Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / mcp / cvp-configuration / refs/heads/k0rdent / . / scripts / manual_create_signed_images.sh
blob: bd378c5a453a1f8fe61b38775111fe0f81203e3b [file] [log] [blame]
Alexdb7786b2022-02-21 17:58:29 -0600[diff] [blame]1#!/bin/bash
Alexf59c7392022-04-18 19:10:14 -0500[diff] [blame]2
3echo "Preparing certs"
Ievgeniia Zadorozhna33548792025-07-16 20:08:57 +0200[diff] [blame]4cat <<EOF > image_crt.cnf
5[ req ]
6default_bits = 1024
7prompt = no
8default_md = sha256
9req_extensions = req_ext
10distinguished_name = dn
11
12[ dn ]
13C = US
14ST = TestState
15L = TestCity
16O = TestOrg
17OU = TestUnit
18CN = test.example.com
19
20[ req_ext ]
21subjectAltName = @alt_names
22
23[ alt_names ]
24DNS.1 = test.example.com
25EOF
Alexdb7786b2022-02-21 17:58:29 -0600[diff] [blame]26openssl genrsa -out image_key.pem 1024
27openssl rsa -pubout -in image_key.pem -out image_key.pem.pub
Alexf59c7392022-04-18 19:10:14 -0500[diff] [blame]28openssl req -new -key image_key.pem -out image_req.crt -config image_crt.cnf
Alexdb7786b2022-02-21 17:58:29 -0600[diff] [blame]29openssl x509 -req -days 180 -in image_req.crt -signkey image_key.pem -out image_cert.crt
30
Alexf59c7392022-04-18 19:10:14 -0500[diff] [blame]31echo "Save secret to Barbican storage"
32openstack secret store --name cvp.images --algorithm RSA --expiration $(date +"%Y-%m-%d" -d "180 days") --secret-type certificate --payload-content-type "application/octet-stream" --payload-content-encoding base64 --payload "$(base64 image_cert.crt)"
Alexdb7786b2022-02-21 17:58:29 -0600[diff] [blame]33
Alexf59c7392022-04-18 19:10:14 -0500[diff] [blame]34echo "Exporting ID from 'Secret href' property"
35export s_uuid=$(openstack secret list --name cvp.images -c "Secret href" -f value | rev | cut -d'/' -f1 | rev)
36echo "Exported '$s_uuid'"
Alexdb7786b2022-02-21 17:58:29 -0600[diff] [blame]37
Alexf59c7392022-04-18 19:10:14 -0500[diff] [blame]38echo "Converting images to Raw"
Ievgeniia Zadorozhna33548792025-07-16 20:08:57 +0200[diff] [blame]39qemu-img convert -f qcow2 -O raw -p /artifacts/cmp-check/cvp.ubuntu.2004 /var/tmp/cvp.ubuntu.2004.raw
40qemu-img convert -f qcow2 -O raw -p /artifacts/cmp-check/cvp.ubuntu.2204 /var/tmp/cvp.ubuntu.2204.raw
41qemu-img convert -f qcow2 -O raw -p /artifacts/cmp-check/cvp.cirros.61 /var/tmp/cvp.cirros.61.raw
42qemu-img convert -f qcow2 -O raw -p /artifacts/cmp-check/cvp.cirros.62 /var/tmp/cvp.cirros.62.raw
Alexdb7786b2022-02-21 17:58:29 -0600[diff] [blame]43
Alexf59c7392022-04-18 19:10:14 -0500[diff] [blame]44echo "Signing images"
Ievgeniia Zadorozhna1cb5b102024-01-19 04:31:09 +0100[diff] [blame]45openssl dgst -sha256 -sign image_key.pem -sigopt rsa_padding_mode:pss -out cvp.cirros.61.raw.signature /var/tmp/cvp.cirros.61.raw
46openssl dgst -sha256 -sign image_key.pem -sigopt rsa_padding_mode:pss -out cvp.cirros.62.raw.signature /var/tmp/cvp.cirros.62.raw
Ievgeniia Zadorozhna4cbb7212025-03-21 17:53:00 +0100[diff] [blame]47openssl dgst -sha256 -sign image_key.pem -sigopt rsa_padding_mode:pss -out cvp.ubuntu.2204.raw.signature /var/tmp/cvp.ubuntu.2204.raw
