4
0
Fork 2
mirror of https://gerrit.hackerspace.pl/hscloud synced 2024-10-15 07:17:44 +00:00

*: k0.hswaw.net somewhat working

This commit is contained in:
q3k 2019-01-13 21:14:02 +01:00
parent f2a812b9fd
commit de061801db
24 changed files with 811 additions and 482 deletions

13
README Normal file
View file

@ -0,0 +1,13 @@
HSCloud
=======
This is a monorepo. You'll need bash and Bazel 0.20.0+ to use it.
Getting started
---------------
cd hscloud
. env.sh # setup PATH and hscloud_root
tools/install.sh # build tools
kubectl version

View file

@ -1,3 +1,25 @@
# Python rules
load("@bazel_tools//tools/build_defs/repo:git.bzl", "git_repository")
git_repository(
name = "io_bazel_rules_python",
remote = "https://github.com/bazelbuild/rules_python.git",
commit = "ebd7adcbcafcc8abe3fd8e5b0e42e10ced1bfe27",
)
# Python dependencies
load("@io_bazel_rules_python//python:pip.bzl", "pip_import")
pip_import(
name = "py_deps",
requirements = "//:requirements.txt",
)
load("@py_deps//:requirements.bzl", "pip_install")
pip_install()
# Go rules
http_archive(

20
cluster/README Normal file
View file

@ -0,0 +1,20 @@
HSCloud Clusters
================
Current cluster: `k0.hswaw.net`
Accessing via kubectl
---------------------
There isn't yet a service for getting short-term user certificates. Instead, you'll have to get admin certificates:
clustercfg admincreds $(whoami)-admin
kubectl get nodes
Provisioning nodes
------------------
- bring up a new node with nixos, running the configuration.nix from bootstrap (to be documented)
- `clustercfg nodestrap bc01nXX.hswaw.net`
That's it!

View file

@ -1,34 +1,34 @@
-----BEGIN CERTIFICATE-----
MIIF+jCCA+KgAwIBAgIJAIDxP85du/ccMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD
MIIF7zCCA9egAwIBAgIJAIDxP85du/cjMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD
VQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNraWUxETAPBgNVBAcMCFdhcnN6YXdh
MS4wLAYDVQQKDCVTdG93YXJ6eXN6ZW5pZSBXYXJzemF3c2tpIEhhY2tlcnNwYWNl
MRAwDgYDVQQLDAdoc2Nsb3VkMRowGAYDVQQDDBFCb290c3RyYXAgTm9kZSBDQTEh
MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzAzMzA1
OFoXDTE5MDIxMjAzMzA1OFowgZ4xCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv
d2llY2tpZTEUMBIGA1UEBwwLTWF6b3dpZWNraWUxFTATBgNVBAoMDHN5c3RlbTpu
b2RlczEkMCIGA1UECwwbS3ViZXJuZXRlcyBOb2RlIENlcnRpZmljYXRlMSYwJAYD
VQQDDB1zeXN0ZW06bm9kZTpiYzAxbjAxLmhzd2F3Lm5ldDCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAMmgCuw8NEbYDPAYxT+3RXKnr8tpKFam0UTIPEO5
PZ63gEJHm5pdhlDbojKfNzWiSliUQ3qtxeFZfA5NLkdhwJesBPXOUcZkzNGIBces
nmetfN2sakbUwTucCTjVDq5gAXQ5wlHGjMI7G9iddjF1DmvE+s2ewtCOa6nR1v7b
Ltx7gmuxorq5FtWTnzeTLz+35savmz+5gQ4hTgEDVyne/BCJ+DeVynawgJ8LGGbg
zpiyoQE3Fl0Aqy96J1uUOhpJ1r4XVv4H1vzmJclRJjx/m6QsJy9VPKUX382dQVgD
98eVokg+BusblxW4+mY/WNv5a7N2L7h4ek4s2ocyVjUKBo67vipd0EbES0mHSOJe
zwYU8lQ5QIRsnJkUocGcwGDZ4eLijdYDz++SqBsqwbziprpSw+m3Wyl0F6BCYLvH
5l9tsMC569jEhQUZ64+NoN4dls6URO4IdtX4ZSONeydaxIfd51CVPyIviT0jlCto
Ii3AkSbsNBZDR16T7e6b6zPaPEBnk1g1SbcVbGi1gIPyrU788m+QbDUo/E8m2WzQ
ou9DlMgMEXJg3QMHJwqUiazNxL3OTSiw0p5d6cXzRA1+21l8TdGfzgnefSDapbBG
RN5WjzW6Vx2lrEcG2Novf3Hlk4/rrHTc8/Sh4pdnGO2R3JWqG/UqbMForp8emuMk
l6MBAgMBAAGjIDAeMBwGA1UdEQQVMBOCEWJjMDFuMDEuaHN3YXcubmV0MA0GCSqG
SIb3DQEBCwUAA4ICAQA/ASwzUfjy0rQKbt2a3aheYLwF6ZUpuI6GSTElXiNfPSyh
XpN6hWkrAetk2ReCxMHuvbNA2Bt6poKUURKOtfJGf1//a2qWeJTMwx3ALSJOrzfF
18RIJK8zOkgr3LjjbqFQbeT/yAxyhTx5nOfbQA/dOfo2vOBb+4lrhGFheO4VvOQq
1bcWWTE7rdQBhcIh3dYawKAE4UHHUPCOAPjbLyrAnvZCQXZXgAitExhue+l13rFZ
ko0T8Il6rAf7eUWjJPfnBJHKGh2YXL2O3YgcJnPQs9EzmJKCjsaTEjA70sB/A4yY
lc6ZeATT0iwnKcJYkRsu4gX8VwG9yYDk3vNUGorStdiqKFCGwHuTqmj0ArITNMLe
Mo8FBeB3YzCd354roHATfWwRGMmu1xzZmOC/Yi8XGQwDYBmkKguEAayuqJnYiAVd
H3tf5Xytj0LVWcWy2kb5Xl131JQe1cMb4Do9fvYM5H2e39bZorq7z6QjKK8IKdWU
Q48ExHJ0HBclu34DE1orljxkD3seE7xziWgO2WfEYShaQgrl9U0VJBWQqnGvFj3c
lCx8ZbDGZAhhvfYM5E+R16LPDZ3L9vt0ea/Lmhzg23GFQmfsD6fsw3CJPHOir5UC
tSzRY23cl2Fc1FDnH9CXgBwEFIAjm4oJSkbEcXUvkDwqlWghvFue+uv/TvtkUg==
MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzE5MzMx
N1oXDTIwMDExMzE5MzMxN1owgZMxCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv
d2llY2tpZTERMA8GA1UEBwwIV2Fyc3phd2ExFTATBgNVBAoMDHN5c3RlbTpub2Rl
czEcMBoGA1UECwwTS3ViZWxldCBDZXJ0aWZpY2F0ZTEmMCQGA1UEAwwdc3lzdGVt
Om5vZGU6YmMwMW4wMS5oc3dhdy5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQDJoArsPDRG2AzwGMU/t0Vyp6/LaShWptFEyDxDuT2et4BCR5uaXYZQ
26Iynzc1okpYlEN6rcXhWXwOTS5HYcCXrAT1zlHGZMzRiAXHrJ5nrXzdrGpG1ME7
nAk41Q6uYAF0OcJRxozCOxvYnXYxdQ5rxPrNnsLQjmup0db+2y7ce4JrsaK6uRbV
k583ky8/t+bGr5s/uYEOIU4BA1cp3vwQifg3lcp2sICfCxhm4M6YsqEBNxZdAKsv
eidblDoaSda+F1b+B9b85iXJUSY8f5ukLCcvVTylF9/NnUFYA/fHlaJIPgbrG5cV
uPpmP1jb+Wuzdi+4eHpOLNqHMlY1CgaOu74qXdBGxEtJh0jiXs8GFPJUOUCEbJyZ
FKHBnMBg2eHi4o3WA8/vkqgbKsG84qa6UsPpt1spdBegQmC7x+ZfbbDAuevYxIUF
GeuPjaDeHZbOlETuCHbV+GUjjXsnWsSH3edQlT8iL4k9I5QraCItwJEm7DQWQ0de
k+3um+sz2jxAZ5NYNUm3FWxotYCD8q1O/PJvkGw1KPxPJtls0KLvQ5TIDBFyYN0D
BycKlImszcS9zk0osNKeXenF80QNfttZfE3Rn84J3n0g2qWwRkTeVo81ulcdpaxH
BtjaL39x5ZOP66x03PP0oeKXZxjtkdyVqhv1KmzBaK6fHprjJJejAQIDAQABoyAw
HjAcBgNVHREEFTATghFiYzAxbjAxLmhzd2F3Lm5ldDANBgkqhkiG9w0BAQsFAAOC
AgEAKwZ2WM69J2U/fnzTlxEs9kULkxYXgHnw6WZmY/RXyIX3tCjgUSisH+binuDB
5GplGOhXg2NjlcBio7Lkwb6jJobs6kr1f1OR0EbEHo52JUbjH7m/33R7+6QuR/ps
IW9zd+VnXvYtJ7lrI3/mlzXOMCiXfNI7sQAXob04T8WVsVrDLpg5wDUKwtLLJSf1
MzUCFyFZOtCqB+5MKsl2jBiCXWUj9vFgpx5dS2/cMjw0cXZcbcbz9ZP68PXdwvoW
Vt+wBQEhmbIhx5Z1jZsH/fnor4rsK7CS9jp4zGCWHiphk/rzL5VsJvVCuIbuuoek
4lMNYZnpeccUkGFJtizMiiAcrN9xeNm3s75qmBah6ZGjSWZXgwESA3+5+pzE2ptR
Q6MP1IjzMauyGacUBDU9HfBqc2cAeKyq+CoabuA0lrxt1jYHlnFhkPN6kDS1TQgv
eMeFkuPhfFnAeWB3SPbXfJthCDqv66ApTKAMMb51HvbqZCAR8qUJkOz+ZkvxhIxv
1SmZOxrQn1lejLGvDox8Sp7b7+h0ZWxc9n3hTnHMd/tT8ZptzsVH+7DCZH1oHPzn
0dhhr2ZaQ3vN5L/MEK1L2uF4FggYFKEJWohG1rZH/hlBQhUEudLIeZOSFbyXaCES
fgeaGmZ/gC1mLuCw+Hfc8VrWXhkq/QaP9dzyHBnih8bfdIw=
-----END CERTIFICATE-----

