Gitiles
Code Review Sign In
gerrit.named-data.net / ndncert / 2ccec6d93b3dc1729a420669e3b000b16d3b4ab9 / . / deployment / deploy.sh
blob: b3ee0004f252f98099ba66009ce6886191f92468 [file] [log] [blame]
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]1#!/usr/bin/env bash
2
tylerliub7083bd2020-10-17 20:42:14 -0700[diff] [blame]3function generate_client_config() {
4echo
5echo "What is the parent CA's prefix?"
6read -r parent_ca_prefix
tylerliud33f5622020-10-17 21:54:01 -0700[diff] [blame]7echo "what is the parent certificate? (use Ctrl-D to end input)"
tylerliub7083bd2020-10-17 20:42:14 -0700[diff] [blame]8root_cert=$(cat | tr -d '\n')
9
10cat > ndncert-site-client.conf << ~EOF
11{
12 "ca-list":
13 [
14 {
15 "ca-prefix": "$parent_ca_prefix",
16 "ca-info": "NDN Testbed Root Trust Anchor",
17 "max-validity-period": "1296000",
18 "max-suffix-length": "3",
19 "probe-parameters":
20 [
21 {"probe-parameter-key": "pin"}
22 ],
23 "certificate": "$root_cert"
24 }
25 ]
26}
27~EOF
28echo "config file generated at ndncert-site-client.conf"
29echo
30}
31
32function generate_ca_config() {
33echo "Load the new configuration file for the CA"
34echo "Would you like to allow email challenge for this CA? [Y/N]"
35read -r allow_email_challenge
36# prepare CA configuration file
tylerliuc5054d82020-10-17 22:14:55 -0700[diff] [blame]37cat > ndncert-deploy-ca.conf << ~EOF
tylerliub7083bd2020-10-17 20:42:14 -0700[diff] [blame]38{
39 "ca-prefix": "$1",
40 "ca-info": "NDN Trust Anchor: $1",
41 "max-validity-period": "1296000",
42 "max-suffix-length": "2",
43 "probe-parameters":
44 [
45 {"probe-parameter-key": "email"}
46 ],
47 "supported-challenges":
48 [
49~EOF
50if [ "$allow_email_challenge" = 'y' ]; then
tylerliu2ccec6d2020-10-17 22:19:24 -0700[diff] [blame^]51 echo ' { "challenge": "email" },' >> ndncert-deploy-ca.conf
tylerliub7083bd2020-10-17 20:42:14 -0700[diff] [blame]52elif [ "$allow_email_challenge" = 'Y' ]; then
tylerliu2ccec6d2020-10-17 22:19:24 -0700[diff] [blame^]53 echo ' { "challenge": "email" },' >> ndncert-deploy-ca.conf
tylerliub7083bd2020-10-17 20:42:14 -0700[diff] [blame]54fi
tylerliuc5054d82020-10-17 22:14:55 -0700[diff] [blame]55cat >> ndncert-deploy-ca.conf << ~EOF
tylerliub7083bd2020-10-17 20:42:14 -0700[diff] [blame]56 { "challenge": "pin" }
57 ],
58 "name-assignment":
59 {
60 "param": "/email"
61 }
62}
63~EOF
tylerliuc5054d82020-10-17 22:14:55 -0700[diff] [blame]64
65sudo touch /usr/local/etc/ndncert/ca.conf
tylerliu2ccec6d2020-10-17 22:19:24 -0700[diff] [blame^]66sudo mv ndncert-deploy-ca.conf /usr/local/etc/ndncert/ca.conf
tylerliuc5054d82020-10-17 22:14:55 -0700[diff] [blame]67
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]68echo ""
tylerliub7083bd2020-10-17 20:42:14 -0700[diff] [blame]69}
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]70
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]71deployment_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
72ndncert_dir="$(dirname "$deployment_dir")"
73current_path="$(pwd)"
74cd "$ndncert_dir"
tylerliu9f19df52020-10-17 21:11:57 -0700[diff] [blame]75
Zhiyi Zhangc318a7a2020-10-17 17:41:19 -0700[diff] [blame]76echo "Do you want to (re) compile and build NDNCERT? [Y/N]"
tylerliub7083bd2020-10-17 20:42:14 -0700[diff] [blame]77read -r NDNCERT_COMPILE
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]78echo ""
79
80case $NDNCERT_COMPILE in
81 N|n)
Zhiyi Zhangc318a7a2020-10-17 17:41:19 -0700[diff] [blame]82 echo "Okay, we'll skip compilation and build."
