more deployment script
Change-Id: Iba722788cb44e9a3044915280a7b2dda28713362
diff --git a/deployment/deploy-over-testbed.md b/deployment/deploy-over-testbed.md
index 7c531f3..e64f112 100644
--- a/deployment/deploy-over-testbed.md
+++ b/deployment/deploy-over-testbed.md
@@ -9,7 +9,7 @@
## Step 1
```bash
-sudo ./step1-root-ca.sh
+sudo ./deploy.sh
```
## Step 2
@@ -21,7 +21,7 @@
```
```bash
-sudo ./step-2-site-ca.sh
+sudo ./deploy.sh
```
```bash
diff --git a/deployment/step1.sh b/deployment/deploy.sh
similarity index 61%
rename from deployment/step1.sh
rename to deployment/deploy.sh
index 9477af2..0dc654d 100755
--- a/deployment/step1.sh
+++ b/deployment/deploy.sh
@@ -1,11 +1,71 @@
#!/usr/bin/env bash
-echo "What is the CA Prefix (eg. /example) you want to deploy?"
-read CA_PREFIX
+function generate_client_config() {
+echo
+echo "What is the parent CA's prefix?"
+read -r parent_ca_prefix
+echo "what is the parent certificate?"
+root_cert=$(cat | tr -d '\n')
+
+cat > ndncert-site-client.conf << ~EOF
+{
+ "ca-list":
+ [
+ {
+ "ca-prefix": "$parent_ca_prefix",
+ "ca-info": "NDN Testbed Root Trust Anchor",
+ "max-validity-period": "1296000",
+ "max-suffix-length": "3",
+ "probe-parameters":
+ [
+ {"probe-parameter-key": "pin"}
+ ],
+ "certificate": "$root_cert"
+ }
+ ]
+}
+~EOF
+echo "config file generated at ndncert-site-client.conf"
+echo
+}
+
+function generate_ca_config() {
+echo "Load the new configuration file for the CA"
+echo "Would you like to allow email challenge for this CA? [Y/N]"
+read -r allow_email_challenge
+# prepare CA configuration file
+cat > /usr/local/etc/ndncert/ca.conf << ~EOF
+{
+ "ca-prefix": "$1",
+ "ca-info": "NDN Trust Anchor: $1",
+ "max-validity-period": "1296000",
+ "max-suffix-length": "2",
+ "probe-parameters":
+ [
+ {"probe-parameter-key": "email"}
+ ],
+ "supported-challenges":
+ [
+~EOF
+if [ "$allow_email_challenge" = 'y' ]; then
+ echo '{ "challenge": "email" },' >> /usr/local/etc/ndncert/ca.conf
+elif [ "$allow_email_challenge" = 'Y' ]; then
+ echo '{ "challenge": "email" },' >> /usr/local/etc/ndncert/ca.conf
+fi
+cat >> /usr/local/etc/ndncert/ca.conf << ~EOF
+ { "challenge": "pin" }
+ ],
+ "name-assignment":
+ {
+ "param": "/email"
+ }
+}
+~EOF
echo ""
+}
echo "Do you want to (re) compile and build NDNCERT? [Y/N]"
-read NDNCERT_COMPILE
+read -r NDNCERT_COMPILE
echo ""
case $NDNCERT_COMPILE in
@@ -32,7 +92,7 @@
echo "==================================================================="
echo ""
echo "Are you sure [Y/n] ?"
-read DEPLOY
+read -r DEPLOY
case $DEPLOY in
N|n)
@@ -54,8 +114,12 @@
echo "=="
echo "==================================================================="
+echo "What is the CA Prefix (eg. /example) you want to deploy?"