View file

@ -1,34 +1,34 @@
-----BEGIN CERTIFICATE-----
MIIF3zCCA8cCCQCA8T/OXbv3GDANBgkqhkiG9w0BAQsFADCBtzELMAkGA1UEBhMC
UEwxFDASBgNVBAgMC01hem93aWVja2llMREwDwYDVQQHDAhXYXJzemF3YTEuMCwG
A1UECgwlU3Rvd2FyenlzemVuaWUgV2Fyc3phd3NraSBIYWNrZXJzcGFjZTEQMA4G
A1UECwwHaHNjbG91ZDEaMBgGA1UEAwwRQm9vdHN0cmFwIE5vZGUgQ0ExITAfBgkq
hkiG9w0BCQEWEnEza0BoYWNrZXJzcGFjZS5wbDAeFw0xOTAxMTMwMzIxNDNaFw0x
OTAyMTIwMzIxNDNaMIGqMQswCQYDVQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNr
aWUxFDASBgNVBAcMC01hem93aWVja2llMS4wLAYDVQQKDCVTdG93YXJ6eXN6ZW5p
ZSBXYXJzemF3c2tpIEhhY2tlcnNwYWNlMSMwIQYDVQQLDBpOb2RlIEJvb3RzdHJh
cCBDZXJ0aWZpY2F0ZTEaMBgGA1UEAwwRYmMwMW4wMS5oc3dhdy5uZXQwggIiMA0G
CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCu96QoKSTxlA1mlckkXR5DhANlACOG
aE/z/6Wxi/2pGYV0jBeml6OCKscuA4dVOuCnpgb3NDtN1q5pYyRw6v7vm2SVjwZI
3i6jF2KHYT/2AShohjvQCiCCxVlejBYIZGt1cFL1r7pTm9DAGCcV2rVJOtbtrUpt
10UMGHRw3IRZWjbYdjxuq08AzyRVXiEUGD72OogXW2FGoltY8VXeItlPdib43UTy
81UrYLzVuV3WzfuUSuE8bFi8FA8SHDtcVqwq3xbwH1KCk9C9Z0XroErhjq00Iu6O
Jp6sVBUH7FL81w9feffZtX79i8MbyDFRvItEePBInaxxq5oi7BbRsuvZmSbK7Cou
hOKhFeyyxj6HJChvp23DSsR7uhX3XLLlIokCA23bYo2MK+gHkxTfLdAbNfdeF12n
8tM7ZFMQ6WY35mVl9wSixpTNxqUtfFhJ88GUYiN5vgVPf/fr2mtJ8X5LQpweTfAL
RCRUFHU16sOJsWqBgztR8JXixfRrVoPQ1+0HftagyMmbjTe++b4wHhgBEeHn/m7e
vm6YqUTDgCFXCoMxiQ0hyvieqoqZbGaD7jjPGCbQwtyiEmqmkc+9wIMa+aFJFOTH
uylIN9mmbAgD10QWRnGXl0ebY3deRc1a168tLGxq92Qwev4FLb+efP04HM3au5Ar
WvrBXI1+0t9HCwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQBRHblAlrD0nJQf3pHO
H/HmEf2Io6CWx83+hvtsLy7W0VT639JA2DvsIe3qfk4XSMpfLJwszRWbEcxqsqH8
Tb5599KLFQ4LuFkfYb2qh6Aqg9Rra4tOLkHGb/RZz2kYzJfNr5fNFMhloXDI4qKw
Ztc5ZO/jq5CUh4taspx/Z1oeHCP4/3Olg+mPtcTMmj835CcoffbKaTKHTuNWIT95
dWwOMeZ3gMaggDolfSBdZWxUUXJZkwxIcM0VHasgb6OdBldpS3JsbSUV5oIYoD6I
HBNN30Uqj+L4XhblhN6wEdCBgkkx5jMgBl3bfAyTz22Od9dKFU9omDb/Hg7+Cbqg
b53LgR+jACecVz9DNfTu4eHRuKKF7jFMi0DVLLUd7EcsGRj8zXPd+hrTTRjPcZZ3
I5KokoZDhpctU/eapE7tTHjrKgdtvp6EDgfzaC0rbt1ut7vokGWNWhQ0IFCBIQZv
xtTqyhVpV2cS3H47fm/vPXJhoiLs2DfxVa2n2LSx75aC24HXDCVCDtT+Rf6+QH3h
7sZ7OI80aAlXUa3TiZocOGCvOKr4GAVJ68Kpim8Rn4qgIA4wPqUXcdtVjy633BoK
txAaM4LN3SSb1RwmgZx3hm5mLvJ194LSEUPsVe60N65jcSkKAbKOkSyScRODu7Pb
gy6l4a49WUmiJlse+3SRGodNww==
MIIF1zCCA7+gAwIBAgIJAIDxP85du/ciMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD
VQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNraWUxETAPBgNVBAcMCFdhcnN6YXdh
MS4wLAYDVQQKDCVTdG93YXJ6eXN6ZW5pZSBXYXJzemF3c2tpIEhhY2tlcnNwYWNl
MRAwDgYDVQQLDAdoc2Nsb3VkMRowGAYDVQQDDBFCb290c3RyYXAgTm9kZSBDQTEh
MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzE5MzMx
NFoXDTIwMDExMzE5MzMxNFowgZ0xCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv
d2llY2tpZTERMA8GA1UEBwwIV2Fyc3phd2ExLjAsBgNVBAoMJVN0b3dhcnp5c3pl
bmllIFdhcnN6YXdza2kgSGFja2Vyc3BhY2UxGTAXBgNVBAsMEE5vZGUgQ2VydGlm
aWNhdGUxGjAYBgNVBAMMEWJjMDFuMDEuaHN3YXcubmV0MIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEArvekKCkk8ZQNZpXJJF0eQ4QDZQAjhmhP8/+lsYv9
qRmFdIwXppejgirHLgOHVTrgp6YG9zQ7TdauaWMkcOr+75tklY8GSN4uoxdih2E/
9gEoaIY70AoggsVZXowWCGRrdXBS9a+6U5vQwBgnFdq1STrW7a1KbddFDBh0cNyE
WVo22HY8bqtPAM8kVV4hFBg+9jqIF1thRqJbWPFV3iLZT3Ym+N1E8vNVK2C81bld
1s37lErhPGxYvBQPEhw7XFasKt8W8B9SgpPQvWdF66BK4Y6tNCLujiaerFQVB+xS
/NcPX3n32bV+/YvDG8gxUbyLRHjwSJ2scauaIuwW0bLr2ZkmyuwqLoTioRXsssY+
hyQob6dtw0rEe7oV91yy5SKJAgNt22KNjCvoB5MU3y3QGzX3Xhddp/LTO2RTEOlm
N+ZlZfcEosaUzcalLXxYSfPBlGIjeb4FT3/369prSfF+S0KcHk3wC0QkVBR1NerD
ibFqgYM7UfCV4sX0a1aD0NftB37WoMjJm403vvm+MB4YARHh5/5u3r5umKlEw4Ah
VwqDMYkNIcr4nqqKmWxmg+44zxgm0MLcohJqppHPvcCDGvmhSRTkx7spSDfZpmwI
A9dEFkZxl5dHm2N3XkXNWtevLSxsavdkMHr+BS2/nnz9OBzN2ruQK1r6wVyNftLf
RwsCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAQ/3C8fhbgAI6Kd3qh1GNJHC8aEdf
x4iAvuVk9xN5C2UeFK3aHPXNAM0INJiTBhgA38fCra/dzw4cS3P9X5eWrt6uQk4x
mHFty2cNcxGdu8VyGheRFxosTlciwBe+2WjrPHlCaqssaskzocCXpXVNxB4y5Bax
aeb2mruB2IpleAWQeUUvqg56cu8i8Uu9nVwCVB+2VmShWYb2Wx8Yh1mpX+w325Lk
2autcjhHjuv5OqKvACgcNf7sokhgyJs7VlUJ2eg1yswZGxHeKVjEMSidpZyESNLg
0rz18/M1tQt2LAQIFCsN3DFJInwyZty79CvE1MYM6kDILgNVhAovlowjy0P2MGV4
WUrfa4JxIwQ4RXjSJqUsGF9XT6QOTW/yp3VgsIOHR5K8fGdcqjL3mweuU/zxClpL
k6dkS+/DLxM4j8rsAa16xTnFG17cenpVqMsST9fjsQSRUV3HLWOOrVQ4P5ax390T
cXoU8Ptdn70F3LG3rXaQaMryn+T6qZYO/FSLwMjWYfYcFM1RHldxuaBcfl8kCyd1
dSqc8zU/kYj6QH3Y1nXJFdluj3UUhkQvkeAd3JRqF+zug+KskWKu2l0w7o19f4rw
bOBwfxFoQXns4K2rQ+u1wR+EZdNMWDETD/F7R3ZvNmEIbpMAwWx1t1AIm7rT5fQT
wxsWLBWehpRMa5o=
-----END CERTIFICATE-----

