Gitiles
Code Review Sign In
gerrit.named-data.net / ndncert / 1e5d677f2bb9556560085e591de7ba0cc51ff544 / . / deployment / deploy.sh
blob: 29781f431fe54692ed11a1f9cf9ab2ae50f22501 [file] [log] [blame]
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]1#!/usr/bin/env bash
2
tylerliub7083bd2020-10-17 20:42:14 -0700[diff] [blame]3function generate_client_config() {
4echo
5echo "What is the parent CA's prefix?"
6read -r parent_ca_prefix
tylerliud33f5622020-10-17 21:54:01 -0700[diff] [blame]7echo "what is the parent certificate? (use Ctrl-D to end input)"
tylerliub7083bd2020-10-17 20:42:14 -0700[diff] [blame]8root_cert=$(cat | tr -d '\n')
9
10cat > ndncert-site-client.conf << ~EOF
11{
12 "ca-list":
13 [
14 {
15 "ca-prefix": "$parent_ca_prefix",
16 "ca-info": "NDN Testbed Root Trust Anchor",
17 "max-validity-period": "1296000",
18 "max-suffix-length": "3",
19 "probe-parameters":
20 [
21 {"probe-parameter-key": "pin"}
22 ],
23 "certificate": "$root_cert"
24 }
25 ]
26}
27~EOF
28echo "config file generated at ndncert-site-client.conf"
29echo
30}
31
32function generate_ca_config() {
tylerliu97b96852020-10-17 22:31:03 -0700[diff] [blame]33echo
tylerliub7083bd2020-10-17 20:42:14 -0700[diff] [blame]34echo "Load the new configuration file for the CA"
35echo "Would you like to allow email challenge for this CA? [Y/N]"
36read -r allow_email_challenge
37# prepare CA configuration file
tylerliuc5054d82020-10-17 22:14:55 -0700[diff] [blame]38cat > ndncert-deploy-ca.conf << ~EOF
tylerliub7083bd2020-10-17 20:42:14 -0700[diff] [blame]39{
40 "ca-prefix": "$1",
41 "ca-info": "NDN Trust Anchor: $1",
42 "max-validity-period": "1296000",
43 "max-suffix-length": "2",
44 "probe-parameters":
45 [
46 {"probe-parameter-key": "email"}
47 ],
48 "supported-challenges":
49 [
50~EOF
51if [ "$allow_email_challenge" = 'y' ]; then
tylerliu2ccec6d2020-10-17 22:19:24 -0700[diff] [blame]52 echo ' { "challenge": "email" },' >> ndncert-deploy-ca.conf
tylerliub7083bd2020-10-17 20:42:14 -0700[diff] [blame]53elif [ "$allow_email_challenge" = 'Y' ]; then
tylerliu2ccec6d2020-10-17 22:19:24 -0700[diff] [blame]54 echo ' { "challenge": "email" },' >> ndncert-deploy-ca.conf
tylerliub7083bd2020-10-17 20:42:14 -0700[diff] [blame]55fi
tylerliuc5054d82020-10-17 22:14:55 -0700[diff] [blame]56cat >> ndncert-deploy-ca.conf << ~EOF
tylerliub7083bd2020-10-17 20:42:14 -0700[diff] [blame]57 { "challenge": "pin" }
58 ],
59 "name-assignment":
60 {
61 "param": "/email"
62 }
63}
64~EOF
tylerliuc5054d82020-10-17 22:14:55 -0700[diff] [blame]65
66sudo touch /usr/local/etc/ndncert/ca.conf
tylerliu2ccec6d2020-10-17 22:19:24 -0700[diff] [blame]67sudo mv ndncert-deploy-ca.conf /usr/local/etc/ndncert/ca.conf
tylerliuc5054d82020-10-17 22:14:55 -0700[diff] [blame]68
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]69echo ""
tylerliub7083bd2020-10-17 20:42:14 -0700[diff] [blame]70}
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]71
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]72deployment_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
73ndncert_dir="$(dirname "$deployment_dir")"
74current_path="$(pwd)"
75cd "$ndncert_dir"
tylerliu9f19df52020-10-17 21:11:57 -0700[diff] [blame]76
Zhiyi Zhangc318a7a2020-10-17 17:41:19 -0700[diff] [blame]77echo "Do you want to (re) compile and build NDNCERT? [Y/N]"
tylerliub7083bd2020-10-17 20:42:14 -0700[diff] [blame]78read -r NDNCERT_COMPILE
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]79echo ""
80
81case $NDNCERT_COMPILE in
82 N|n)
Zhiyi Zhangc318a7a2020-10-17 17:41:19 -0700[diff] [blame]83 echo "Okay, we'll skip compilation and build."
