pandeybk · October 7, 2024 01:59 · Oct 7, 2024 · Oct 7, 2024 · Oct 7, 2024 · Oct 4, 2024
diff --git a/Installquay → Installquay.md b/Installquay → Installquay.md
diff --git a/Installquay b/Installquay
@@ -0,0 +1 @@
+https://gist.github.com/ashisha2307/d981691b2250385d219f1642c3053add
diff --git a/update_quay_cert.sh b/update_quay_cert.sh
@@ -1,11 +1,11 @@
 #!/bin/bash
 
 # Set the root install path
-QUAY_INSTALL_PATH="/mirror-registry"
+QUAY_INSTALL_PATH="/mirror-registry/quay-config"
 
 # Derived paths from QUAY_INSTALL_PATH
 QUAY_CONFIG_PATH="$QUAY_INSTALL_PATH/quay-config"
-CA_DIR="$QUAY_CONFIG_PATH/quay-rootCA"
+CA_DIR="$QUAY_INSTALL_PATH/quay-rootCA"
 SSL_CERT="$QUAY_CONFIG_PATH/ssl.cert"
 SSL_KEY="$QUAY_CONFIG_PATH/ssl.key"
 SSL_CSR="$QUAY_CONFIG_PATH/ssl.csr"
@@ -39,7 +39,7 @@ stateOrProvinceName = VA
 localityName = New York
 organizationName = Quay
 organizationalUnitName = Division
-commonName = node2.bpan156.dfw.ocp.run
+commonName = 192.168.7.52
 
 [ v3_ca ]
 subjectKeyIdentifier = hash
@@ -70,17 +70,16 @@ stateOrProvinceName = VA
 localityName = New York
 organizationName = Quay
 organizationalUnitName = Division
-commonName = node2.bpan156.dfw.ocp.run
+commonName = 192.168.7.52
 
 [ v3_req ]
 basicConstraints = CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 subjectAltName = @alt_names
 
 [ alt_names ]
-DNS.1 = node2.bpan156.dfw.ocp.run
-DNS.2 = node3.bpan156.dfw.ocp.run
-# IP.1 = 192.168.156.102
+DNS.1 = quay-registry
+IP.1 = 192.168.7.52
 # IP.2 = 192.168.1.11
 EOL
 
@@ -108,4 +107,4 @@ chown 1001:1001 $SSL_CERT $SSL_KEY
 echo "Starting quay-app.service..."
 systemctl start quay-app.service
 
-echo "Process completed. New certificate has been installed and Quay service restarted."
+echo "Process completed. New certificate has been installed and Quay service restarted."
diff --git a/update_quay_cert.sh b/update_quay_cert.sh
@@ -80,8 +80,8 @@ subjectAltName = @alt_names
 [ alt_names ]
 DNS.1 = node2.bpan156.dfw.ocp.run
 DNS.2 = node3.bpan156.dfw.ocp.run
-IP.1 = 192.168.1.10
-IP.2 = 192.168.1.11
+# IP.1 = 192.168.156.102
+# IP.2 = 192.168.1.11
 EOL
 
