntu.2004.raw.signed --container-format bare --disk-format raw --property img_signature="$ubuntu2004_sign" --property img_signature_certificate_uuid="$s_uuid" --property img_signature_hash_method='SHA-256' --property img_signature_key_type='RSA-PSS' < /var/tmp/cvp.ubuntu.2004.raw