teracy-dev-certs

teracy-dev extension is used for certificates related functionalities.

This extension will generate self signed CA certificate and use that own CA to sign other certificates.

For example, the generated files:

$ tree workspace/certs/
workspace/certs/
├── ca-key.pem
├── ca.crt
├── ca.csr
├── node.local.crt
├── node.local.csr
└── node.local.pem

0 directories, 6 files

Prerequisites

Vagrant >= 2.1, VirtualBox >= 5.2
Ansible >= 2.7 if you're running Ansible on the host machine
teracy-dev v0.6

Supported Guest Operating System

Ubuntu

How to use

Configure workspace/teracy-dev-entry/config_default.yaml with the following similar content:

Use specific version:

teracy-dev:
  extensions:
    - _id: "entry-certs"
      path:
        extension: teracy-dev-certs
      location:
        git: https://github.com/teracyhq-incubator/teracy-dev-certs.git
        branch: v0.1.0
      require_version: ">= 0.1.0"
      enabled: true

Use latest stable version (auto update):

teracy-dev:
  extensions:
    - _id: "entry-certs"
      path:
        extension: teracy-dev-certs
      location:
        git: https://github.com/teracyhq-incubator/teracy-dev-certs.git
        branch: master
      require_version: ">= 0.1.0"
      enabled: true

Use latest develop version (auto update):

teracy-dev:
  extensions:
    - _id: "entry-certs"
      path:
        extension: teracy-dev-certs
      location:
        git: https://github.com/teracyhq-incubator/teracy-dev-certs.git
        branch: develop
      require_version: ">= 0.1.0-SNAPSHOT"
      enabled: true

Then configure your specified variables by following the Reference
After that, $ vagrant up --provision or $ vagrant provision should generate certificates.

How to trust the self-signed CA certificate

The root CA certificate is generated at the workspace/certs/ca.crt and you must add this certificate as trusted on the running systems
See:

Reference

You can override the following configuration variables on the workspace/teracy-dev-entry/config_override.yaml file:

teracy-dev-certs:
  # the node id which certs will provision
  node_id: "0" # 0 by default from teracy-dev-core
  ansible_mode: guest # or host to run ansible from the host machine
  common_name: "%{node_hostname_prefix}.%{node_domain_affix}"
  alt_names:
    - "%{node_hostname_prefix}.%{node_domain_affix}"

For example:

teracy-dev-certs:
  # the node id which certs will provision
  node_id: "0" # 0 by default from teracy-dev-core
  ansible_mode: host # or host to run ansible from the host machine
  common_name: "%{node_hostname_prefix}.%{node_domain_affix}"
  alt_names:
    - "%{node_hostname_prefix}.%{node_domain_affix}"
    - "auth.%{node_hostname_prefix}.%{node_domain_affix}"
    - "login.%{node_hostname_prefix}.%{node_domain_affix}"

How to develop

You should configure the forked git repo into the workspace directory by adding the following similar content into workspace/teracy-dev-entry/config_override.yaml:

teracy-dev:
  extensions:
    - _id: "entry-certs" # must match the _id configured from the config_default.yaml file
      path:
        lookup: workspace # use workspace directory to lookup for this extension
      location:
        git: git@github.com:hoatle/teracy-dev-certs.git # your forked repo
        branch: develop
      require_version: ">= 0.1.0-SNAPSHOT"

hoatle / teracy-dev-certs