 # Generate CSR (Certificate Signing Request)

diff --git a/update_quay_cert.sh b/update_quay_cert.sh
@@ -0,0 +1,111 @@
+#!/bin/bash
+
+# Set the root install path
+QUAY_INSTALL_PATH="/mirror-registry"
+
+# Derived paths from QUAY_INSTALL_PATH
+QUAY_CONFIG_PATH="$QUAY_INSTALL_PATH/quay-config"
+CA_DIR="$QUAY_CONFIG_PATH/quay-rootCA"
+SSL_CERT="$QUAY_CONFIG_PATH/ssl.cert"
+SSL_KEY="$QUAY_CONFIG_PATH/ssl.key"
+SSL_CSR="$QUAY_CONFIG_PATH/ssl.csr"
+OPENSSL_CNF="$QUAY_CONFIG_PATH/openssl.cnf"
+TIMESTAMP=$(date +%Y%m%d%H%M%S)
+
+# Stop Quay service
+echo "Stopping quay-app.service..."
+systemctl stop quay-app.service
+
+# Backup current SSL certificate and key with timestamp
+echo "Backing up SSL certificate and key..."
+cp -f $SSL_CERT "${SSL_CERT}.${TIMESTAMP}.bak"
+cp -f $SSL_KEY "${SSL_KEY}.${TIMESTAMP}.bak"
+
+# Backup existing root CA certificate and key with timestamp
+echo "Backing up Root CA certificate and key..."
+cp -f $CA_DIR/rootCA.pem "$CA_DIR/rootCA.pem.${TIMESTAMP}.bak"
+cp -f $CA_DIR/rootCA.key "$CA_DIR/rootCA.key.${TIMESTAMP}.bak"
+
+# Create openssl.cnf file for the Root CA configuration
+cat > $CA_DIR/rootCA_openssl.cnf <<EOL
+[ req ]
+distinguished_name = req_distinguished_name
+x509_extensions = v3_ca
+prompt = no
+
+[ req_distinguished_name ]
+countryName = US
+stateOrProvinceName = VA
+localityName = New York
+organizationName = Quay
+organizationalUnitName = Division
+commonName = node2.bpan156.dfw.ocp.run
+
+[ v3_ca ]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+EOL
+
+# Generate new Root CA
+echo "Generating new Root CA..."
+openssl genrsa -out $CA_DIR/rootCA.key 2048
+openssl req -x509 -new -nodes -key $CA_DIR/rootCA.key -sha256 -days 1024 -out $CA_DIR/rootCA.pem -config $CA_DIR/rootCA_openssl.cnf
+
+# Generate new SSL key
+echo "Generating new SSL key..."
+openssl genrsa -out $SSL_KEY 2048
+
+# Create openssl.cnf file with configuration for the server certificate
+cat > $OPENSSL_CNF <<EOL
+[ req ]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+prompt = no
+
+[ req_distinguished_name ]
+countryName = US
+stateOrProvinceName = VA
+localityName = New York
+organizationName = Quay
+organizationalUnitName = Division
+commonName = node2.bpan156.dfw.ocp.run
+
+[ v3_req ]
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS.1 = node2.bpan156.dfw.ocp.run
+DNS.2 = node3.bpan156.dfw.ocp.run
+IP.1 = 192.168.1.10
+IP.2 = 192.168.1.11
+EOL
+
+# Generate CSR (Certificate Signing Request)
+echo "Generating CSR..."
+openssl req -new -key $SSL_KEY -out $SSL_CSR -reqexts v3_req -config $OPENSSL_CNF
+
+# Review the CSR to ensure the details are correct
+echo "Reviewing CSR..."
+openssl req -in $SSL_CSR -noout -text
+
+# Sign the CSR with the Root CA to create the certificate
+echo "Signing CSR to generate SSL certificate..."
+openssl x509 -req -in $SSL_CSR -CA $CA_DIR/rootCA.pem -CAkey $CA_DIR/rootCA.key -CAcreateserial -out $SSL_CERT -days 730 -extensions v3_req -extfile $OPENSSL_CNF
+
+# Verify the new SSL certificate
+echo "Verifying the new SSL certificate..."
+openssl x509 -in $SSL_CERT -noout -text
+
+# Set the correct ownership for the new certificate and key
+echo "Setting ownership for the new SSL certificate and key..."
+chown 1001:1001 $SSL_CERT $SSL_KEY
+
+# Restart Quay service
+echo "Starting quay-app.service..."
+systemctl start quay-app.service
+
+echo "Process completed. New certificate has been installed and Quay service restarted."
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		https://gist.github.com/ashisha2307/d981691b2250385d219f1642c3053add
No results found