Alexdb7786b2022-02-21 17:58:29 -0600[diff] [blame]48openssl dgst -sha256 -sign image_key.pem -sigopt rsa_padding_mode:pss -out cvp.ubuntu.2004.raw.signature /var/tmp/cvp.ubuntu.2004.raw
49
Alexf59c7392022-04-18 19:10:14 -0500[diff] [blame]50echo "Generating base64 equivalents"
Ievgeniia Zadorozhna1cb5b102024-01-19 04:31:09 +0100[diff] [blame]51base64 -w 0 cvp.cirros.61.raw.signature >cvp.cirros.61.raw.signature.b64
52base64 -w 0 cvp.cirros.62.raw.signature >cvp.cirros.62.raw.signature.b64
Ievgeniia Zadorozhna4cbb7212025-03-21 17:53:00 +0100[diff] [blame]53base64 -w 0 cvp.ubuntu.2204.raw.signature >cvp.ubuntu.2204.raw.signature.b64
Alexdb7786b2022-02-21 17:58:29 -0600[diff] [blame]54base64 -w 0 cvp.ubuntu.2004.raw.signature >cvp.ubuntu.2004.raw.signature.b64
55
Alexf59c7392022-04-18 19:10:14 -0500[diff] [blame]56echo "Exporting vars"
Ievgeniia Zadorozhna1cb5b102024-01-19 04:31:09 +0100[diff] [blame]57export cirros61_sign=$(cat cvp.cirros.61.raw.signature.b64)
58export cirros62_sign=$(cat cvp.cirros.62.raw.signature.b64)
Ievgeniia Zadorozhna4cbb7212025-03-21 17:53:00 +0100[diff] [blame]59export ubuntu2204_sign=$(cat cvp.ubuntu.2204.raw.signature.b64)
Alexdb7786b2022-02-21 17:58:29 -0600[diff] [blame]60export ubuntu2004_sign=$(cat cvp.ubuntu.2004.raw.signature.b64)
61
Ievgeniia Zadorozhna1cb5b102024-01-19 04:31:09 +0100[diff] [blame]62echo "Uploading 'cvp.cirros.61.raw.signed''"
63glance image-create --name cvp.cirros.61.raw.signed --container-format bare --disk-format raw --property img_signature="$cirros61_sign" --property img_signature_certificate_uuid="$s_uuid" --property img_signature_hash_method='SHA-256' --property img_signature_key_type='RSA-PSS' < /var/tmp/cvp.cirros.61.raw
64echo "Uploading 'cvp.cirros.62.raw.signed''"
65glance image-create --name cvp.cirros.62.raw.signed --container-format bare --disk-format raw --property img_signature="$cirros62_sign" --property img_signature_certificate_uuid="$s_uuid" --property img_signature_hash_method='SHA-256' --property img_signature_key_type='RSA-PSS' < /var/tmp/cvp.cirros.62.raw
Ievgeniia Zadorozhna4cbb7212025-03-21 17:53:00 +0100[diff] [blame]66echo "Uploading 'cvp.ubuntu.2204.raw.signed''"
67glance image-create --name cvp.ubuntu.2204.raw.signed --container-format bare --disk-format raw --property img_signature="$ubuntu2204_sign" --property img_signature_certificate_uuid="$s_uuid" --property img_signature_hash_method='SHA-256' --property img_signature_key_type='RSA-PSS' < /var/tmp/cvp.ubuntu.2204.raw
Alexf59c7392022-04-18 19:10:14 -0500[diff] [blame]68echo "Uploading 'cvp.ubuntu.2004.raw.signed''"
Alexdb7786b2022-02-21 17:58:29 -0600[diff] [blame]69glance image-create --name cvp.ubuntu.2004.raw.signed --container-format bare --disk-format raw --property img_signature="$ubuntu2004_sign" --property img_signature_certificate_uuid="$s_uuid" --property img_signature_hash_method='SHA-256' --property img_signature_key_type='RSA-PSS' < /var/tmp/cvp.ubuntu.2004.raw