+read -r CA_PREFIX
+echo ""
+
echo "Do you want to install ndncert CA for systemd on this machine? [Y/N]"
-read SYSTEMD_INSTALL
+read -r SYSTEMD_INSTALL
echo ""
case $SYSTEMD_INSTALL in
@@ -66,7 +130,7 @@
;;
Y|y)
echo "Copying NDNCERT-CA systemd service on this machine"
- sudo cp $(pwd)/../build/systemd/ndncert-ca.service /etc/systemd/system
+ sudo cp "$(pwd)/../build/systemd/ndncert-ca.service" /etc/systemd/system
sudo chmod 644 /etc/systemd/system/ndncert-ca.service
;;
*)
@@ -91,25 +155,25 @@
echo '/var/lib/ndncert-ca is ready, GOOD!'
echo ""
-echo "Do you want to import an exisitng safebag for ${CA_PREFIX}? [Y/N]"
-read USE_SAFE_BAG
+echo "Do you want to import an exisitng safebag for $CA_PREFIX ? [Y/N]"
+read -r USE_SAFE_BAG
case $USE_SAFE_BAG in
N|n)
- echo "Generating new NDN identity for ${CA_PREFIX}"
- sudo HOME=/var/lib/ndncert-ca -u ndn ndnsec-keygen $CA_PREFIX
+ echo "Generating new NDN identity for $CA_PREFIX"
+ sudo HOME=/var/lib/ndncert-ca -u ndn ndnsec-keygen "$CA_PREFIX"
;;
Y|y)
echo "Reading the safebag."
echo "What is the safebag file name?"
- read SAFE_BAG_PATH
+ read -r SAFE_BAG_PATH
echo ""
echo "What is the password of the safebag?"
- read SAFE_BAG_PWD
+ read -r SAFE_BAG_PWD
echo ""
- sudo HOME=/var/lib/ndncert-ca -u ndn ndnsec-import -i $SAFEBAG_FILE -P $PWD
+ sudo HOME=/var/lib/ndncert-ca -u ndn ndnsec-import -i "$SAFE_BAG_PATH" -P "$SAFE_BAG_PWD"
;;
*)
echo "Unknown option, deployment cancelled"
@@ -117,12 +181,29 @@
;;
esac
-echo "Load the new configuration file for the CA"
-echo -e "{\n\"ca-prefix\": \"${CA_PREFIX}\",\n\"ca-info\": \"NDNCERT CA for ${CA_PREFIX}\",\n\"max-validity-period\": \"1296000\",\n\"max-suffix-length\": \"2\",\n\"supported-challenges\":\n[\n{ \"challenge\": \"pin\" }\n]\n}" > /usr/local/etc/ndncert/ca.conf
echo ""
+echo "Do you want to request a certificate from a parent CA? [Y/N]"
+read -r RUN_CLIENT
+case $RUN_CLIENT in
+ Y|y)
+ echo "Running ndncert client"
+ generate_client_config
+ ndncert-client -c ndncert-site-client.conf
+ rm ndncert-site-client.conf
+
+ echo "What is the new certificate name?"
+ read -r new_cert_name
+ ndnsec set-default -c "$new_cert_name"
+ ;;
+ *)
+ echo "Will not request a certificate. "
+ ;;
+esac
+
+generate_ca_config "$CA_PREFIX"
echo "Do you want to start the service now? [Y/N]"
-read START_NOW
+read -r START_NOW
case $START_NOW in
N|n)
echo "Successfully finish the deployment of NDNCERT. You can run sudo systemctl start ndncert-ca when you want to start the service"
diff --git a/deployment/ndncert-site-client.conf.in b/deployment/ndncert-site-client.conf.in
new file mode 100644
index 0000000..e10ba2e
--- /dev/null
+++ b/deployment/ndncert-site-client.conf.in
@@ -0,0 +1,16 @@
+{
+ "ca-list":
+ [
+ {
+ "ca-prefix": "/ndn",
+ "ca-info": "NDN Testbed Root Trust Anchor",
+ "max-validity-period": "1296000",
+ "max-suffix-length": "3",
+ "probe-parameters":
+ [
+ {"probe-parameter-key": "pin"}
+ ],
+ "certificate": "lcknskalnkslacnklancklnsakcnlksacnalksncasklncsalkcnakalcksanklacnasklcnaklscna"
+ }
+ ]
+}
diff --git a/deployment/step-1-root-ca.sh b/deployment/step-1-root-ca.sh
deleted file mode 100644
index c68fe77..0000000