View file

@ -1,34 +1,34 @@
-----BEGIN CERTIFICATE-----
MIIF+jCCA+KgAwIBAgIJAIDxP85du/cdMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD
MIIF7zCCA9egAwIBAgIJAIDxP85du/cqMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD
VQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNraWUxETAPBgNVBAcMCFdhcnN6YXdh
MS4wLAYDVQQKDCVTdG93YXJ6eXN6ZW5pZSBXYXJzemF3c2tpIEhhY2tlcnNwYWNl
MRAwDgYDVQQLDAdoc2Nsb3VkMRowGAYDVQQDDBFCb290c3RyYXAgTm9kZSBDQTEh
MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzAzMzIw
M1oXDTE5MDIxMjAzMzIwM1owgZ4xCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv
d2llY2tpZTEUMBIGA1UEBwwLTWF6b3dpZWNraWUxFTATBgNVBAoMDHN5c3RlbTpu
b2RlczEkMCIGA1UECwwbS3ViZXJuZXRlcyBOb2RlIENlcnRpZmljYXRlMSYwJAYD
VQQDDB1zeXN0ZW06bm9kZTpiYzAxbjAyLmhzd2F3Lm5ldDCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAOGSPDwayWrojo+PwSKnz7gMfX72Ht3mKh6MQpvi
rbR4A2hwE6XaJLenH13vtnvsNE2otCLQn/o59e0sQmHlVFqXks5+mmSYpSacLLPj
kwON+fjFeVma8NDPTZqHVnbIAau4mXz5KAEraw6gvcxjQG6mDfQZjvZBWtNZiLPj
rXTZVTKYiT64Vp6GRm/pXWmDaAHVTWfp7atqZ7uAgL8Y2J4FLe4zJxD8odqaP1QK
ouARpLdhPbvbg6SzLcBBlSLKst8uB+tjKSkor6uZplz9ZycBqQUwXD2Yu6lPwNr4
eeaHc22rqsYNh6kbRIA2HViohy/1HgyyXzR1zsVIiAiOaLpcTMqRrlDALj7CPiS1
+iGDEkIUaHJGtpmeqlvWvQgkBlclnn34I+XJoKgfh5N8CueawWoRYlh59pX5XK/b
5eRQPem38vxdDAkhuI/FrxBNNSAslZTL2/vxl15NMUDCfHUJzwq7urpQe3KJWjgR
lS/nyhipHH1nGfg/IONbmsTVjabVcueTwIxbGZxichc55kNrrZRZiLnQawqKnZCV
CIaoBGh527Q/JmRk5ietaMOYAh+jJxPTdSAJIq/ZjF/GX5mn+Ssd8POgXHkhrVL+
2XV7dBDS7k+2nKj59z1x8tfo6T6V7Vdsop/AmLlv3gENPB93Cm23xDV64hjg5lGg
dkt3AgMBAAGjIDAeMBwGA1UdEQQVMBOCEWJjMDFuMDIuaHN3YXcubmV0MA0GCSqG
SIb3DQEBCwUAA4ICAQCfzQoxBJDC4H7ibYcE/b5tV01XNYQHWctd/9Kmu5nCP3EV
J10+neSxClp9OsDFlow32GL5TKZVrmEAiGw0Oy2HTawG0Nd781T9L0py2Gd7R7tE
40qBIHh8Xdpn5mGWtevXMWbN2phrV2sS2qn7lO1HhLbjgAJefXApiiQZbWv1oh/1
flwIi+fZxWZ01GRnJEtkU5bGoHqLhDRh+9bGS2Fi4NqrZkxpfDTZYDe0r1IVODAs
/C+OFWbsfYsQLWtNFbgl7y0CqfgFz2cmtT21XE27PWuA5USQ8gqwPUfA0OaEMWDx
wM/D2RPB+LsQDpNk3lKBSgXNY7GVJNDmgFXFQhdlcE3KjX9kFbmXtLrEqUQMqGQY
f4J44QWZXc2oWDDqs9O3B71suW9xfBhzAutjNe54yC/XFvz3Mqz+5OLXQTvVzoLO
49F4871z6hqrWmqgXdWBTS9kW6PzEGiVKxB+tKzweq0aTK7cghVHh8ie5DsK6oFz
mhrFsKjSEZuPr53umJDzV/X7roECGU6YW/3n7QGhZRjk5SgTwaB6gl6r8liEEP0H
KH72le415hp1qWvBCfVmUFGOB58Rotv5w2E5mWkQ0qW/jLCX1CYCOU/fck2r2+vm
oPX/hbt7a7iECsryrF9/XIF+Knon5FIenm/NtLIZEy4uIG/P6RHFAInEazU2aw==
MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzE5NTE1
NloXDTIwMDExMzE5NTE1NlowgZMxCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv
d2llY2tpZTERMA8GA1UEBwwIV2Fyc3phd2ExFTATBgNVBAoMDHN5c3RlbTpub2Rl
czEcMBoGA1UECwwTS3ViZWxldCBDZXJ0aWZpY2F0ZTEmMCQGA1UEAwwdc3lzdGVt
Om5vZGU6YmMwMW4wMi5oc3dhdy5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQDhkjw8Gslq6I6Pj8Eip8+4DH1+9h7d5ioejEKb4q20eANocBOl2iS3
px9d77Z77DRNqLQi0J/6OfXtLEJh5VRal5LOfppkmKUmnCyz45MDjfn4xXlZmvDQ
z02ah1Z2yAGruJl8+SgBK2sOoL3MY0Bupg30GY72QVrTWYiz46102VUymIk+uFae
hkZv6V1pg2gB1U1n6e2rame7gIC/GNieBS3uMycQ/KHamj9UCqLgEaS3YT2724Ok
sy3AQZUiyrLfLgfrYykpKK+rmaZc/WcnAakFMFw9mLupT8Da+Hnmh3Ntq6rGDYep
G0SANh1YqIcv9R4Msl80dc7FSIgIjmi6XEzKka5QwC4+wj4ktfohgxJCFGhyRraZ
nqpb1r0IJAZXJZ59+CPlyaCoH4eTfArnmsFqEWJYefaV+Vyv2+XkUD3pt/L8XQwJ
IbiPxa8QTTUgLJWUy9v78ZdeTTFAwnx1Cc8Ku7q6UHtyiVo4EZUv58oYqRx9Zxn4
PyDjW5rE1Y2m1XLnk8CMWxmcYnIXOeZDa62UWYi50GsKip2QlQiGqARoedu0PyZk
ZOYnrWjDmAIfoycT03UgCSKv2Yxfxl+Zp/krHfDzoFx5Ia1S/tl1e3QQ0u5Ptpyo
+fc9cfLX6Ok+le1XbKKfwJi5b94BDTwfdwptt8Q1euIY4OZRoHZLdwIDAQABoyAw
HjAcBgNVHREEFTATghFiYzAxbjAyLmhzd2F3Lm5ldDANBgkqhkiG9w0BAQsFAAOC
AgEALdUQsaYYC/Aj1Y1Wa3XiPO8vxBvNbCJnJKdQqemijxWgI/IVfvLJJqbfpb0/
p/83y2myYUNfAFyL0YVG+13naMqSLUbUW2S+Ctbi3gMs/WIj2/zdnIYJXtF1J3ou
2nlT/NT/4SFXGNr3ANKSFTEdm4tlW/hpBZb2xuf1/A/oH9GGE8wyJoBErYYS17mM
UPC7+Xxm3ZfQxjERSuv4OjUTOTxyVVy+e/HV+wdIQZPx8Ul+KYHQFsuJIISy2kqj
o87gvjwFomhcicefVOxQL7uL/YWuEHevdHfN80gY1i2MUNIHlfVQiUQH7APoI8GM
GS/onOOzGUV9+AkVrWanxBPxuU5K8poSq20bJIA5FTHYXCanCnyD5jNvgfPI9uMg
T1PSc8WmoW64EiSZMiBn+TZeVgmJ7M5eQS9WyUtwPbwW7mxVMFEtnXSRA/zsaWFK
ZVSjl1EjNpNfTjQTx+fEjf185DzE7wjOCiQhxmLte09vJPbiDWy31tLBQ2kEcGc+
/nofWK6AWe9vv5nqrpCuekcy8r2ZBUxrfrHgDaNdErUDIz1BiT045RvDejXse6oo
88Wb19acjkesJbO+cUHa8wzTRo2293hztEycXmOaKtHiogrD5C+0vSSrPJ/676x1
QQTK5568NBFUKuevdNHxh7MERcHImxk0UpIVUexe6UXmptM=
-----END CERTIFICATE-----

