mirror of
https://github.com/gravitl/netmaker.git
synced 2024-09-20 15:26:04 +08:00
always save certs on server start
This commit is contained in:
parent
5cccc4c889
commit
8e5ee2a390
36
main.go
36
main.go
|
@ -220,13 +220,13 @@ func genCerts() error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err := serverctl.SaveCert(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.ROOT_PEM_NAME, rootCA); err != nil {
|
||||
return err
|
||||
}
|
||||
ca = rootCA
|
||||
} else if err != nil {
|
||||
return err
|
||||
}
|
||||
if err := serverctl.SaveCert(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.ROOT_PEM_NAME, ca); err != nil {
|
||||
return err
|
||||
}
|
||||
cert, err := serverctl.ReadCertFromDB(tls.SERVER_PEM_NAME)
|
||||
if errors.Is(err, os.ErrNotExist) || database.IsEmptyRecord(err) || cert.NotAfter.Before(time.Now().Add(time.Hour*24*10)) {
|
||||
//gen new key
|
||||
|
@ -240,19 +240,20 @@ func genCerts() error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
cert, err := tls.NewEndEntityCert(*private, csr, ca, tls.CERTIFICATE_VALIDITY)
|
||||
newCert, err := tls.NewEndEntityCert(*private, csr, ca, tls.CERTIFICATE_VALIDITY)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err := serverctl.SaveKey(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.SERVER_KEY_NAME, key); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := serverctl.SaveCert(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.SERVER_PEM_NAME, cert); err != nil {
|
||||
return err
|
||||
}
|
||||
cert = newCert
|
||||
} else if err != nil {
|
||||
return err
|
||||
}
|
||||
if err := serverctl.SaveCert(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.SERVER_PEM_NAME, cert); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
logger.Log(2, "ensure the root.pem, root.key, server.pem, and server.key files are updated on your broker")
|
||||
|
||||
|
@ -269,7 +270,7 @@ func genCerts() error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
serverClientCert, err := tls.NewEndEntityCert(*private, csr, ca, tls.CERTIFICATE_VALIDITY)
|
||||
newServerClientCert, err := tls.NewEndEntityCert(*private, csr, ca, tls.CERTIFICATE_VALIDITY)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -277,23 +278,12 @@ func genCerts() error {
|
|||
if err := serverctl.SaveKey(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.SERVER_CLIENT_KEY, key); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := serverctl.SaveCert(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.SERVER_CLIENT_PEM, serverClientCert); err != nil {
|
||||
return err
|
||||
}
|
||||
serverClientCert = newServerClientCert
|
||||
} else if err != nil {
|
||||
return err
|
||||
} else if err == nil {
|
||||
logger.Log(0, "detected valid server client cert, re-saving for future consumption")
|
||||
key, err := serverctl.ReadKeyFromDB(tls.SERVER_CLIENT_KEY)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err := serverctl.SaveKey(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.SERVER_CLIENT_KEY, *key); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := serverctl.SaveCert(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.SERVER_CLIENT_PEM, serverClientCert); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
if err := serverctl.SaveCert(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.SERVER_CLIENT_PEM, serverClientCert); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return serverctl.SetClientTLSConf(
|
||||
|
|
Loading…
Reference in a new issue