Remove TODO and genkeys.sh
This commit is contained in:
parent
7f26ed55cd
commit
ccce75bc25
27
TODO
27
TODO
@ -1,27 +0,0 @@
|
|||||||
Testing
|
|
||||||
-------
|
|
||||||
|
|
||||||
How are we going to test that our replication method works correctly?
|
|
||||||
We will have to introduce lots of dummy data and then add/remove nodes many times.
|
|
||||||
|
|
||||||
|
|
||||||
Attaining S3 compatibility
|
|
||||||
--------------------------
|
|
||||||
|
|
||||||
- test multipart uploads
|
|
||||||
- get ranges
|
|
||||||
|
|
||||||
- fix sync not working in some cases ? (when starting from empty?)
|
|
||||||
|
|
||||||
- api_server following the S3 semantics for head/get/put/list/delete: verify more that it works as intended
|
|
||||||
- PUT requests: verify content-md5 if provided
|
|
||||||
- possibly other necessary endpoints ?
|
|
||||||
|
|
||||||
|
|
||||||
Lower priority
|
|
||||||
--------------
|
|
||||||
|
|
||||||
- less a priority: hinted handoff
|
|
||||||
- repair: re-propagate block ref table to rc
|
|
||||||
- FIXME in rpc_server when garage shuts down and futures can be interrupted
|
|
||||||
(tokio::spawn should be replaced by a new function background::spawn_joinable)
|
|
83
genkeys.sh
83
genkeys.sh
@ -1,83 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
set -xe
|
|
||||||
|
|
||||||
cd $(dirname $0)
|
|
||||||
|
|
||||||
mkdir -p pki
|
|
||||||
cd pki
|
|
||||||
|
|
||||||
# Create a certificate authority that both the client side and the server side of
|
|
||||||
# the RPC protocol will use to authenticate the other side.
|
|
||||||
if [ ! -f garage-ca.key ]; then
|
|
||||||
echo "Generating Garage CA keys..."
|
|
||||||
openssl genpkey -algorithm ED25519 -out garage-ca.key
|
|
||||||
openssl req -x509 -new -nodes -key garage-ca.key -sha256 -days 3650 -out garage-ca.crt -subj "/C=FR/O=Garage"
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# Generate a certificate that can be used either as a server certificate
|
|
||||||
# or a client certificate. This is what the RPC client and server will use
|
|
||||||
# to prove that they are authenticated by the CA.
|
|
||||||
if [ ! -f garage.crt ]; then
|
|
||||||
echo "Generating Garage agent keys..."
|
|
||||||
if [ ! -f garage.key ]; then
|
|
||||||
openssl genpkey -algorithm ED25519 -out garage.key
|
|
||||||
fi
|
|
||||||
openssl req -new -sha256 -key garage.key -subj "/C=FR/O=Garage/CN=garage" \
|
|
||||||
-out garage.csr
|
|
||||||
openssl req -in garage.csr -noout -text
|
|
||||||
openssl x509 -req -in garage.csr \
|
|
||||||
-extensions v3_req \
|
|
||||||
-extfile <(cat <<EOF
|
|
||||||
[req]
|
|
||||||
distinguished_name = req_distinguished_name
|
|
||||||
req_extensions = v3_req
|
|
||||||
prompt = no
|
|
||||||
|
|
||||||
[req_distinguished_name]
|
|
||||||
C = FR
|
|
||||||
O = Garage
|
|
||||||
CN = garage
|
|
||||||
|
|
||||||
[v3_req]
|
|
||||||
keyUsage = keyEncipherment, dataEncipherment
|
|
||||||
extendedKeyUsage = serverAuth, clientAuth
|
|
||||||
subjectAltName = @alt_names
|
|
||||||
[alt_names]
|
|
||||||
DNS.1 = garage
|
|
||||||
EOF
|
|
||||||
) \
|
|
||||||
-CA garage-ca.crt -CAkey garage-ca.key -CAcreateserial \
|
|
||||||
-out garage.crt -days 365
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Client-only certificate used for the CLI
|
|
||||||
if [ ! -f garage-client.crt ]; then
|
|
||||||
echo "Generating Garage client keys..."
|
|
||||||
if [ ! -f garage-client.key ]; then
|
|
||||||
openssl genpkey -algorithm ED25519 -out garage-client.key
|
|
||||||
fi
|
|
||||||
openssl req -new -sha256 -key garage-client.key -subj "/C=FR/O=Garage" \
|
|
||||||
-out garage-client.csr
|
|
||||||
openssl req -in garage-client.csr -noout -text
|
|
||||||
openssl x509 -req -in garage-client.csr \
|
|
||||||
-extensions v3_req \
|
|
||||||
-extfile <(cat <<EOF
|
|
||||||
[req]
|
|
||||||
distinguished_name = req_distinguished_name
|
|
||||||
req_extensions = v3_req
|
|
||||||
prompt = no
|
|
||||||
|
|
||||||
[req_distinguished_name]
|
|
||||||
C = FR
|
|
||||||
O = Garage
|
|
||||||
|
|
||||||
[v3_req]
|
|
||||||
keyUsage = keyEncipherment, dataEncipherment
|
|
||||||
extendedKeyUsage = clientAuth
|
|
||||||
EOF
|
|
||||||
) \
|
|
||||||
-CA garage-ca.crt -CAkey garage-ca.key -CAcreateserial \
|
|
||||||
-out garage-client.crt -days 365
|
|
||||||
fi
|
|
Loading…
Reference in New Issue
Block a user