--- a/deployment/step-1-root-ca.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/usr/bin/env bash
-
-# Usage: ./step-1-root-ca.sh safebag-file-name password
-if [ "$#" -ne 2 ]; then
- echo "Usage: $0 safebag-file-name password" >&2
- exit 1
-fi
-
-# file name and password to a safebag TODO
-SAFEBAG_FILE=$1
-PWD=$2
-
-# compile and install ndncert
-git clone https://github.com/Zhiyi-Zhang/ndncert.git
-cd ndncert
-git checkout origin/v0.3
-./waf configure
-sudo ./waf install
-sudo cp ./build/systemd/ndncert-ca.service /etc/systemd/system/
-sudo chmod 644 /etc/systemd/system/ndncert-ca.service
-
-# prepare the CA root key
-sudo mkdir /var/lib/ndncert-ca
-sudo chown ndn /var/lib/ndncert-ca
-sudo HOME=/var/lib/ndncert-ca -u ndn ndnsec-import -i $SAFEBAG_FILE -P $PWD
-
-# prepare CA configuration file
-echo -e "{\n\"ca-prefix\": \"/ndn\",\n\"ca-info\": \"NDN testbed root CA\",\n\"max-validity-period\": \"1296000\",\n\"max-suffix-length\": \"2\",\n\"supported-challenges\":\n[\n{ \"challenge\": \"pin\" }\n]\n}" > /usr/local/etc/ndncert/ca.conf
-
-# run the CA
-sudo systemctl start ndncert-ca
-sleep(2)
-
-# check the status to make sure everything is correct
-sudo systemctl status ndncert-ca
\ No newline at end of file
diff --git a/deployment/step-2-site-ca.sh b/deployment/step-2-site-ca.sh
deleted file mode 100644
index 7d4029f..0000000
--- a/deployment/step-2-site-ca.sh
+++ /dev/null
@@ -1,82 +0,0 @@
-#! /bin/bash
-
-# sudo check
-if [ "$EUID" -ne 0 ]
- then echo "Please run as root"
- exit
-fi
-
-echo 'Please enter the /ndn certificate:(end with Ctrl-D)'
-ROOT_CERT=$(cat | tr -d '\n')
-
-# compile and install ndncert
-git clone https://github.com/Zhiyi-Zhang/ndncert.git
-cd ndncert
-git checkout origin/v0.3
-./waf configure
-sudo ./waf install
-sudo cp ./build/systemd/ndncert-ca.service /etc/systemd/system/
-sudo chmod 644 /etc/systemd/system/ndncert-ca.service
-
-# Generate ndncert config file
-echo 'Please enter the /ndn certificate:(end with Ctrl-D)'
-root_cert=$(cat | tr -d '\n')
-
-cat > ndncert-site-client.conf << ~EOF
-{
- "ca-list":
- [
- {
- "ca-prefix": "/ndn",
- "ca-info": "NDN Testbed Root Trust Anchor",
- "max-validity-period": "1296000",
- "max-suffix-length": "3",
- "probe-parameters":
- [
- {"probe-parameter-key": "pin"}
- ],
- "certificate": "$root_cert"
- }
- ]
-}
-~EOF
-
-#run client
-sudo mkdir /var/lib/ndncert-ca
-sudo chown ndn /var/lib/ndncert-ca
-sudo HOME=/var/lib/ndncert-ca -u ndn ndnsec-keygen /ndn
-sudo HOME=/var/lib/ndncert-ca -u ndn ndncert-client -c ndncert-site-client.conf
-
-
-# prepare CA configuration file
-echo 'Please enter the /ndn certificate:'
-site_prefix=$(read)
-cat > /usr/local/etc/ndncert/ca.conf << ~EOF
-{
- "ca-prefix": "$site_prefix",
- "ca-info": "NDN Testbed Site Trust Anchor: $site_prefix",
- "max-validity-period": "1296000",
- "max-suffix-length": "2",
- "probe-parameters":
- [
- {"probe-parameter-key": "email"}
- ],
- "supported-challenges":
- [
- { "challenge": "pin" },
- { "challenge": "email" }
- ],
- "name-assignment":
- {
- "param": "/email"
- }
-}
-~EOF
-
-# run the CA
-sudo systemctl start ndncert-ca
-sleep(2)
-
-# check the status to make sure everything is correct
-sudo systemctl status ndncert-server
-