Boot sensu-backend
vagrant box and log in as root
vagrant up sensu-backend
vagrant ssh sensu-backend
sudo su -
Generate certs
puppet cert generate sensu-backend --dns_alt_names=localhost,127.0.0.1,sensu-backend,sensu-backend1,sensu-backend2,sensu-backend3,sensu-backend.example.com,sensu-backend-peer1.example.com,sensu-backend-peer2.example.com
puppet cert generate sensu-backend1 --dns_alt_names=localhost,127.0.0.1,sensu-backend,sensu-backend1,sensu-backend2,sensu-backend3,sensu-backend.example.com,sensu-backend-peer1.example.com,sensu-backend-peer2.example.com
puppet cert generate sensu-backend2 --dns_alt_names=localhost,127.0.0.1,sensu-backend,sensu-backend1,sensu-backend2,sensu-backend3,sensu-backend.example.com,sensu-backend-peer1.example.com,sensu-backend-peer2.example.com
puppet cert generate sensu-backend3 --dns_alt_names=localhost,127.0.0.1,sensu-backend,sensu-backend1,sensu-backend2,sensu-backend3,sensu-backend.example.com,sensu-backend-peer1.example.com,sensu-backend-peer2.example.com
puppet cert generate sensu-agent
Copy certs from vagrant instance to this repo
\cp -r /etc/puppetlabs/puppet/ssl/* /vagrant/tests/ssl/
Boot sensu-backend
vagrant box and log in as root
vagrant up sensu-backend
vagrant ssh sensu-backend
sudo su -
Bootstrap SSL cert tool
yum install golang-bin
cd /root
git clone https://github.com/cloudflare/cfssl.git
cd cfssl/
make
export PATH=/root/cfssl/bin:$PATH
Generate CA
mkdir -p /vagrant/tests/etcd-ssl
cd /vagrant/tests/etcd-ssl
echo '{"CN":"CA","key":{"algo":"rsa","size":2048}}' | cfssl gencert -initca - | cfssljson -bare ca -
echo '{"signing":{"default":{"expiry":"43800h","usages":["signing","key encipherment","server auth","client auth"]}}}' > ca-config.json
Generate certs
export ADDRESS=192.168.52.30,sensu-backend1
export NAME=sensu-backend1
echo '{"CN":"'$NAME'","hosts":[""],"key":{"algo":"rsa","size":2048}}' | cfssl gencert -config=ca-config.json -ca=ca.pem -ca-key=ca-key.pem -hostname="$ADDRESS" -profile=peer - | cfssljson -bare $NAME
export ADDRESS=192.168.52.31,sensu-backend2
export NAME=sensu-backend2
echo '{"CN":"'$NAME'","hosts":[""],"key":{"algo":"rsa","size":2048}}' | cfssl gencert -config=ca-config.json -ca=ca.pem -ca-key=ca-key.pem -hostname="$ADDRESS" -profile=peer - | cfssljson -bare $NAME
export NAME=client
echo '{"CN":"'$NAME'","hosts":[""],"key":{"algo":"rsa","size":2048}}' | cfssl gencert -config=ca-config.json -ca=ca.pem -ca-key=ca-key.pem -hostname="" -profile=client - | cfssljson -bare $NAME
Currently tests/secrets.tar
holds secrets:
- sensu_licenson.json - test enterprise license
- secrets - environment variables that are secrets used by various scripts
Encrypt tests/secrets.tar
, this should only be run if new secrets are needing to be added or modified.
The SENSU_SECRETS_PASSWORD
secret must be updated with password printed
./tests/encrypt-secrets.sh
Decrypt tests/secrets.tar
. Requires SENSU_SECRETS_PASSWORD
environment variable.
./tests/decrypt-secrets.sh