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]83 ;;
84 Y|y)
tylerliuca486302020-10-17 21:23:07 -0700[diff] [blame]85 CXXFLAGS="-O2" "./waf" configure
86 "./waf"
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]87 ;;
88 *)
89 echo "Unknown option, build and install is cancelled"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]90 cd "$current_path"
91 exit 1
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]92 ;;
93esac
Zhiyi Zhangc318a7a2020-10-17 17:41:19 -0700[diff] [blame]94echo "Need sudo to install NDNCERT CLI tools"
tylerliuca486302020-10-17 21:23:07 -0700[diff] [blame]95sudo "./waf" install
Zhiyi Zhangc318a7a2020-10-17 17:41:19 -0700[diff] [blame]96echo ""
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]97
98echo "==================================================================="
99echo "=="
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]100echo "== deploying NDNCERT"
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]101echo "=="
102echo "==================================================================="
103echo ""
104echo "Are you sure [Y/n] ?"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]105read -r deploy
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]106
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]107case $deploy in
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]108 N|n)
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]109 echo "deployment cancelled"
110 cd "$current_path"
111 exit 1
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]112 ;;
113 Y|y)
114 ;;
115 *)
116 echo "Unknown option, deployment cancelled"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]117 cd "$current_path"
118 exit 1
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]119 ;;
120esac
121
122echo ""
123echo "==================================================================="
124echo "=="
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]125echo "== deployment started"
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]126echo "=="
127echo "==================================================================="
128
tylerliub7083bd2020-10-17 20:42:14 -0700[diff] [blame]129echo "What is the CA Prefix (eg. /example) you want to deploy?"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]130read -r ca_prefix
tylerliub7083bd2020-10-17 20:42:14 -0700[diff] [blame]131echo ""
132
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]133echo "Do you want to install ndncert CA for systemd on this machine? [Y/N]"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]134read -r systemd_install
Zhiyi Zhangc318a7a2020-10-17 17:41:19 -0700[diff] [blame]135echo ""
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]136
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]137case $systemd_install in
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]138 N|n)
139 echo "We will not install systemd CA on this machine"
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]140 echo "Successfully finish the deployment of NDNCERT. To run NDNCERT, please use CLI ndncert-ca-server"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]141 cd "$current_path"
142 exit 0
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]143 ;;
144 Y|y)
145 echo "Copying NDNCERT-CA systemd service on this machine"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]146 sudo cp "$ndncert_dir/build/systemd/ndncert-ca.service" /etc/systemd/system
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]147 sudo chmod 644 /etc/systemd/system/ndncert-ca.service
148 ;;
149 *)
150 echo "Unknown option, deployment cancelled"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]151 cd "$current_path"
152 exit 1
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]153 ;;
154esac
155
Zhiyi Zhangc318a7a2020-10-17 17:41:19 -0700[diff] [blame]156echo ""
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]157echo "ndncert-ca service requires user ndn. Will check it now :D"
158if id ndn &>/dev/null; then
159 echo 'ndn user account found, GOOD!'
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]160else
161 echo 'ndn user not found; adding ndn user as root'
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]162 sudo useradd ndn
163fi
164
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]165echo ""
Zhiyi Zhangc318a7a2020-10-17 17:41:19 -0700[diff] [blame]166echo "ndncert-ca service requires /var/lib/ndncert-ca. Will check or create the keychain in /var/lib/ndncert-ca"
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]167sudo mkdir -p /var/lib/ndncert-ca
168sudo chown ndn /var/lib/ndncert-ca
169echo '/var/lib/ndncert-ca is ready, GOOD!'
