-
Notifications
You must be signed in to change notification settings - Fork 18
/
script-08.sh
125 lines (110 loc) · 4.78 KB
/
script-08.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
#!/usr/bin/bash
usage(){
echo "Usage: $0 [<provider>]"
echo "Supported provider:"
echo " AWS"
echo " VirtualBox"
echo " libvirt"
}
configure_awscli(){
aws configure set aws_access_key_id $2 --profile $1
aws configure set aws_secret_access_key $3 --profile $1
}
# Improve readability of output
echo "========================================================================================="
echo "===>"
echo "===> Running $0"
echo "===> Configure S3 Object user and project"
echo "===>"
echo "========================================================================================="
# Print commands and their arguments as they are executed
set -x
# Exit script immediately, if one of the commands returns error code
set -e
# Exit, if not exactly one argument given
if [ $# -ne 1 ]; then
usage
exit -1
fi
# Use first argument as current underlying provider
case $1 in
'AWS'|'VirtualBox'|'libvirt' )
PROVIDER=$1
;;
*)
usage
exit -1
;;
esac
# Create S3 test users
echo "===> Create S3 tests users"
S3U1=$(mms3 account create s3user1 --gid 1000 --uid 1000 --newBucketsPath /ibm/fs1/examples/buckets | tail -1)
S3U2=$(mms3 account create s3user2 --gid 1000 --uid 1001 --newBucketsPath /ibm/fs1/examples/buckets-u2 | tail -1)
S3U3=$(mms3 account create s3user3 --gid 1002 --uid 1002 --newBucketsPath /ibm/fs1/examples/buckets-u3 | tail -1)
# Configure TLS certificate for S3 access
echo "===> Configure TLS certificate for S3 access"
cd /home/vagrant
mkdir aws-cert
cd aws-cert
cat <<EOF>san.cnf
[req]
req_extensions = req_ext
distinguished_name = req_distinguished_name
[req_distinguished_name]
CN = localhost
[req_ext]
# The subjectAltName line directly specifies the domain names and IP addresses that the certificate should be valid for.
# This ensures the SSL certificate matches the domain or IP used in your S3 command.
# Example:
# 'DNS:localhost' makes the certificate valid when accessing S3 storage via 'localhost'.
# 'DNS:cess3-domain-name-example.com' adds a specific domain to the certificate. Replace 'cess3- domain-name-example.com' with your actual domain.
# 'IP:<nsfs-server-ip>' includes an IP address. Replace '<nsfs-server-ip>' with the actual IP address of your S3 server.
subjectAltName = DNS:localhost,DNS:cesip.example.com
EOF
sudo openssl genpkey -algorithm RSA -out tls.key
sudo openssl req -new -key tls.key -out tls.csr -config san.cnf -subj "/CN=localhost"
sudo openssl x509 -req -days 365 -in tls.csr -signkey tls.key -out tls.crt -extfile san.cnf -extensions req_ext
sudo mkdir /ibm/cesShared/ces/s3-config/certificates
sudo cp tls.key tls.crt /ibm/cesShared/ces/s3-config/certificates/
cd ..
sudo chown -R vagrant:vagrant aws-cert
sudo mmces service stop s3
sudo mmces service start s3
# "S3 Client": Install AWS CLI v2
echo "===> S3 Client: Install AWS CLI v2"
cd /software
curl -s https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip
dnf -y install unzip
unzip awscliv2.zip 2>&1 >/dev/null
cd aws
sudo ./install
cd ..
rm -rf awscliv2.zip aws
# Wait some time for the service to get online. 10 seconds seem to be fine (issue #59)
echo "===> Wait for the service to settle. Required for VirtualBox/Windows, not required on libvirt/Linux"
sleep 10
# "S3 Client": Configure AWS CLI with user credentials
echo "===> S3 Client: Configure AWS CLI with user credentials"
configure_awscli s3user1 $S3U1
configure_awscli s3user2 $S3U2
configure_awscli s3user3 $S3U3
sudo cp -r /root/.aws /home/vagrant
sudo chown -R vagrant:vagrant /home/vagrant/.aws
# "S3 Client": Test S3 interface
echo "===> S3 Client: Test S3 API operations"
AWS_CA_BUNDLE=/home/vagrant/aws-cert/tls.crt aws --profile s3user1 --endpoint https://cesip.example.com:6443 s3 mb s3://testbucket
AWS_CA_BUNDLE=/home/vagrant/aws-cert/tls.crt aws --profile s3user1 --endpoint https://cesip.example.com:6443 s3 ls
# "S3 Client": Set some aliases
echo "===> S3 Client: Add aliases to shorten S3 CLI, for example use s3 ls."
cat <<EOF>>/home/vagrant/.bashrc
# User specific aliases and functions
alias s3="AWS_CA_BUNDLE=/home/vagrant/aws-cert/tls.crt aws --profile s3user1 --endpoint https://cesip.example.com:6443 s3"
alias s3api="AWS_CA_BUNDLE=/home/vagrant/aws-cert/tls.crt aws --profile s3user1 --endpoint https://cesip.example.com:6443 s3api"
alias s3u2="AWS_CA_BUNDLE=/home/vagrant/aws-cert/tls.crt aws --profile s3user2 --endpoint https://cesip.example.com:6443 s3"
alias s3u2api="AWS_CA_BUNDLE=/home/vagrant/aws-cert/tls.crt aws --profile s3user2 --endpoint https://cesip.example.com:6443 s3api"
alias s3u3="AWS_CA_BUNDLE=/home/vagrant/aws-cert/tls.crt aws --profile s3user3 --endpoint https://cesip.example.com:6443 s3"
alias s3u3api="AWS_CA_BUNDLE=/home/vagrant/aws-cert/tls.crt aws --profile s3user3 --endpoint https://cesip.example.com:6443 s3api"
EOF
# Exit successfully
echo "===> Script completed successfully!"
exit 0