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]84 ;;
85 Y|y)
tylerliuca486302020-10-17 21:23:07 -0700[diff] [blame]86 CXXFLAGS="-O2" "./waf" configure
87 "./waf"
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]88 ;;
89 *)
90 echo "Unknown option, build and install is cancelled"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]91 cd "$current_path"
92 exit 1
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]93 ;;
94esac
Zhiyi Zhangc318a7a2020-10-17 17:41:19 -0700[diff] [blame]95echo "Need sudo to install NDNCERT CLI tools"
tylerliuca486302020-10-17 21:23:07 -0700[diff] [blame]96sudo "./waf" install
Zhiyi Zhangc318a7a2020-10-17 17:41:19 -0700[diff] [blame]97echo ""
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]98
99echo "==================================================================="
100echo "=="
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]101echo "== deploying NDNCERT"
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]102echo "=="
103echo "==================================================================="
104echo ""
105echo "Are you sure [Y/n] ?"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]106read -r deploy
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]107
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]108case $deploy in
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]109 N|n)
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]110 echo "deployment cancelled"
111 cd "$current_path"
112 exit 1
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]113 ;;
114 Y|y)
115 ;;
116 *)
117 echo "Unknown option, deployment cancelled"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]118 cd "$current_path"
119 exit 1
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]120 ;;
121esac
122
123echo ""
124echo "==================================================================="
125echo "=="
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]126echo "== deployment started"
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]127echo "=="
128echo "==================================================================="
129
tylerliub7083bd2020-10-17 20:42:14 -0700[diff] [blame]130echo "What is the CA Prefix (eg. /example) you want to deploy?"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]131read -r ca_prefix
tylerliub7083bd2020-10-17 20:42:14 -0700[diff] [blame]132echo ""
133
tylerliu97b96852020-10-17 22:31:03 -0700[diff] [blame]134echo ""
135echo "==================================================================="
136echo "=="
137echo "== systemd config"
138echo "=="
139echo "==================================================================="
140
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]141echo "Do you want to install ndncert CA for systemd on this machine? [Y/N]"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]142read -r systemd_install
Zhiyi Zhangc318a7a2020-10-17 17:41:19 -0700[diff] [blame]143echo ""
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]144
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]145case $systemd_install in
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]146 N|n)
147 echo "We will not install systemd CA on this machine"
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]148 echo "Successfully finish the deployment of NDNCERT. To run NDNCERT, please use CLI ndncert-ca-server"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]149 cd "$current_path"
150 exit 0
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]151 ;;
152 Y|y)
153 echo "Copying NDNCERT-CA systemd service on this machine"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]154 sudo cp "$ndncert_dir/build/systemd/ndncert-ca.service" /etc/systemd/system
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]155 sudo chmod 644 /etc/systemd/system/ndncert-ca.service
156 ;;
157 *)
158 echo "Unknown option, deployment cancelled"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]159 cd "$current_path"
160 exit 1
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]161 ;;
162esac
163
Zhiyi Zhangc318a7a2020-10-17 17:41:19 -0700[diff] [blame]164echo ""
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]165echo "ndncert-ca service requires user ndn. Will check it now :D"
166if id ndn &>/dev/null; then
167 echo 'ndn user account found, GOOD!'
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]168else
169 echo 'ndn user not found; adding ndn user as root'
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]170 sudo useradd ndn
171fi
172
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]173echo ""
Zhiyi Zhangc318a7a2020-10-17 17:41:19 -0700[diff] [blame]174echo "ndncert-ca service requires /var/lib/ndncert-ca. Will check or create the keychain in /var/lib/ndncert-ca"
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]175sudo mkdir -p /var/lib/ndncert-ca
176sudo chown ndn /var/lib/ndncert-ca
177echo '/var/lib/ndncert-ca is ready, GOOD!'