170
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]171echo ""
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]172echo "Do you want to import an exisitng safebag for $ca_prefix ? [Y/N]"
tylerliu1666a1c2020-10-17 22:06:10 -0700[diff] [blame]173read -r use_safe_bag
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]174
tylerliu1666a1c2020-10-17 22:06:10 -0700[diff] [blame]175case $use_safe_bag in
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]176 N|n)
tylerliuf566faf2020-10-17 22:08:38 -0700[diff] [blame]177 if [ "$(HOME=/var/lib/ndncert-ca ndnsec list | grep " $ca_prefix$" > /dev/null 2>&1; echo $?)" -ne 0 ]; then
tylerliu1666a1c2020-10-17 22:06:10 -0700[diff] [blame]178 echo "Generating new NDN identity for $ca_prefix"
179 sudo HOME=/var/lib/ndncert-ca -u ndn ndnsec-keygen "$ca_prefix"
180 else
181 echo "Key detected for $ca_prefix"
182 echo "Continue..."
183 fi
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]184 ;;
185 Y|y)
186 echo "Reading the safebag."
187 echo "What is the safebag file name?"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]188 read -r safe_bag_path
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]189 echo ""
190
191 echo "What is the password of the safebag?"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]192 read -r safe_bafg_pwd
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]193 echo ""
194
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]195 sudo HOME=/var/lib/ndncert-ca -u ndn ndnsec-import -i "$safe_bag_path" -P "$safe_bafg_pwd"
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]196 ;;
197 *)
198 echo "Unknown option, deployment cancelled"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]199 cd "$current_path"
200 exit 1
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]201 ;;
202esac
203
Zhiyi Zhangc318a7a2020-10-17 17:41:19 -0700[diff] [blame]204echo ""
tylerliub7083bd2020-10-17 20:42:14 -0700[diff] [blame]205echo "Do you want to request a certificate from a parent CA? [Y/N]"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]206read -r run_client
207case $run_client in
tylerliub7083bd2020-10-17 20:42:14 -0700[diff] [blame]208 Y|y)
209 echo "Running ndncert client"
210 generate_client_config
211 ndncert-client -c ndncert-site-client.conf
212 rm ndncert-site-client.conf
213
214 echo "What is the new certificate name?"
215 read -r new_cert_name
216 ndnsec set-default -c "$new_cert_name"
217 ;;
218 *)
219 echo "Will not request a certificate. "
220 ;;
221esac
222
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]223generate_ca_config "$ca_prefix"
Zhiyi Zhangc318a7a2020-10-17 17:41:19 -0700[diff] [blame]224
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]225echo "Do you want to start the service now? [Y/N]"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]226read -r start_now
227case $start_now in
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]228 N|n)
229 echo "Successfully finish the deployment of NDNCERT. You can run sudo systemctl start ndncert-ca when you want to start the service"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]230 cd "$current_path"
231 exit 0
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]232 ;;
233 Y|y)
234 echo "Starting the service ndncert-ca"
235 sudo systemctl start ndncert-ca
Zhiyi Zhangc318a7a2020-10-17 17:41:19 -0700[diff] [blame]236 sleep 2
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]237 echo "Reading the status of service ndncert-ca"
238 sudo systemctl status ndncert-ca
239 echo "Successfully finish the deployment of NDNCERT. You can run sudo systemctl status ndncert-ca when you want to check the status of the service"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]240 cd "$current_path"
241 exit 0
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]242 ;;
243 *)
244 echo "Unknown option, deployment cancelled"
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]245 cd "$current_path"
246 exit 1
Zhiyi Zhang915aa452020-10-17 17:20:58 -0700[diff] [blame]247 ;;
248esac
tylerliuca486302020-10-17 21:23:07 -0700[diff] [blame]249
tylerliuf77d9552020-10-17 21:28:21 -0700[diff] [blame]250cd "$current_path"