Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Script to generate Kafka keystores for SSL #955

Closed
wants to merge 2 commits into from
Closed

Script to generate Kafka keystores for SSL #955

wants to merge 2 commits into from

Conversation

nasark
Copy link
Member

@nasark nasark commented Apr 10, 2023

  • script to generate kafka truststore and keystore files using provided CA (such as root.crt created in cert_generator.rb) and keystore password determined by user

Needed for:

@miq-bot assign @bdunne
@miq-bot add_reviewer @Fryguy
@miq-bot add_label enhancement

@nasark nasark requested a review from bdunne as a code owner April 10, 2023 13:29
@nasark nasark mentioned this pull request Apr 10, 2023
Closed
1 task
@miq-bot miq-bot requested a review from Fryguy April 10, 2023 13:32
@nasark nasark mentioned this pull request Apr 10, 2023
Closed
5 tasks
Fryguy
Fryguy reviewed Apr 19, 2023
View reviewed changes
tools/keystore_generator.sh
fi

# Generate truststore containing CA
keytool -keystore ./kafka.truststore.jks \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where does keytool come from?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

keytool comes with any Java distribution. I guess this means that the script assumes the user has Java on their system. Would this be an issue?

Fryguy
Fryguy reviewed Apr 19, 2023
View reviewed changes
tools/keystore_generator.sh
Comment on lines +14 to +22
if [ -z "$KEYSTORE_PASS" ]; then
echo "Please provide a keystore password in KEYSTORE_PASS"
exit 1
fi
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For security reasons we may want to read the password from STDIN.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated the script to now use read

@nasark nasark force-pushed the keystore_gen_script branch from d0c75fb to 7b8780a Compare April 24, 2023 14:25
@bdunne
Copy link
Member

bdunne commented May 3, 2023

Is it possible to go the other direction leave generation of the certificates in the current script and have an entrypoint script on the kafka container that creates a keystore and adds those certs to it?

@nasark nasark mentioned this pull request May 5, 2023
Open
1 task
@nasark
Copy link
Member Author

nasark commented May 5, 2023

Is it possible to go the other direction leave generation of the certificates in the current script and have an entrypoint script on the kafka container that creates a keystore and adds those certs to it?

ManageIQ/container-kafka#2

@miq-bot miq-bot added the stale label Aug 7, 2023
@miq-bot
Copy link
Member

miq-bot commented Aug 7, 2023

This pull request has been automatically marked as stale because it has not been updated for at least 3 months.

If these changes are still valid, please remove the stale label, make any changes requested by reviewers (if any), and ensure that this issue is being looked at by the assigned/reviewer(s)

Thank you for all your contributions! More information about the ManageIQ triage process can be found in the triage process documentation.

@miq-bot miq-bot closed this Nov 13, 2023
@miq-bot
Copy link
Member

miq-bot commented Nov 13, 2023

This pull request has been automatically closed because it has not been updated for at least 3 months.

Feel free to reopen this pull request if these changes are still valid.

Thank you for all your contributions! More information about the ManageIQ triage process can be found in the triage process documentation.

@kbrock
Copy link
Member

kbrock commented Nov 13, 2023

Would have preferred this being in appliance_console{_cli} but if that does not create certificates, then that request is out of scope.

Did we want the bot to close this?
Seems it is still outstanding

@kbrock kbrock reopened this Nov 13, 2023
@miq-bot
Copy link
Member

miq-bot commented Nov 13, 2023

Checked commits nasark/manageiq-pods@504c330~...7b8780a with ruby 2.6.10, rubocop 1.28.2, haml-lint 0.35.0, and yamllint
1 file checked, 1 offense detected

**

  • 💣 💥 🔥 🚒 - Linter/Rubocop - missing config files

@nasark
Copy link
Member Author

nasark commented Nov 16, 2023

This can be closed as we are no longer moving forward with Bitnami and this will not be needed for Strimzi

@nasark nasark closed this Nov 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Fryguy Fryguy Fryguy left review comments

@bdunne bdunne Awaiting requested review from bdunne bdunne is a code owner

Assignees

@bdunne bdunne

Labels
enhancement stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@nasark @bdunne @miq-bot @kbrock @Fryguy