From 5d5f2c1884cb6e969a07051b11b47880f52d4b48 Mon Sep 17 00:00:00 2001 From: Travis Powell Date: Thu, 10 Jul 2025 15:48:50 -0600 Subject: [PATCH 01/10] Found that Opaal was missed in the cert update Opaal was not included in the certificate update, there is a place where opaal is used and needs the update FQDN and IP Signed-off-by: Travis Powell --- scripts/bootstrap_openchami.sh | 3 +++ scripts/openchami-certificate-update | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/scripts/bootstrap_openchami.sh b/scripts/bootstrap_openchami.sh index 1771377..7aaf8f7 100644 --- a/scripts/bootstrap_openchami.sh +++ b/scripts/bootstrap_openchami.sh @@ -28,6 +28,7 @@ generate_environment_file() { local short_name=$(hostname -s) local dns_name=$(hostname -d) local system_fqdn=$(hostname) + sed -i "s/^SYSTEM_NAME=.*/SYSTEM_NAME=${short_name}/" /etc/openchami/configs/openchami.env sed -i "s/^SYSTEM_DOMAIN=.*/SYSTEM_DOMAIN=${dns_name}/" /etc/openchami/configs/openchami.env sed -i "s/^SYSTEM_URL=.*/SYSTEM_URL=${system_fqdn}/" /etc/openchami/configs/openchami.env @@ -40,10 +41,12 @@ generate_environment_file() { acme_correction() { local system_fqdn=$(hostname) + primary_ip=$(hostname -I | awk '{print $1}') sed -i "s|-d .* \\\\|-d ${system_fqdn} \\\\|" /etc/containers/systemd/acme-deploy.container sed -i "s/^ContainerName=.*/ContainerName=${system_fqdn}/" /etc/containers/systemd/acme-register.container sed -i "s/^HostName=.*/HostName=${system_fqdn}/" /etc/containers/systemd/acme-register.container sed -i "s|-d .* \\\\|-d ${system_fqdn} \\\\|" /etc/containers/systemd/acme-register.container + sed -i "s|--add-host='demo\.openchami\.cluster:[0-9\.]*'|--add-host='${system_fqdn}:${primary_ip}'|" /etc/openchami/configs/opaal.container } # Check and create secrets with random passwords if needed diff --git a/scripts/openchami-certificate-update b/scripts/openchami-certificate-update index 7963bf9..3637a6a 100755 --- a/scripts/openchami-certificate-update +++ b/scripts/openchami-certificate-update @@ -4,6 +4,7 @@ update_dns() { local system_fqdn=$1 local short_name="${system_fqdn%%.*}" local dns_name="${system_fqdn#*.}" + local primary_ip=$(hostname -I | awk '{print $1}') # Update names in environment and acme containers sed -i "s/^SYSTEM_NAME=.*/SYSTEM_NAME=${short_name}/" /etc/openchami/configs/openchami.env @@ -18,6 +19,10 @@ update_dns() { sed -i "s/^ContainerName=.*/ContainerName=${system_fqdn}/" /etc/containers/systemd/acme-register.container sed -i "s/^HostName=.*/HostName=${system_fqdn}/" /etc/containers/systemd/acme-register.container sed -i "s|-d .* \\\\|-d ${system_fqdn} \\\\|" /etc/containers/systemd/acme-register.container + sed -i "s|--add-host='demo\.openchami\.cluster:[0-9\.]*'|--add-host='${system_fqdn}:${primary_ip}'|" /etc/openchami/configs/opaal.container + + # Reload systemD after .container changes + systemctl daemon-reload # Re-apply Certificates systemctl restart acme-deploy From 460f1a2b4e092de83189e8cbd1a9558047218e41 Mon Sep 17 00:00:00 2001 From: Travis Powell Date: Fri, 11 Jul 2025 08:33:40 -0600 Subject: [PATCH 02/10] Added openchami.target restart Signed-off-by: Travis Powell --- scripts/openchami-certificate-update | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/openchami-certificate-update b/scripts/openchami-certificate-update index 3637a6a..6332afc 100755 --- a/scripts/openchami-certificate-update +++ b/scripts/openchami-certificate-update @@ -27,6 +27,8 @@ update_dns() { # Re-apply Certificates systemctl restart acme-deploy systemctl restart haproxy + + systemctl restart openchami.target } help_page() { From 03abc7c3f0b303adb58bbd63d202b77c3d7a2c21 Mon Sep 17 00:00:00 2001 From: Travis Powell Date: Fri, 11 Jul 2025 08:37:30 -0600 Subject: [PATCH 03/10] Comment above openchami.target Signed-off-by: Travis Powell --- scripts/openchami-certificate-update | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/openchami-certificate-update b/scripts/openchami-certificate-update index 6332afc..8206190 100755 --- a/scripts/openchami-certificate-update +++ b/scripts/openchami-certificate-update @@ -28,6 +28,7 @@ update_dns() { systemctl restart acme-deploy systemctl restart haproxy + # Restart OpenCHAMI target to ensure all certificates are updated systemctl restart openchami.target } From a945b6bdc6f4c33df8421d19160fd6b1694c905e Mon Sep 17 00:00:00 2001 From: Travis Powell Date: Fri, 11 Jul 2025 08:40:31 -0600 Subject: [PATCH 04/10] Opaal sed path update Updated the path to the opaal.container file, was pointed at openchami/config instad of containers/systemd Signed-off-by: Travis Powell --- scripts/openchami-certificate-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/openchami-certificate-update b/scripts/openchami-certificate-update index 8206190..58fd412 100755 --- a/scripts/openchami-certificate-update +++ b/scripts/openchami-certificate-update @@ -19,7 +19,7 @@ update_dns() { sed -i "s/^ContainerName=.*/ContainerName=${system_fqdn}/" /etc/containers/systemd/acme-register.container sed -i "s/^HostName=.*/HostName=${system_fqdn}/" /etc/containers/systemd/acme-register.container sed -i "s|-d .* \\\\|-d ${system_fqdn} \\\\|" /etc/containers/systemd/acme-register.container - sed -i "s|--add-host='demo\.openchami\.cluster:[0-9\.]*'|--add-host='${system_fqdn}:${primary_ip}'|" /etc/openchami/configs/opaal.container + sed -i "s|--add-host='demo\.openchami\.cluster:[0-9\.]*'|--add-host='${system_fqdn}:${primary_ip}'|" /etc/containers/systemd/opaal.container # Reload systemD after .container changes systemctl daemon-reload From 2cd236e15c813fd3084a53c70248a6d2e09bc1d5 Mon Sep 17 00:00:00 2001 From: Travis Powell Date: Fri, 11 Jul 2025 10:05:10 -0600 Subject: [PATCH 05/10] Opaal bootstrap update Signed-off-by: Travis Powell --- scripts/bootstrap_openchami.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/bootstrap_openchami.sh b/scripts/bootstrap_openchami.sh index 7aaf8f7..4a854f6 100644 --- a/scripts/bootstrap_openchami.sh +++ b/scripts/bootstrap_openchami.sh @@ -46,7 +46,7 @@ acme_correction() { sed -i "s/^ContainerName=.*/ContainerName=${system_fqdn}/" /etc/containers/systemd/acme-register.container sed -i "s/^HostName=.*/HostName=${system_fqdn}/" /etc/containers/systemd/acme-register.container sed -i "s|-d .* \\\\|-d ${system_fqdn} \\\\|" /etc/containers/systemd/acme-register.container - sed -i "s|--add-host='demo\.openchami\.cluster:[0-9\.]*'|--add-host='${system_fqdn}:${primary_ip}'|" /etc/openchami/configs/opaal.container + sed -i "s|--add-host='demo\.openchami\.cluster:[0-9\.]*'|--add-host='${system_fqdn}:${primary_ip}'|" /etc/containers/systemd/opaal.container } # Check and create secrets with random passwords if needed From 47e2c07c5d43642f1f8e27240b9dabd350c25c89 Mon Sep 17 00:00:00 2001 From: Travis Powell Date: Fri, 11 Jul 2025 11:57:22 -0600 Subject: [PATCH 06/10] Force Build to Pass before merge allow Signed-off-by: Travis Powell --- .github/workflows/build-pull.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-pull.yaml b/.github/workflows/build-pull.yaml index cdcfe2d..0650eb9 100644 --- a/.github/workflows/build-pull.yaml +++ b/.github/workflows/build-pull.yaml @@ -8,7 +8,7 @@ on: inputs: release_tag: description: 'Test Build the RPM in pull request.' - required: false + required: true default: '' permissions: From 89e44ef5be20ee341c5dc1e9081043691e4de5ad Mon Sep 17 00:00:00 2001 From: Travis Powell Date: Tue, 15 Jul 2025 09:12:48 -0600 Subject: [PATCH 07/10] Requested Changes. Signed-off-by: Travis Powell --- .github/workflows/build-pull.yaml | 2 +- scripts/openchami-certificate-update | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/build-pull.yaml