Configuring HTTPS security for OpenStack clouds

#!/bin/bash

while getopts "s:p:l:h" opt; do
  case $opt in
    s)
      DOMAIN_NAME=$OPTARG
      ;;
    p)
      PORT=$OPTARG
      ;;
    l)
      UCD_P_HOME=$OPTARG
      ;;
    h)
      echo "Usage: ./import_os_cert.sh -s <OpenStack_HOSTNAME> -p <PORT> -l <UCDP_INSTALLED_PATH>"
      exit 0
      ;;
    \?)
      echo "Invalid option: -$OPTARG" >&2
      exit 1
      ;;
    :)
      echo "Option -$OPTARG requires an argument." >&2
      exit 1
      ;;
  esac
done

if [ -z "$DOMAIN_NAME" ]; then
    echo "Please set the OpenStack hostanme"
    exit 1
fi

if [ -z "$PORT" ]; then
    echo "Please set the OpenStack port"
    exit 1
fi

if [ -z "$UCD_P_HOME" ]; then
    echo "Please set the UCDP Installed Directory"
    exit 1
fi


# Retrieve the certificate from the remote service
openssl s_client -connect $DOMAIN_NAME:$PORT -showcerts </dev/null\
 2>/dev/null | openssl x509 -outform PEM | tee ~/$DOMAIN_NAME.crt

# Import the certificate into the JRE trust store.
cd $UCD_P_HOME/java/jre
./bin/keytool -import -trustcacerts -keystore ./lib/security/cacerts -storepass changeit\
 -noprompt -alias $DOMAIN_NAME -file ~/$DOMAIN_NAME.crt

# Verify that the certificate was imported correctly.
./bin/keytool -list -trustcacerts -keystore ./lib/security/cacerts\
 -storepass changeit | grep $DOMAIN_NAME

# Restart the service.
# $UCD_P_HOME/bin/server stop
# $UCD_P_HOME/bin/server start

./script_name.sh -s OpenStack_host -p port_number -l blueprint_desiger_directory

script_name

The name of the script that you created.

port_number

The OpenStack communication port number.

OpenStack_host

The host name of the OpenStack server that contains the key.

blueprint_desiger_directory

The name of the folder the blueprint designer is installed in. By default, the value of blueprint_desiger_directory is /opt/ibm-ucd-patterns.