View file

@ -0,0 +1,34 @@
-----BEGIN CERTIFICATE-----
MIIF1zCCA7+gAwIBAgIJAIDxP85du/cpMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD
VQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNraWUxETAPBgNVBAcMCFdhcnN6YXdh
MS4wLAYDVQQKDCVTdG93YXJ6eXN6ZW5pZSBXYXJzemF3c2tpIEhhY2tlcnNwYWNl
MRAwDgYDVQQLDAdoc2Nsb3VkMRowGAYDVQQDDBFCb290c3RyYXAgTm9kZSBDQTEh
MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzE5NTE1
M1oXDTIwMDExMzE5NTE1M1owgZ0xCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv
d2llY2tpZTERMA8GA1UEBwwIV2Fyc3phd2ExLjAsBgNVBAoMJVN0b3dhcnp5c3pl
bmllIFdhcnN6YXdza2kgSGFja2Vyc3BhY2UxGTAXBgNVBAsMEE5vZGUgQ2VydGlm
aWNhdGUxGjAYBgNVBAMMEWJjMDFuMDIuaHN3YXcubmV0MIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEAy4rQNKn1wqavIg4fEyPSxpC3ZQ8TULE/3VSo38rd
vSwb9c1AfNQXYCg2wm2iRk5Zt0EQgE/HHZ/NUvrymH1I/2JNPvlkLY2WlXhtWSiX
B44xynS2UHvRC5wYfPUCCFjSylYOhh6N85CZZhv+mJVLWOzbA7jLEa+1THevRUzF
MBznkCW9QS3ZCzfZs0Tlb0yVOPKjjYqNsTdfbBhV9m31FUbseg2g7+oaCPFXrxBf
Aj+MDo8G2xP0M6QUZ/VXkPDFq0VE2CQBCDr3dbncLZD0hEp6ruuzM6yNzKSXl6G1
mfkiupiqHZ784lyrdSyc+yv4TFoJPVi6n/u34k+B3SQXfA6BBsLzqyhJi+dDxP2l
Em2HVg5u1hmqV7ZU1BQ7p+ricgJv3xdpzAbVQ2ukw4Hipb8Z8ZKSIsZ0jLPQ6OVh
5cambMp3mD7pBDHf6zDehiwhYzIBEXUSVcF7+c+chKnHuav35jw6WJzozCCRilW0
W3avCeyqtpIpeT80kt/s6/KxapNt70vZKe7RbRjxGRVBHk5tn5fHO6XRGDGqQ+Jd
nHhzaAm8GIoFnNEkJp2BjMywzJTQnY4ZEn+Iut7vpU2F3zgR1KaaACTbc2oe4TrS
SXV4zZRlq8HNSdnhxBr9cZIxaqlQG9d3jURQrNZ2d18u2a2nCDJZOYQTRzWqqWhM
KBkCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAAHmclBSa+MkJ6pOCWoBSWu8chMlh
QCJZqzmhfsrxSnATtfBoa+kyi0qjrXbCUhxmsKCeZjH4zCznd1MwcjL5wwQbS6Lb
slH16NqmrCRZF8A9Cy6noFCdl/EuHqoe9kl7cFZ3jyRQ7CXhMxsWDQ+07I5M3cTn
1hT1WyLCDU88t677MYeuNGdVIXkhX7lc1glpItX2PEpUrg6cF7ifY774MmwYUoy1
2kP1uIZO6TJtuNQPsuWmOxFZjVQ0lBSSSegVquOkE7g7UKMxbooPXPgAL1u7KLbf
tlzu/FU3LqiKkn+J8mvDoMm+6wsbPqXgOepnHcEHlWXhEys+Jzbz506qki9uzufE
2mdW5b3s72TcgMp03wi6gAZtjsGAaT5v9jmfUBkPkn1aP169BBl8gCnI3yNNiext
Zrl/28CL38vekBa/87u2BPy5xPQx+D+Nj6w5amhgAZg1FIyJbmfjup/VwZUpQ7Ac
D6h1B0exveRAD1uCPC5pTRO39TqapA07JsfTT5QVxVqpKIZUzIc7+HnaCcpy4dGN
4cZXZDPVkrhL8NWqwOeoL6mP9/CG+a6O2LcwiIaSfxSYBvXGCY1A57wATfpd3h8D
n9qAX4a54eHMD97CgQqRqGiQEBGMR5B4ipo10Tkz5/95dnso4UKoZdNYmEJ5RV+u
woES+ejgN3Q9YX8=
-----END CERTIFICATE-----