b/.github/workflows/build-pull.yaml index 0650eb9..cdcfe2d 100644 --- a/.github/workflows/build-pull.yaml +++ b/.github/workflows/build-pull.yaml @@ -8,7 +8,7 @@ on: inputs: release_tag: description: 'Test Build the RPM in pull request.' - required: true + required: false default: '' permissions: diff --git a/scripts/openchami-certificate-update b/scripts/openchami-certificate-update index 58fd412..29f9aee 100755 --- a/scripts/openchami-certificate-update +++ b/scripts/openchami-certificate-update @@ -26,7 +26,6 @@ update_dns() { # Re-apply Certificates systemctl restart acme-deploy - systemctl restart haproxy # Restart OpenCHAMI target to ensure all certificates are updated systemctl restart openchami.target From 35864df9931179babb9c779d10c9533e1d092718 Mon Sep 17 00:00:00 2001 From: Travis Powell Date: Tue, 15 Jul 2025 09:46:14 -0600 Subject: [PATCH 08/10] * update Signed-off-by: Travis Powell --- scripts/openchami-certificate-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/openchami-certificate-update b/scripts/openchami-certificate-update index 29f9aee..8bff14b 100755 --- a/scripts/openchami-certificate-update +++ b/scripts/openchami-certificate-update @@ -19,7 +19,7 @@ update_dns() { sed -i "s/^ContainerName=.*/ContainerName=${system_fqdn}/" /etc/containers/systemd/acme-register.container sed -i "s/^HostName=.*/HostName=${system_fqdn}/" /etc/containers/systemd/acme-register.container sed -i "s|-d .* \\\\|-d ${system_fqdn} \\\\|" /etc/containers/systemd/acme-register.container - sed -i "s|--add-host='demo\.openchami\.cluster:[0-9\.]*'|--add-host='${system_fqdn}:${primary_ip}'|" /etc/containers/systemd/opaal.container + sed -i "s|--add-host='.*|--add-host='${system_fqdn}:${primary_ip}'|" /etc/containers/systemd/opaal.container # Reload systemD after .container changes systemctl daemon-reload From e5f7576d6210bb327168cdf8d453766014beadfe Mon Sep 17 00:00:00 2001 From: Travis Powell Date: Wed, 16 Jul 2025 16:04:52 -0600 Subject: [PATCH 09/10] Changed indentaions and help page Signed-off-by: Travis Powell --- scripts/openchami-certificate-update | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/scripts/openchami-certificate-update b/scripts/openchami-certificate-update index 8bff14b..b4593a2 100755 --- a/scripts/openchami-certificate-update +++ b/scripts/openchami-certificate-update @@ -33,7 +33,11 @@ update_dns() { help_page() { echo "OpenCHAMI Certificate Update" - echo "Usage: $0 update (dns name) ex. demo.openchami.cluster" + echo "Update OpenCHAMI Certificates" + echo "Usage: $0 update FQDN" + echo + echo "EXAMPLES:" + echo " $0 update demo.openchami.cluster" } case "$1" in @@ -50,7 +54,7 @@ case "$1" in fi ;; *) - help_page - exit 1 + help_page + exit 1 ;; esac \ No newline at end of file From 2fa8f42343b1af39e58743059b483c93aa6a5658 Mon Sep 17 00:00:00 2001 From: Travis Powell Date: Wed, 16 Jul 2025 16:06:31 -0600 Subject: [PATCH 10/10] Updated restart to have user restart Signed-off-by: Travis Powell --- scripts/openchami-certificate-update | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/scripts/openchami-certificate-update b/scripts/openchami-certificate-update index b4593a2..06d3caa 100755 --- a/scripts/openchami-certificate-update +++ b/scripts/openchami-certificate-update @@ -24,11 +24,15 @@ update_dns() { # Reload systemD after .container changes systemctl daemon-reload - # Re-apply Certificates - systemctl restart acme-deploy - - # Restart OpenCHAMI target to ensure all certificates are updated - systemctl restart openchami.target + echo "Changed FQDN to ${1}" + echo 'Either restart all of the OpenCHAMI services:' + echo + echo ' sudo systemctl restart openchami.target' + echo + echo 'or run the following to just regenerate/redeploy the certificates:' + echo + echo ' sudo systemctl restart acme-deploy' + echo } help_page() {