Generate TLS artifacts used by Admin Router and Exhibitor. The
created artifacts, if placed in specific locations on aDC/OS Enterprise
master node, secure the Exhibitor ensemble. This is achieved by making
each Exhibitor node talk TLS to the other using the artifacts generated
by this script. Admin Router is the only instance, other than Exhibitor
that can pick up these artifacts and talk to the ensemble.
Java 8must be installed.OpenSSL 1.x.ymust be installed.
To keep your global python environment clean, we suggest creating a virtual
environment using virtualenv.
-
Install
virtualenvrun the following:pip install virtualenv
-
Create a virtual environment (
Python3.4is required) :virualenv -p python3.4 <name of environment>
To install the exhibitor-tls-artifacts package, from the same directory as
this file, run the following:
pip install --editable .exhibitor-tls-artifacts [OPTIONS] [SANS]...
Args:
SANS: Subject Alternative Names to be put in the end-entity
certificates. Can be DNS names or IP addresses.
Options:
-d, --dir TEXT Directory to put generated artifacts in.
Default: ./artifacts/ .
--help Show this message and exit.All artifacts are found in ./artifacts/ or in the user specified directory.
clientstore.jks- Contains
client-cert.pemandclient-key.pem. - Is used by
Exhibitorinstances to present client certificates.
- Contains
client-cert.pemandclient-key.pem- Are used by
Admin Routeras client (certificate, key) pair to talk toExhibitor.
- Are used by
serverstore.jks- Contains
server-cert.pemandserver-key.pem. - Is used by
Exhibitorinstances to present server certificates.
- Contains
truststore.jks- Contains
root-cert.pem. - Is used by
Exhibitorto verify presented certificates (client and server).
- Contains
root-cert.pem- Is used by
Admin Routerto verifyExhibitorserver certificates.
- Is used by
To run the tests first follow the instructions under Installation to get all the required dependencies. Then run:
pytest tests/