View file

@ -1,34 +1,34 @@
-----BEGIN CERTIFICATE-----
MIIF+jCCA+KgAwIBAgIJAIDxP85du/ceMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD
MIIF7zCCA9egAwIBAgIJAIDxP85du/csMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD
VQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNraWUxETAPBgNVBAcMCFdhcnN6YXdh
MS4wLAYDVQQKDCVTdG93YXJ6eXN6ZW5pZSBXYXJzemF3c2tpIEhhY2tlcnNwYWNl
MRAwDgYDVQQLDAdoc2Nsb3VkMRowGAYDVQQDDBFCb290c3RyYXAgTm9kZSBDQTEh
MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzAzMzIz
MloXDTE5MDIxMjAzMzIzMlowgZ4xCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv
d2llY2tpZTEUMBIGA1UEBwwLTWF6b3dpZWNraWUxFTATBgNVBAoMDHN5c3RlbTpu
b2RlczEkMCIGA1UECwwbS3ViZXJuZXRlcyBOb2RlIENlcnRpZmljYXRlMSYwJAYD
VQQDDB1zeXN0ZW06bm9kZTpiYzAxbjAzLmhzd2F3Lm5ldDCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAMR3GDwt2biypJBbrmuIpZmNa9I/jpnjVZ3MLDoK
9oho2KEzugfdQIONE9gJtu74J5NVXhfhAzd3ek46w8BKjbA/cCE9Zs8hpxhpBc64
5RBsCv5QM9gKqOfLC13l/cAIGfWrgFQBcQ0pv2U4AwhERa/6jayZ0hi5QqRA2YMc
H7GDuBg3WQmzjKz1pLS9VHqoja8Jua4QBLj4LP5JRiaLkDfhUavuB4Rj0P5VOxjB
Pa4yQfNCjQe/hWPN50RRhR4E2w2PYiRDz/7O/xn+6myCXIsD62U2OqeLyYBnuLKA
hV9SAKXLxYs4IiMEVZEDogH8ben0zAtsN9N7ImXQopWZmLny5HJrHkgMHeegGhIG
d9eSZbZCMMKgyqW9KLpM8G/ca97a8fdLfAxoVqQiW++3kANpwATatpldsbwuA1H+
2BGt4t702WprtnvM9CxiCTXGm0nxAwA4onMVSc1hmWj00b0WGYmTArEiYgAPIlgF
ubJH1COkxwHTOvNjpVOcanObPvba3hEKfy8q2bgW/IG7fZRj3kEvY9HnQ5Zhw0kA
CJMZoPq0UE1z0gePv9vCbs1RgAtqhUD0+RPvs2A4giKYIogNLfHjKQdl79G/OTQM
FLn0rdVmG6eqAyIv6RFD2EKH3euadGaZD7XMtRmXITgsfj2qnpxYfddFyNuLbpoG
t0mLAgMBAAGjIDAeMBwGA1UdEQQVMBOCEWJjMDFuMDMuaHN3YXcubmV0MA0GCSqG
SIb3DQEBCwUAA4ICAQBI1haT3MZehODqbPhhKAPErpu2AgoKlDMAFEztSWfH3uW6
uaX07rlcPMvI13dzkducpL0ha+qVCodL3oAd3Jf7r738uD0nFaiamaGVoepkIfZE
8wfAHS/c9T+iXiG8FArfE+dOBHYt5LFwq+BSyw0uRjRTquF6AeZr5SHrzsCDkFQk
75z2PhciGUHYCk2vv2VGQvg0SkowqegrywWb/yTbAPgBsjZwQ4hmGXDfbJUa7Kga
G2CuI6gRWA2bakfdDnNUqz4Qqn3jis1Qv05NCGCQlfJNVMmIZlrGpG3GUgVBbyMi
Z8ELMKAIhSNSAYo4eZqyDIztRyGD2wEpxE2A+K9RgvNs+ocFgLTOQVji50NWS6t/
opDVjZ5tbNUsVuEXdmNcis1yq5hniFwxrWUIxDwGaEAwyCRZbV0WuqgUwEGIOzHo
6Yzv6EyHXqJCOubET42Gr5Ujc10zJpZ7oizBNQhuQvaahTKqPgew2QE8MDKmRzZm
F3xgXNQj0jnoJJi1QUmjXANtN7/elz6hxu4HkXDkTCMtqjzGzrdZjLss+gBNLLhe
1xBr3MD9R7XoFxyZFGCEHWiQ1Zdzw+ULai205/kZUFyNpxTK7Yt1I63oHj8HrVB6
wLM/ibtK/TOtB5cbyYRCETYXeSe21m2hvc2RvZUKgxZ0gS28oYM7OET5s2J8ew==
MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzE5NTIx
MFoXDTIwMDExMzE5NTIxMFowgZMxCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv
d2llY2tpZTERMA8GA1UEBwwIV2Fyc3phd2ExFTATBgNVBAoMDHN5c3RlbTpub2Rl
czEcMBoGA1UECwwTS3ViZWxldCBDZXJ0aWZpY2F0ZTEmMCQGA1UEAwwdc3lzdGVt
Om5vZGU6YmMwMW4wMy5oc3dhdy5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQDEdxg8Ldm4sqSQW65riKWZjWvSP46Z41WdzCw6CvaIaNihM7oH3UCD
jRPYCbbu+CeTVV4X4QM3d3pOOsPASo2wP3AhPWbPIacYaQXOuOUQbAr+UDPYCqjn
ywtd5f3ACBn1q4BUAXENKb9lOAMIREWv+o2smdIYuUKkQNmDHB+xg7gYN1kJs4ys
9aS0vVR6qI2vCbmuEAS4+Cz+SUYmi5A34VGr7geEY9D+VTsYwT2uMkHzQo0Hv4Vj
zedEUYUeBNsNj2IkQ8/+zv8Z/upsglyLA+tlNjqni8mAZ7iygIVfUgCly8WLOCIj
BFWRA6IB/G3p9MwLbDfTeyJl0KKVmZi58uRyax5IDB3noBoSBnfXkmW2QjDCoMql
vSi6TPBv3Gve2vH3S3wMaFakIlvvt5ADacAE2raZXbG8LgNR/tgRreLe9Nlqa7Z7
zPQsYgk1xptJ8QMAOKJzFUnNYZlo9NG9FhmJkwKxImIADyJYBbmyR9QjpMcB0zrz
Y6VTnGpzmz722t4RCn8vKtm4FvyBu32UY95BL2PR50OWYcNJAAiTGaD6tFBNc9IH
j7/bwm7NUYALaoVA9PkT77NgOIIimCKIDS3x4ykHZe/Rvzk0DBS59K3VZhunqgMi
L+kRQ9hCh93rmnRmmQ+1zLUZlyE4LH49qp6cWH3XRcjbi26aBrdJiwIDAQABoyAw
HjAcBgNVHREEFTATghFiYzAxbjAzLmhzd2F3Lm5ldDANBgkqhkiG9w0BAQsFAAOC
AgEAWJ0Jdxnn0sOAJHi2AS1eTuiG188rOTt1BCFsYhWzPu+TUVBVz65EmIOF2uWP
ZdNRgxBEePwJAzlw3SfCN6WErb3t3MxIiIwGP7MrQROCm6jOwoV+i9MuLHlVhTHD
hgwNLneg8WmAKYhKCKqEz9izFJfQe67kTgGEgc+bC9uHlq0/qyu3DchT64HLl68k
+McpjnGH2NCeKy1/jdZBhVs9B946eCniDxIuY+5PkJH8JEjPCVaUXYSrr9LW3e3I
VzOHLd3YiguH04UNA3b1g2FCtUMwYHmsImofoLfOF87pHRazbt2gdLbd1ZS9n2Fa
sZD2eu42mlAtyUdIsGQlFdE96vmP/fZOYH/bfFG0manaN4oVjDyhmTRF5q59R79n
y0FNCFFCt75FC72GYQWmTAyI6MEvk37SzYK6dvPnCRcYI/hyBQIo/ukNZfI7BIwc
UOUydcoW9QzVL2uaabRrtYOOEKrJo2Q19CTpcyxbDrwF665JCYKli9gRjB4PZz85
kmcXcDVeXqPI2VS0RWnVPhevCZn4fiO6o3/Gq/kWo18koAEWZYf4NRDm55T01kqj
ISZAzRqJenGqnX/ZcnGQygSRbJoatZyIVPI4ENk4BdZEJIcCD914iFRl20Xccs/k
I2Hj4ETGN/FVL/kXfiCyx7sx13DvhOPKSyqbk402vrTnfjM=
-----END CERTIFICATE-----

