try FQDN farm02.wit.com

Signed-off-by: Jeff Carr <jcarr@wit.com>
this might work
2024-10-10 18:19:12 -05:00 · 2024-10-10 17:31:25 -05:00 · 2024-10-10 17:24:57 -05:00 · 2024-10-10 17:14:28 -05:00 · 2024-10-10 16:42:59 -05:00 · 2024-10-10 16:35:49 -05:00
11 changed files with 194 additions and 7 deletions
--- a/71
+++ b/71
@ -9,8 +9,13 @@ all:
 	make make-ca-private-key
 	make make-Certificate-Authority-Certificate-file
 	cd farm && make all
+	cd client && make all
 	make create

+tag:
+	git tag -m 'maybe works' v0.0.2
+	git push --tags
+
 make-ca-private-key:
 	certtool --generate-privkey > certificate_authority_key.pem
 	# umask 277 certificate_authority_key.pem
@ -23,15 +28,17 @@ make-Certificate-Authority-Certificate-file:
 		--outfile certificate_authority_certificate.pem

 create:
-	mkdir -p debian/files/etc/pki/CA/
 	mkdir -p debian/DEBIAN
 	cp control debian/DEBIAN/
 	echo "Version: 0."$(STAMP) >> debian/DEBIAN/control
 	echo "2.0" > debian/debian-binary
-	cp certificate_authority_key.pem debian/files/etc/pki/CA/cacert.pem
-	cp farm/*server_key.pem debian/files/etc/pki/CA/
+	mkdir -p debian/files/etc/pki/CA/
+	cp Makefile debian/files/etc/pki/CA/
+	cp *.pem debian/files/etc/pki/CA/
+	cp farm/*.pem debian/files/etc/pki/CA/
+	cp client/*.pem debian/files/etc/pki/CA/
 	chmod 444 debian/files/etc/pki/CA/*.pem
-	cd debian/files/ && md5sum etc/pki/CA/cacert.pem > ../DEBIAN/md5sum
+	cd debian/files/ && md5sum etc/pki/CA/* > ../DEBIAN/md5sum
 	cd debian/DEBIAN && tar --ignore-failed-read -cvJf ../control.tar.xz {post,pre}{inst,rm} md5sums control
 	cd debian/files && tar -cvJf ../data.tar.xz .
 	cd debian && ar rcs ../wit-libvirt-tls-cert.$(STAMP).deb debian-binary control.tar.xz data.tar.xz
@ -42,3 +49,59 @@ clean:
 	rm -f *.deb
 	rm -rf debian/
 	cd farm && make clean
+	cd client && make clean
+
+farm01:
+	cp /etc/pki/CA/certificate_authority_certificate.pem /etc/pki/CA/cacert.pem
+	mkdir -p /etc/pki/libvirt/private/
+	cp /etc/pki/CA/farm01_server_certificate.pem /etc/pki/libvirt/servercert.pem
+	cp /etc/pki/CA/farm01_server_key.pem /etc/pki/libvirt/private/serverkey.pem
+	cp /etc/pki/CA/farm01_client_certificate.pem /etc/pki/libvirt/clientcert.pem
+	cp /etc/pki/CA/farm01_client_key.pem /etc/pki/libvirt/private/clientkey.pem
+
+farm02:
+	cp /etc/pki/CA/certificate_authority_certificate.pem /etc/pki/CA/cacert.pem
+	mkdir -p /etc/pki/libvirt/private/
+	cp /etc/pki/CA/farm02_server_certificate.pem /etc/pki/libvirt/servercert.pem
+	cp /etc/pki/CA/farm02_server_key.pem /etc/pki/libvirt/private/serverkey.pem
+	cp /etc/pki/CA/farm02_client_certificate.pem /etc/pki/libvirt/clientcert.pem
+	cp /etc/pki/CA/farm02_client_key.pem /etc/pki/libvirt/private/clientkey.pem
+
+farm03:
+	cp /etc/pki/CA/certificate_authority_certificate.pem /etc/pki/CA/cacert.pem
+	mkdir -p /etc/pki/libvirt/private/
+	cp /etc/pki/CA/farm03_server_certificate.pem /etc/pki/libvirt/servercert.pem
+	cp /etc/pki/CA/farm03_server_key.pem /etc/pki/libvirt/private/serverkey.pem
+	cp /etc/pki/CA/farm03_client_certificate.pem /etc/pki/libvirt/clientcert.pem
+	cp /etc/pki/CA/farm03_client_key.pem /etc/pki/libvirt/private/clientkey.pem
+
+farm04:
+	cp /etc/pki/CA/certificate_authority_certificate.pem /etc/pki/CA/cacert.pem
+	mkdir -p /etc/pki/libvirt/private/
+	cp /etc/pki/CA/farm04_server_certificate.pem /etc/pki/libvirt/servercert.pem
+	cp /etc/pki/CA/farm04_server_key.pem /etc/pki/libvirt/private/serverkey.pem
+	#cp /etc/pki/CA/farm04_client_certificate.pem /etc/pki/libvirt/clientcert.pem
+	#cp /etc/pki/CA/farm04_client_key.pem /etc/pki/libvirt/private/clientkey.pem
+
+farm05:
