Use the CI container for generating the Server cert

distributed-system-analysis · Jun 14, 2023 · 4a10f9f · 4a10f9f
1 parent 7ebc3ac
commit 4a10f9f
Showing 1 changed file with 14 additions and 18 deletions.
diff --git a/server/pbenchinacan/run-pbench-in-a-can b/server/pbenchinacan/run-pbench-in-a-can
@@ -101,24 +101,20 @@ podman run \
 # match the host that the container is running on, so we generate it on the fly
 # and place it in the deployment files directory.
 #
-# We do this in the Pbench Server container so that we get a known version of
-# openssl (the native one on the Jenkins executors appears to be ancient).
-podman run \
-    --rm \
-    --volume ${PB_DEPLOY_FILES}:/data:Z \
-    --volume ${PWD}/${pbiac_etc}/pki/tls:/pki_tls:Z \
-    --entrypoint /usr/bin/openssl \
-    ${PB_SERVER_IMAGE} \
-    req -batch -new -noenc -sha256 -days 365 -newkey rsa:2048 \
-    -out /data/pbench-server.crt \
-    -keyout /data/pbench-server.key \
-    -subj "/C=US/ST=Massachusetts/L=Westford/O=Red Hat/OU=Performance & Scale/CN=${host_name}" \
-    -CA /pki_tls/certs/pbench_CA.crt \
-    -CAkey /pki_tls/private/pbench_CA.key \
-    -addext "authorityKeyIdentifier = keyid,issuer" \
-    -addext "basicConstraints=CA:FALSE" \
-    -addext "keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment" \
-    -addext "subjectAltName = IP.2:${host_ip}"
+# We do this in the CI container so that we get a known version of openssl (the
+# native one on the Jenkins executors appears to be ancient).
+EXTRA_PODMAN_SWITCHES="--volume ${PB_DEPLOY_FILES}:/data:Z --volume ${PWD}/${pbiac_etc}/pki/tls:/pki_tls:Z" \
+    jenkins/run \
+        openssl req -batch -new -noenc -sha256 -days 365 -newkey rsa:2048 \
+        -out /data/pbench-server.crt \
+        -keyout /data/pbench-server.key \
+        -subj "/C=US/ST=Massachusetts/L=Westford/O=Red Hat/OU=Performance & Scale/CN=${host_name}" \
+        -CA /pki_tls/certs/pbench_CA.crt \
+        -CAkey /pki_tls/private/pbench_CA.key \
+        -addext "authorityKeyIdentifier = keyid,issuer" \
+        -addext "basicConstraints=CA:FALSE" \
+        -addext "keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment" \
+        -addext "subjectAltName = IP.2:${host_ip}"
 
 #+
 # Start the services which the Pbench Server depends upon and then start the