update Makefile

Signed-off-by: YZ775 <[email protected]>

Makefile

@@ -9,11 +9,7 @@ TAG ?= latest
 CFSSL_VER = 1.6.4
 CFSSL = /usr/local/bin/cfssl
 CFSSLJSON = /usr/local/bin/cfssljson
-E2E_OUTPUT=$(abspath ./e2e/output)
-E2E_CERTS = \
-	$(E2E_OUTPUT)/certs/ca.crt \
-	$(E2E_OUTPUT)/certs/server.crt\
-	$(E2E_OUTPUT)/certs/server.key.insecure
+E2E_OUTPUT=./e2e/output
 
 .PHONY: all
 all: build
@@ -40,7 +36,8 @@ test:
 	go test -race -v ./...
 
 .PHONY: e2e
-e2e: build $(E2E_CERTS)
+e2e: build
+	cd e2e/certs && ./gencerts.sh
 	RUN_E2E=1 go test -v -count=1 ./e2e
 
 .PHONY: clean
@@ -80,13 +77,11 @@ docker-build: build
 	docker build --no-cache -t $(IMAGE):$(TAG) ./docker
 	rm ./docker/sabactl ./docker/sabakan ./docker/sabakan-cryptsetup ./docker/LICENSE
 
+.PHONY: setup-cfssl
 setup-cfssl:
 	if ! [ -f $(CFSSL) -a -f $(CFSSLJSON) ]; then \
 		curl -sSLf -o cfssl https://github.com/cloudflare/cfssl/releases/download/v$(CFSSL_VER)/cfssl_$(CFSSL_VER)_linux_amd64; \
 		curl -sSLf -o cfssljson https://github.com/cloudflare/cfssl/releases/download/v$(CFSSL_VER)/cfssljson_$(CFSSL_VER)_linux_amd64; \
 		chmod +x cfssl cfssljson; \
 		$(SUDO) mv cfssl cfssljson /usr/local/bin/; \
 	fi
-
-$(E2E_CERTS): setup-cfssl
-	cd e2e/certs && ./gencerts.sh

e2e/certs/gencerts.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/sh -ex
 
 if [ "$0" != "./gencerts.sh" ]; then
   echo "must be run from 'testdata'"
@@ -14,15 +14,15 @@ mkdir -p ../output/certs/
 cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ../output/certs/ca
 mv ../output/certs/ca.pem ../output/certs/ca.crt
 if which openssl >/dev/null; then
-  openssl x509 -in ca.crt -noout -text
+  openssl x509 -in ../output/certs/ca.crt -noout -text
 fi
 
 # generate DNS: localhost, IP: 127.0.0.1, CN: example.com certificates
 cfssl gencert \
-  --ca ../output/certs//ca.crt \
-  --ca-key ../output/certs//ca-key.pem \
+  --ca ../output/certs/ca.crt \
+  --ca-key ../output/certs/ca-key.pem \
   --config ./gencert.json \
-  ./server-ca-csr.json | cfssljson --bare ../output/certs/server
+  ./server-csr.json | cfssljson --bare ../output/certs/server
 mv ../output/certs/server.pem ../output/certs/server.crt
 mv ../output/certs/server-key.pem ../output/certs/server.key.insecure
 

mtest/Makefile

@@ -60,11 +60,6 @@ PLACEMAT_DEPS = \
 	$(OUTPUT)/host3.ign \
 	$(OUTPUT)/ignitions \
 	$(IGNITIONS)/files/etc/sabakan/sabakan-tls-ca.crt
-
-CERTS = \
-	$(OUTPUT)/certs/ca.crt \
-	$(OUTPUT)/certs/server.crt\
-	$(OUTPUT)/certs/server.key.insecure
 
 .PHONY: all
 all:
@@ -113,11 +108,11 @@ $(CT):
 	curl -fsSL -o $@ https://github.com/flatcar/container-linux-config-transpiler/releases/download/v$(CT_VERSION)/ct-v$(CT_VERSION)-x86_64-unknown-linux-gnu
 	chmod +x $@
 