View file

@ -0,0 +1,34 @@
-----BEGIN CERTIFICATE-----
MIIF1zCCA7+gAwIBAgIJAIDxP85du/crMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD
VQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNraWUxETAPBgNVBAcMCFdhcnN6YXdh
MS4wLAYDVQQKDCVTdG93YXJ6eXN6ZW5pZSBXYXJzemF3c2tpIEhhY2tlcnNwYWNl
MRAwDgYDVQQLDAdoc2Nsb3VkMRowGAYDVQQDDBFCb290c3RyYXAgTm9kZSBDQTEh
MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzE5NTIw
N1oXDTIwMDExMzE5NTIwN1owgZ0xCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv
d2llY2tpZTERMA8GA1UEBwwIV2Fyc3phd2ExLjAsBgNVBAoMJVN0b3dhcnp5c3pl
bmllIFdhcnN6YXdza2kgSGFja2Vyc3BhY2UxGTAXBgNVBAsMEE5vZGUgQ2VydGlm
aWNhdGUxGjAYBgNVBAMMEWJjMDFuMDMuaHN3YXcubmV0MIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEAxiuSdlKbh4zsIL3/vJnDX3QE4769lon+N4zxEU6K
9N9MjOctys8H9eeeqSvbPW2QD74f3E3CePIndKukalSutZYvKzsW6aivBXIZR7Yq
ODjFhfIezN3uFN2rlvCrKrMRIEMvURm1mgDYfU+6kETYodRxbzy5h5vVGkYfFmO3
aV8iZExKpwoOtGCp2K8k6ViS7SWgMddUjnfptB/Ge/Huujkejj/kSXIcIFb/9yXB
F1eYNGzajPVpP8ervTJFetyULfskGxwsWjFixI3oJVzhstYp2C1uNOuNZdNS11wo
pV+RcQdmlIAPe14VxIu2IAXjJ6tgXQEaXx7Veq4HoN7drc5XcKLODL6y65JleXgY
MbRuKdCYbKomCRMWXL5ps0vZGHuuBWk9OITobDBYln1z4iO7MeDuXNwea56gsZYa
3q37Se7Sj2RqV6hIpYyJqWr/6HbZ4Mb/0wOrm18gpfUdDXGtPG8zFNPFiZhS1VpQ
0/UQs63CKu6eBBbJOVme1SjgRN5lyrtnm55nwsquPKDFkT6M7oIrxutFNisX0faQ
G8xBYsIICuhZLzBQLilvd9IBnpMw9JgBygircJEOPXlYJ0L9EVLbn6oi+1o/iCjJ
YpC0Epm/3skNhCUXgxODJMRP+2jgpxJa3T7ggv7ykgP5zVsFKDTqktX+XYaq7diF
MRECAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAMpJiqOvJXOVbdl/fAWfXyNToRTBD
nJyRKv9pDa9u9ZiswtwkkKihMD+on6CaKsRQt+1WaYqm9uHZs4D8TEitIdRUjj+d
v7j9XHx6uMc9XmWxlDwm1b2Ci2/mqNZVWsDutRfPM5UhnIH+SlpjDqQEN+XaUQGf
f5JwtDzAvCPb+ktW51oUqZCjLawAx3mQ/cl3GigZC1CxdfSg1HHC8mN7vIKKkM6q
3o9eE3zO4o4UVKENoo7+B4IyhmQu9Qzh1fBO+5k14T/aRIds08skR+wR+SCuG/R4
FmBUpXw0qkhLDVEbeMA8BTndFBPHv/nvv6ZjIaaQQ7R+4iKprpriW2ZA4/eegHwI
OStwhe8XTHoAkSsIgrlaYH3md20Zmq1YwdxCKDyxPhqBXj6AV65hrwlzLY1H/9IC
KMWjKu0s/E7BWGiaegqw47gcPGEKdDc0jdJXmGgfFtTmKBAhphYj/dSirJuJ8q53
v/PgkGVb2jntYcBhDhOfbCJANd0ODpoxpnrWiDsNibDrREP0nHWqxuJy3NecNDsi
zANRZtlT+TcJ+CRFOW70SA3uwci7RoOEgERdG2VrjinyL3w8r/Q5826ozM89G9I/
PiV9N0ALN4y0NHxP/mJoHkfPsR1SkRdQgroFzfBBxTasb88WoD5luz+0ZMoahLIr
9lmjupwIX7aPU9g=
-----END CERTIFICATE-----