+	cp /etc/pki/CA/certificate_authority_certificate.pem /etc/pki/CA/cacert.pem
+	mkdir -p /etc/pki/libvirt/private/
+	cp /etc/pki/CA/farm05_server_certificate.pem /etc/pki/libvirt/servercert.pem
+	cp /etc/pki/CA/farm05_server_key.pem /etc/pki/libvirt/private/serverkey.pem
+	#cp /etc/pki/CA/farm05_client_certificate.pem /etc/pki/libvirt/clientcert.pem
+	#cp /etc/pki/CA/farm05_client_key.pem /etc/pki/libvirt/private/clientkey.pem
+
+list-farm01:
+	virsh -c qemu://farm01/system list
+
+list-farm02:
+	virsh -c qemu://farm02.wit.com/system list
+
+list-farm03:
+	virsh -c qemu://farm03.wit.com/system list
+
+list-farm04:
+	virsh -c qemu://farm04/system list
+
+list-farm05:
+	virsh -c qemu://farm05/system list
--- a/client/Makefile
+++ b/client/Makefile
@ -0,0 +1,47 @@
+info:
+	echo "make all    # to actually make everything"
+
+all:
+	certtool --generate-privkey > farm01_client_key.pem
+	certtool --generate-privkey > farm02_client_key.pem
+	certtool --generate-privkey > farm03_client_key.pem
+	certtool --generate-privkey > admin_desktop_client_key.pem
+	make farm01-client
+	make farm02-client
+	make farm03-client
+	make admin-client
+
+clean:
+	rm *.pem
+
+admin-client:
+	certtool --generate-certificate \
+		--template admin_desktop_client_template.info \
+		--load-privkey admin_desktop_client_key.pem \
+		--load-ca-certificate ../certificate_authority_certificate.pem \
+		--load-ca-privkey ../certificate_authority_key.pem \
+		--outfile admin_desktop_client_certificate.pem
+
+farm01-client:
+	certtool --generate-certificate \
+		--template farm01_client_template.info \
+		--load-privkey farm01_client_key.pem \
+		--load-ca-certificate ../certificate_authority_certificate.pem \
+		--load-ca-privkey ../certificate_authority_key.pem \
+		--outfile farm01_client_certificate.pem
+
+farm02-client:
+	certtool --generate-certificate \
+		--template farm02_client_template.info \
+		--load-privkey farm02_client_key.pem \
+		--load-ca-certificate ../certificate_authority_certificate.pem \
+		--load-ca-privkey ../certificate_authority_key.pem \
+		--outfile farm02_client_certificate.pem
+
+farm03-client:
+	certtool --generate-certificate \
+		--template farm03_client_template.info \
+		--load-privkey farm03_client_key.pem \
+		--load-ca-certificate ../certificate_authority_certificate.pem \
+		--load-ca-privkey ../certificate_authority_key.pem \
+		--outfile farm03_client_certificate.pem
--- a/client/admin_desktop_client_template.info
+++ b/client/admin_desktop_client_template.info
@ -0,0 +1,8 @@
+country = US
+state = Wisconsin
+locality = Madison
+organization = WIT.COM Inc.
+cn = wilddog
+tls_www_client
+encryption_key
+signing_key
--- a/client/farm01_client_template.info
+++ b/client/farm01_client_template.info
@ -0,0 +1,8 @@
+country = US
+state = Wisconsin
+locality = Madison
+organization = WIT.COM Inc.
+cn = farm01
+tls_www_client
+encryption_key
+signing_key
--- a/client/farm02_client_template.info
+++ b/client/farm02_client_template.info
@ -0,0 +1,8 @@
+country = US
+state = Wisconsin
+locality = Madison
+organization = WIT.COM Inc.
+cn = farm02.wit.com
+tls_www_client
+encryption_key
+signing_key
--- a/client/farm03_client_template.info
+++ b/client/farm03_client_template.info
@ -0,0 +1,8 @@
+country = US
+state = Wisconsin
+locality = Madison
+organization = WIT.COM Inc.
+cn = farm03
+tls_www_client
+encryption_key
+signing_key
--- a/farm/Makefile
+++ b/farm/Makefile
@ -5,10 +5,19 @@ all:
 	make mkcerts
 	make certtool-farm01
 	make certtool-farm02
+	make certtool-farm03
+	make certtool-farm04
+	make certtool-farm05
+
+clean:
+	rm -f *.pem