178
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]179echo ""
tylerliu97b96852020-10-17 22:31:03 -0700[diff] [blame]180echo "==================================================================="
181echo "=="
182echo "== anchor certificate generation"
183echo "=="
184echo "==================================================================="
185
186echo ""
tylerliue7fe54e2020-10-17 22:32:10 -0700[diff] [blame]187echo "Do you want to import an existing safebag for $ca_prefix ? [Y/N]"
tylerliu1666a1c2020-10-17 22:06:10 -0700[diff] [blame]188read -r use_safe_bag
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]189
tylerliu1666a1c2020-10-17 22:06:10 -0700[diff] [blame]190case $use_safe_bag in
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]191 N|n)
tylerliuf566faf2020-10-17 22:08:38 -0700[diff] [blame]192 if [ "$(HOME=/var/lib/ndncert-ca ndnsec list | grep " $ca_prefix$" > /dev/null 2>&1; echo $?)" -ne 0 ]; then
tylerliu1666a1c2020-10-17 22:06:10 -0700[diff] [blame]193 echo "Generating new NDN identity for $ca_prefix"
194 sudo HOME=/var/lib/ndncert-ca -u ndn ndnsec-keygen "$ca_prefix"
195 else
196 echo "Key detected for $ca_prefix"
197 echo "Continue..."
198 fi
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]199 ;;
200 Y|y)
201 echo "Reading the safebag."
202 echo "What is the safebag file name?"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]203 read -r safe_bag_path
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]204 echo ""
205
206 echo "What is the password of the safebag?"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]207 read -r safe_bafg_pwd
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]208 echo ""
209
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]210 sudo HOME=/var/lib/ndncert-ca -u ndn ndnsec-import -i "$safe_bag_path" -P "$safe_bafg_pwd"
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]211 ;;
212 *)
213 echo "Unknown option, deployment cancelled"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]214 cd "$current_path"
215 exit 1
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]216 ;;
217esac
218
Zhiyi Zhangc318a7a2020-10-17 17:41:19 -0700[diff] [blame]219echo ""
tylerliub7083bd2020-10-17 20:42:14 -0700[diff] [blame]220echo "Do you want to request a certificate from a parent CA? [Y/N]"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]221read -r run_client
222case $run_client in
tylerliub7083bd2020-10-17 20:42:14 -0700[diff] [blame]223 Y|y)
224 echo "Running ndncert client"
225 generate_client_config
226 ndncert-client -c ndncert-site-client.conf
227 rm ndncert-site-client.conf
228
229 echo "What is the new certificate name?"
230 read -r new_cert_name
231 ndnsec set-default -c "$new_cert_name"
232 ;;
233 *)
234 echo "Will not request a certificate. "
235 ;;
236esac
237
tylerliu97b96852020-10-17 22:31:03 -0700[diff] [blame]238echo ""
239echo "==================================================================="
240echo "=="
241echo "== configuration generation"
242echo "=="
243echo "==================================================================="
244
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]245generate_ca_config "$ca_prefix"
Zhiyi Zhangc318a7a2020-10-17 17:41:19 -0700[diff] [blame]246
tylerliu97b96852020-10-17 22:31:03 -0700[diff] [blame]247echo ""
248echo "==================================================================="
249echo "=="
250echo "== done"
251echo "=="
252echo "==================================================================="
253
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]254echo "Do you want to start the service now? [Y/N]"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]255read -r start_now
256case $start_now in
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]257 N|n)
258 echo "Successfully finish the deployment of NDNCERT. You can run sudo systemctl start ndncert-ca when you want to start the service"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]259 cd "$current_path"
260 exit 0
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]261 ;;
262 Y|y)
263 echo "Starting the service ndncert-ca"
tylerliu298c3352020-10-18 01:38:13 -0700[diff] [blame]264 sudo systemctl daemon-reload
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]265 sudo systemctl start ndncert-ca
Zhiyi Zhangc318a7a2020-10-17 17:41:19 -0700[diff] [blame]266 sleep 2
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]267 echo "Reading the status of service ndncert-ca"
268 sudo systemctl status ndncert-ca
269 echo "Successfully finish the deployment of NDNCERT. You can run sudo systemctl status ndncert-ca when you want to check the status of the service"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]270 cd "$current_path"
271 exit 0
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]272 ;;
273 *)
274 echo "Unknown option, deployment cancelled"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]275 cd "$current_path"
276 exit 1
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]277 ;;
278esac
tylerliuca486302020-10-17 21:23:07 -0700[diff] [blame]279
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]280cd "$current_path"