View file

@ -1 +1 @@
80F13FCE5DBBF71E
80F13FCE5DBBF72E

View file

@ -1,33 +1,34 @@
-----BEGIN CERTIFICATE-----
MIIFnTCCA4UCCQCA8T/OXbv3FDANBgkqhkiG9w0BAQsFADCBtzELMAkGA1UEBhMC
UEwxFDASBgNVBAgMC01hem93aWVja2llMREwDwYDVQQHDAhXYXJzemF3YTEuMCwG
A1UECgwlU3Rvd2FyenlzemVuaWUgV2Fyc3phd3NraSBIYWNrZXJzcGFjZTEQMA4G
A1UECwwHaHNjbG91ZDEaMBgGA1UEAwwRQm9vdHN0cmFwIE5vZGUgQ0ExITAfBgkq
hkiG9w0BCQEWEnEza0BoYWNrZXJzcGFjZS5wbDAeFw0xOTAxMTIyMjA2MjJaFw0x
OTAyMTEyMjA2MjJaMGkxCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpvd2llY2tp
ZTEUMBIGA1UEBwwLTWF6b3dpZWNraWUxFzAVBgNVBAoMDkt1YmVybmV0ZXMgQVBJ
MRUwEwYDVQQDDAxrMC5oc3dhdy5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQCkM3INHpc2gliSsI3BWlHZLMoYc7UGIDvi2rw+t6vygeXMFCVOowL/
rxfIprGBdtjKenxuMADKjVl1NzRib9BT26grBY2tvLuZbOhLnFdFZBrWvNt6V/sP
P33IGs5lolkdI5aWKNHwk4Umobhny5AEia7iIMjdLZP6kKGYNRb5nxcTXEwGKr+z
ug9CGSZ5bQrmG8r+nCKgPb9QWNSTmg8AAG6TyoWyImpaMInOwLz2g6KCFd2yEEbW
we6yUv+4iqPYmUjUbnECVqLuAUxMCO0RRtQHk9FUD+i2NB1wW5ixG/5+WrkfXLII
O+oXmC37RZKIFUJks5VmGB2M46b0IzZsgguMXJosjieML5broh7SRIOp6FRoOLzA
2QfiWV9maF/Ue/GUcurSwnsPNtsDy0sqffYjNpsdxHB25OH7abqDmbayNx/x68HZ
2Rs3BaLJM5R0PZVkbYMYTAKzRGUbA2vrpiSnhIDtD3rPTLWcNbZVrDoHGpF+wWs8
7E5VPZ7LuM5QJNg6ZBLJ7B81rvw3BYTar0H2YfLGeTjhktJ9fJVjx7gvAagBRnip
gSOLN4fiB68wTe8lyLLH+7+ZtfZl8myRzkoDvHc0iBeZa0Pr2iGCLfR5FkqohU7n
VRremTfIodygtTMdSozpOWRMaLJV1WJfMiB91rs+mwMBhncqa3Hp6QIDAQABMA0G
CSqGSIb3DQEBCwUAA4ICAQA0SmB4sBITbNTPc20jhZwdmGOCEYg/o/MIpeKqnBnE
G0SL+lUWxgB7WA7tsojS8gUSq8HaKc7kAtaDiF+in+xCuhzZAXfPRtUNIx5QIZ0G
9wUglSuI37EfM7opmNkh2tyfgHtPvcHIhXWEIyXRmRUWSNd+/J60duECh/G0fOuN
8cToI8KCYPxpnyYLUfI7r4xZ0wVYsu9kHK0AzWsU+i4/3h0DgXJzI9mqdVHzNYaK
0GZWsko9Jqr28Cq8NPp2wxeAldPBc+oiegCNBSXJC/i0N4Zrl+oj3bZ09lnG4WHT
sNbRq42p9wihanoTRaHosIjSKpB85gUXHjQIMhkI7vhQCkgxZ2sbJFKofnrjdIz8
Oo4Aq12MdoJJye2q5YI41Y6ndxts4aYufc6Iq2JHwd12LWGYDWWGDW2lCJJurHVC
CdWYcYUozguPExUPmkDyTRozIS+J8ovN76cDdNW4tPuf2GRJhfgR97V8Yq9LuVR2
Hr3IksF3WKv5PUmTjb03Hdw273GleKUyyiH6fY4FnW3zDPijDX5NLRTvYord/4zg
4x7SxGVmaggoHoqkujHQ+P8IejGqdUHIprL/NKFC/tytAAkKaKxLrX3/U7ljqqA1
M6LLdTJCQGMeu/TO+0pCKzqmR4Xisf1eqsq7t69QO08Cd69nHGEn/JG+T2h78kRb
sg==
MIIF0DCCA7igAwIBAgIJAIDxP85du/cnMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD
VQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNraWUxETAPBgNVBAcMCFdhcnN6YXdh
MS4wLAYDVQQKDCVTdG93YXJ6eXN6ZW5pZSBXYXJzemF3c2tpIEhhY2tlcnNwYWNl
MRAwDgYDVQQLDAdoc2Nsb3VkMRowGAYDVQQDDBFCb290c3RyYXAgTm9kZSBDQTEh
MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzE5NDU0
NVoXDTIwMDExMzE5NDU0NVowgZYxCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv
d2llY2tpZTERMA8GA1UEBwwIV2Fyc3phd2ExLjAsBgNVBAoMJVN0b3dhcnp5c3pl
bmllIFdhcnN6YXdza2kgSGFja2Vyc3BhY2UxFzAVBgNVBAsMDkt1YmVybmV0ZXMg
QVBJMRUwEwYDVQQDDAxrMC5oc3dhdy5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4IC
DwAwggIKAoICAQCkM3INHpc2gliSsI3BWlHZLMoYc7UGIDvi2rw+t6vygeXMFCVO
owL/rxfIprGBdtjKenxuMADKjVl1NzRib9BT26grBY2tvLuZbOhLnFdFZBrWvNt6
V/sPP33IGs5lolkdI5aWKNHwk4Umobhny5AEia7iIMjdLZP6kKGYNRb5nxcTXEwG
Kr+zug9CGSZ5bQrmG8r+nCKgPb9QWNSTmg8AAG6TyoWyImpaMInOwLz2g6KCFd2y
EEbWwe6yUv+4iqPYmUjUbnECVqLuAUxMCO0RRtQHk9FUD+i2NB1wW5ixG/5+Wrkf
XLIIO+oXmC37RZKIFUJks5VmGB2M46b0IzZsgguMXJosjieML5broh7SRIOp6FRo
OLzA2QfiWV9maF/Ue/GUcurSwnsPNtsDy0sqffYjNpsdxHB25OH7abqDmbayNx/x
68HZ2Rs3BaLJM5R0PZVkbYMYTAKzRGUbA2vrpiSnhIDtD3rPTLWcNbZVrDoHGpF+
wWs87E5VPZ7LuM5QJNg6ZBLJ7B81rvw3BYTar0H2YfLGeTjhktJ9fJVjx7gvAagB
RnipgSOLN4fiB68wTe8lyLLH+7+ZtfZl8myRzkoDvHc0iBeZa0Pr2iGCLfR5Fkqo
hU7nVRremTfIodygtTMdSozpOWRMaLJV1WJfMiB91rs+mwMBhncqa3Hp6QIDAQAB
MA0GCSqGSIb3DQEBCwUAA4ICAQBMkv4dG3gybWdggc5aCZqyanp+CU506ejVpAd2
oPgJnvcAR1DVnHer2hMFlRk4lt1rSPsRv1bqOQLgBkOEbUJhknaSD6CknmfriX1/
ZdBwB9JHy7E/S4QDrm/8s6HiWcKYW6eK35aP4bF8ebDp+PBmYOrHRl85vNqtjeMJ
iyXznQFL1kiuT2hBcMiQeVbEz4o0u/yAlNIxL3PXKXn0AVyW0LjLI+EAd8lCfGKy
SkJf2gw/UWx3s+rEctA6qrB29PBR03PTHvXfb53ILh8KuIh3hU3+EED7puNhNvrS
qWthIe5hAVOEaE9GfHCqdelQELrrYhAVMuO+PqtsGwZruEY6dpI493Aq+lfd+2TT
pRG/isoGvGh+Lg+pwV3DLuGnnMH47iUHnPPXbYRBvSpnhC80vx8Bnbn4l7TpuZYo
KLo5heP+Mb4sueG7KjuoOHRXcI3vHgKD2XjXFokdLBAy+75Ik0YNUWbvK76PiajE
znic15ws1lTJiY16z+JPdjpLh+ddXf2DDnFhkWNy/Fxt+dIm0Bhdgin0rPKpE8Sv
BIKiagL0VpDlVW5DUQe9ZVNW3zvyb3fvis+4+SmPcHDEq6ULgQQD6NjuPTKa7Suo
pm7SxeMmP1c0B28S1wqZAh0mxrD/yUhKA/ZagRktAhCr+CXAgePEqeCZCx0XGqUw
d/ZySw==
-----END CERTIFICATE-----

View file

@ -1,13 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIF9DCCA9wCCQCA8T/OXbv3DjANBgkqhkiG9w0BAQsFADCBtzELMAkGA1UEBhMC
UEwxFDASBgNVBAgMC01hem93aWVja2llMREwDwYDVQQHDAhXYXJzemF3YTEuMCwG
A1UECgwlU3Rvd2FyenlzemVuaWUgV2Fyc3phd3NraSBIYWNrZXJzcGFjZTEQMA4G
A1UECwwHaHNjbG91ZDEaMBgGA1UEAwwRQm9vdHN0cmFwIE5vZGUgQ0ExITAfBgkq
hkiG9w0BCQEWEnEza0BoYWNrZXJzcGFjZS5wbDAeFw0xOTAxMTIyMTI0MTlaFw0x
OTAyMTEyMTI0MTlaMIG/MQswCQYDVQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNr
aWUxFDASBgNVBAcMC01hem93aWVja2llMScwJQYDVQQKDB5zeXN0ZW06a3ViZS1j
b250cm9sbGVyLW1hbmFnZXIxMjAwBgNVBAsMKUt1YmVybmV0ZXMgQ29udHJvbGxl
ciBNYW5hZ2VyIENlcnRpZmljYXRlMScwJQYDVQQDDB5zeXN0ZW06a3ViZS1jb250
MIIF9DCCA9ygAwIBAgIJAIDxP85du/ckMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD
VQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNraWUxETAPBgNVBAcMCFdhcnN6YXdh
MS4wLAYDVQQKDCVTdG93YXJ6eXN6ZW5pZSBXYXJzemF3c2tpIEhhY2tlcnNwYWNl
MRAwDgYDVQQLDAdoc2Nsb3VkMRowGAYDVQQDDBFCb290c3RyYXAgTm9kZSBDQTEh
MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzE5NDU0
M1oXDTIwMDExMzE5NDU0M1owgboxCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv
d2llY2tpZTERMA8GA1UEBwwIV2Fyc3phd2ExJzAlBgNVBAoMHnN5c3RlbTprdWJl
LWNvbnRyb2xsZXItbWFuYWdlcjEwMC4GA1UECwwnS3ViZXJuZXRlciBDb21wb25l
bnQgY29udHJvbGxlci1tYW5hZ2VyMScwJQYDVQQDDB5zeXN0ZW06a3ViZS1jb250
cm9sbGVyLW1hbmFnZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDH
NdThV//g0VWj5VX+i/Z0iLjmoxwIJYVcuzLNJwiC3jyhjKfXwo7GjkI03PB0oHmj
I/OS15NqCpSbOzLNKfnBk1WjfGfbyiyJbIFWPPWnD/i4mdiKZ5ZS45nYAUqBADs6
@ -20,15 +20,15 @@ zpd1lw8LvnVmzLHuhIr/8HLm5hnbSwcdOqX1MEFRHO7mmc6fKJ7jce3mEKdMMowV
7ue187+3rcZFc0p7Si+onAh3EpkNjkdsBOQQuOpJ+FALEP+7Bm8rivyFiBf4RyqP
kMjazR4VLo9xce5p65mJBHreTwCMbgCYb4yzAXOt3KSoYuaHAFDyknaL0oCi0XAB
H4g92Hrd9AY+ogKHER6aRG9rO+3zFM8LHiaOIrciBwIDAQABMA0GCSqGSIb3DQEB
CwUAA4ICAQBkN9yuv/dc10NqUYsqaTT0+1H0EhbGFAasFdqTjIqwg79PBgxeJa6L
9MjcMvPyUGkOQqGISrY5W2ZnLViSXPaSufCzSaBS8LG56yWjhkJAaWYEWrE0Or7Y
RN13Z6lXaZCcXDxg43OUo8bI/Jw1V/bMkHaqDh4ndM2wdDnWv0pbYv10EOwtXQaK
+Xfwzhn2lVIx6GtF6BbGcSdX7FCc7BIjIO9xc5E4TbdRk/97jKFnQAq4XUgLdmPi
M2z5DWgAgDn1AaBe9OTX4FFebDaMwvNrO28H1x1bFj70gClUWzTQaCeHjO9EwD/6
cg4ze9TbBlE9qdRWV6UcFjKvxCpZ/TyCszJfVBHdagCTfl3gkNqRTCqKyY+D62u7
w2BIa6FzxfAz2yTJ2ZbtxwephyVE693qPV/UEJ1qz80m4QKC02ee7TH+I4pcyDaX
srH7NULJ2hEIv8zAwIFJCTBAAkhLvqJ/mYh3Q2WPDJFO7UMWdsLBZ7E6zrOq00wU
6CkHQImIcBrOanIM32ylSsJve1zT1+h5b6NmhxIECFz6aoGtHbPPuCMWAkdBce+M
p9ZCvIzW5LR3iVizpKPwL53Z4u0RMNfl7LD1uMw78v63+A2n0aUO6oo9spF+rMPB
SKrCyPZ5GA/4N/NZ/WRMYQ67mkRZqofYgKzRkKlq8FS2YLTDgAbsdA==
CwUAA4ICAQAY/Kz0nL4fA7TvDcCRc4CErVbXb5q2OHWivrwOJbll7yJVt4ksh9bd
g83kmdk/Z/vUpCQcJFEdEOFu/oiQ6eLIi59pM4zTjar5KVv1vtv5zkuWJ0lKtoxe
40oV62kEgTWb4H4z3ADImgq60wRpU+Mwb0vmWF5Bto/M7Ul/+hpNudsWwY2KZzZo
cPPEkW5Yics5mVgFY9KPyEpnWoAxBBOEcmBjzwr5FTgjRLlz9723dVpj37N88lur
A2+Ezx2kRw5/KIznbeeZMBVGCLYZ+3RFJKlPaoxcoQ7Qd6isq0bkzJpeo/Dbl+NG
AgT6MX21O9sOuFwBVfpzFov1eGLNFORsDLs7zZa8mcgtEpYOn0UC4D5q17B6tmp7
JeEvx4zdkEp8lRJkBKCJpZ86yb47a59SoV2IC4I9laUEzDyWKNn94rhJ8rN7AQke
z92xvdR4jOcOYznt/iFDI1uA2dtiIdfw8H2IMLxHyfcbzh/mm07gugrmZAZENI6/
DZrJp6e1h505OEu0/PGzLfQnYpkEd7xdvxLODkxkqUd5BM9jCG7soYC2p3Hr69kA
BjUv/0IGagMT/TxqdoUUzjcJp7N6VbJW+z+5Ze3hUFuN86SXW2na01iq2olOy+c/
sPY21NPreeag3NDVFxuz/+XI4cFZ5pg8wLgKGJvLeYmgNkr+1U9DGg==
-----END CERTIFICATE-----