 mkcerts:
 	certtool --generate-privkey > farm01_server_key.pem
 	certtool --generate-privkey > farm02_server_key.pem
+	certtool --generate-privkey > farm03_server_key.pem
+	certtool --generate-privkey > farm04_server_key.pem
+	certtool --generate-privkey > farm05_server_key.pem

 certtool-farm01:
 	certtool --generate-certificate \
@ -26,5 +35,26 @@ certtool-farm02:
 		--load-ca-privkey ../certificate_authority_key.pem \
 		--outfile farm02_server_certificate.pem

-clean:
-	rm -f *.pem
+certtool-farm03:
+	certtool --generate-certificate \
+		--template farm03_server_template.info \
+		--load-privkey farm03_server_key.pem \
+		--load-ca-certificate ../certificate_authority_certificate.pem \
+		--load-ca-privkey ../certificate_authority_key.pem \
+		--outfile farm03_server_certificate.pem
+
+certtool-farm04:
+	certtool --generate-certificate \
+		--template farm04_server_template.info \
+		--load-privkey farm04_server_key.pem \
+		--load-ca-certificate ../certificate_authority_certificate.pem \
+		--load-ca-privkey ../certificate_authority_key.pem \
+		--outfile farm04_server_certificate.pem
+
+certtool-farm05:
+	certtool --generate-certificate \
+		--template farm05_server_template.info \
+		--load-privkey farm05_server_key.pem \
+		--load-ca-certificate ../certificate_authority_certificate.pem \
+		--load-ca-privkey ../certificate_authority_key.pem \
+		--outfile farm05_server_certificate.pem
--- a/farm/farm02_server_template.info
+++ b/farm/farm02_server_template.info
@ -1,5 +1,5 @@
 organization = WIT.COM Inc.
-cn = farm02
+cn = farm02.wit.com
 tls_www_server
 encryption_key
 signing_key
--- a/farm/farm03_server_template.info
+++ b/farm/farm03_server_template.info
@ -0,0 +1,5 @@
+organization = WIT.COM Inc.
+cn = farm03
+tls_www_server
+encryption_key
+signing_key
--- a/farm/farm04_server_template.info
+++ b/farm/farm04_server_template.info
@ -0,0 +1,5 @@
+organization = WIT.COM Inc.
+cn = farm04
+tls_www_server
+encryption_key
+signing_key
--- a/farm/farm05_server_template.info
+++ b/farm/farm05_server_template.info
@ -0,0 +1,5 @@
+organization = WIT.COM Inc.
+cn = farm05
+tls_www_server
+encryption_key
+signing_key
Author	SHA1	Message	Date
Jeff Carr	a7505dfabc	try FQDN farm02.wit.com Signed-off-by: Jeff Carr <jcarr@wit.com>	2024-10-10 18:19:12 -05:00
Jeff Carr	7e89b1e50e	this might work Signed-off-by: Jeff Carr <jcarr@wit.com>	2024-10-10 17:31:25 -05:00
Jeff Carr	9e6f58a8f9	add farm3,4 and 5 Signed-off-by: Jeff Carr <jcarr@wit.com>	2024-10-10 17:24:57 -05:00
Jeff Carr	a4641d17f8	client seems to connect Signed-off-by: Jeff Carr <jcarr@wit.com>	2024-10-10 17:14:28 -05:00
Jeff Carr	01934e6acf	working rules for farm01 and farm02 Signed-off-by: Jeff Carr <jcarr@wit.com>	2024-10-10 16:42:59 -05:00
Jeff Carr	0b9b274d45	packaging worked finally Signed-off-by: Jeff Carr <jcarr@wit.com>	2024-10-10 16:35:49 -05:00
Jeff Carr	6399ec3c0d	make first tag Signed-off-by: Jeff Carr <jcarr@wit.com>	2024-10-10 16:16:00 -05:00