-$(OUTPUT)/host.ign: host-ign.yml $(CT) $(CERTS)
+$(OUTPUT)/host.ign: host-ign.yml $(CT)
 	mkdir -p $(OUTPUT)
 	$(CT) -strict -in-file=host-ign.yml --files-dir=. -pretty -out-file=$@
 
-$(OUTPUT)/host1.ign: $(OUTPUT)/host.ign 
+$(OUTPUT)/host1.ign: $(OUTPUT)/host.ign
 	sed -e 's/__BRIDGE_ADDRESS__/$(BRIDGE_ADDRESS)/' \
 		-e 's/__HOST_NAME__/host1/' \
 		-e 's/__HOST1__/$(HOST1)/' \
@@ -140,11 +135,8 @@ $(OUTPUT)/host3.ign: $(OUTPUT)/host.ign
 
 $(OUTPUT)/readnvram:
 	go build -o $@ ./readnvram/main.go
-
-$(CERTS):
-	cd ./certs && ./gencerts.sh
-
-$(IGNITIONS)/files/etc/sabakan/sabakan-tls-ca.crt: $(CERTS)
+
+$(IGNITIONS)/files/etc/sabakan/sabakan-tls-ca.crt:
 	mkdir -p $(IGNITIONS)/files/etc/sabakan
 	cp $(OUTPUT)/certs/ca.crt $(IGNITIONS)/files/etc/sabakan/sabakan-tls-ca.crt
 
@@ -154,7 +146,7 @@ test: $(TEST_DEPS)
 	./test.sh "$(TARGET)"
 
 .PHONY: placemat
-placemat: $(PLACEMAT_DEPS)
+placemat: gencerts $(PLACEMAT_DEPS) 
 	sudo rm -rf $(PLACEMAT_DATADIR)
 	sudo rm -rf $(VM_SHARED_DIR)
 	sudo systemd-run --unit=placemat.service $(PLACEMAT) $(abspath output/cluster.yml)
@@ -176,3 +168,7 @@ clean:
 setup:
 	go install github.com/onsi/ginkgo/v2/ginkgo
 	sudo make -C ../ setup-cfssl
+
+.PHONY: gencerts
+gencerts:
+	cd ./certs && ./gencerts.sh

mtest/certs/gencerts.sh

@@ -1,7 +1,29 @@
-#!/bin/sh
-mkdir -p ../output/certs
+#!/bin/sh -ex
+
+if [ "$0" != "./gencerts.sh" ]; then
+  echo "must be run from 'testdata'"
+  exit 255
+fi
+
+if ! which cfssl; then
+  echo "cfssl is not installed"
+  exit 255
+fi
+
+mkdir -p ../output/certs/
 cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ../output/certs/ca
 mv ../output/certs/ca.pem ../output/certs/ca.crt
-cfssl gencert --ca ../output/certs/ca.crt  --ca-key ../output/certs/ca-key.pem --config ./config.json  server-csr.json | cfssljson --bare ../output/certs/server
+if which openssl >/dev/null; then
+  openssl x509 -in ../output/certs/ca.crt -noout -text
+fi
+
+# generate DNS: localhost, IP: 127.0.0.1, CN: example.com certificates
+cfssl gencert \
+  --ca ../output/certs/ca.crt \
+  --ca-key ../output/certs/ca-key.pem \
+  --config ./gencert.json \
+  ./server-csr.json | cfssljson --bare ../output/certs/server
 mv ../output/certs/server.pem ../output/certs/server.crt
 mv ../output/certs/server-key.pem ../output/certs/server.key.insecure
+
+cd ../output/certs/ && rm -f *.pem *.stderr *.txt

mtest/netboot_test.go

@@ -100,7 +100,7 @@ func testNetboot() {
 				if err != nil {
 					return err
 				}
-				if string(stdout) != "active\n" {
+				if strings.TrimSpace(string(stdout)) != "active" {
 					return fmt.Errorf("sabakan-cryptsetup is not active:%s", stdout)
 				}
 				return nil