View file

@ -1,33 +1,34 @@
-----BEGIN CERTIFICATE-----
MIIFyzCCA7MCCQCA8T/OXbv3DzANBgkqhkiG9w0BAQsFADCBtzELMAkGA1UEBhMC
UEwxFDASBgNVBAgMC01hem93aWVja2llMREwDwYDVQQHDAhXYXJzemF3YTEuMCwG
A1UECgwlU3Rvd2FyenlzemVuaWUgV2Fyc3phd3NraSBIYWNrZXJzcGFjZTEQMA4G
A1UECwwHaHNjbG91ZDEaMBgGA1UEAwwRQm9vdHN0cmFwIE5vZGUgQ0ExITAfBgkq
hkiG9w0BCQEWEnEza0BoYWNrZXJzcGFjZS5wbDAeFw0xOTAxMTIyMTMwMDFaFw0x
OTAyMTEyMTMwMDFaMIGWMQswCQYDVQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNr
aWUxFDASBgNVBAcMC01hem93aWVja2llMRowGAYDVQQKDBFzeXN0ZW06a3ViZS1w
cm94eTEjMCEGA1UECwwaS3ViZXJuZXRlcyBDb21wb25lbnQgcHJveHkxGjAYBgNV
BAMMEXN5c3RlbTprdWJlLXByb3h5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
CgKCAgEAy6IJdYnjgNnmFr+uWcmn7MYpK/ucfle8ySsOWxuGbmFVUfJCR6vKuIii
IisgPJVP2qdxnBDsyvHtgVUz3P8zTBqpqZdYvGgyUiQasd4DH4xypDVLdt+fmud/
TyTqsK0/b95ugFKqbkJ09NL77/h3WjbRqPJGCTvSubSejn8vZqlIvV3O5Hj5g7gh
O+Y3iDe37Jyv6J1/ViikvroxzZ6HvaNoGNL/r6/pF6j2s1i/Q0XITawVcgu6TAHY
gY5XQj/zxNQMFr/jWcaTKDq8HLy2TVF9bCcHDDRufzcTwqZMwoY3N1jzX5Kvh4d0
kgnj/u7BX3/fyFrIOGoqgxCYuvaQC2NGpILxSIAReaaFSSaSdR5jNQjj+7q+nNsm
RjYsswnkK5fazXnDm9C1kD2VMwnXXgkX2M6vfmSWT4FRIFQPWhekWIvJZrVrNCRo
38GiETu9oSfnZLHMemUm4SEC/pkntOFHN9ABeflkgtzGI500arQm7QN9ZT01E0e1
iPsBC6t2Qpcc/PQy3yR3v6XkRyBzmtp7Oxx0K6REfKMCJWqwlft8FY0X1L1P+hDI
3Ek4SOKhhxYUnUUwsGex+3NujsAyqF5LI2VFzU893rXG6+ZQYqOgarH2gk/WDHgL
i7LtF2CDyOPLzurhebS6KObk/MBon2vQhSYjRR+3F5RnU8NJAX0CAwEAATANBgkq
hkiG9w0BAQsFAAOCAgEAmSZE2LS5I3kWRUVUxKQ1UT6t6GMCSfILcEGW1Q03cI6T
LbTygbOh7khIQSqlCZgKzWtmpUcc1pWGC1TwGIWcwvd/ZYJp3jPBRM3x7xs6Wnee
1t88qaqB3ZO8cOEWcSxz+WU+DNf4iZVyWkUNqKptmTX450tyVSZpT38cHB8idRrT
EwGg0sF7FGc3kGD9eIVi9L/MON218P6gOfrG24Ce8pxnGDwxXs9gC32s5Aa4mLam
1S48Sun01w47M599D14OeRh6r0OpDhFdGlQUHWMlBkLsLEZkqdknNCYDWFELHIIK
vyu28FFt8UFT0wAQRbqhYrgDqbNNJOrf4V18hrFK8XyKNivGJ9lCbhdiV4dkDEai
y/Lz3CXbW98xT+MiiRKhsPjaTU01+NcczvM330iV4gIrtt+ROosalqo4I+N+JSs5
PIHmIQKQ+2HAiGHIzQWiM8bz4JX4iMpxkKp7hEMiedonfw1ZMBYUuGp/6GTOQDhI
s55qlDKk7PYLJfF4hLtNbfCHisczVQF7rwrZc216mlCOSoae3ySimUDtkO9Qfjmw
/qr1xy3K5hkB3FoyUikRodWPdepdDILWVHGUH7++C4hBUlNh+8PpRUiSjDsURXE9
5vsrf1vrp64JuJuc1YPzxPyZATX7lHZcv9R7l5VZCBlKuu4MvjX50rKBeEsHh5k=
MIIFzTCCA7WgAwIBAgIJAIDxP85du/clMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD
VQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNraWUxETAPBgNVBAcMCFdhcnN6YXdh
MS4wLAYDVQQKDCVTdG93YXJ6eXN6ZW5pZSBXYXJzemF3c2tpIEhhY2tlcnNwYWNl
MRAwDgYDVQQLDAdoc2Nsb3VkMRowGAYDVQQDDBFCb290c3RyYXAgTm9kZSBDQTEh
MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzE5NDU0
M1oXDTIwMDExMzE5NDU0M1owgZMxCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv
d2llY2tpZTERMA8GA1UEBwwIV2Fyc3phd2ExGjAYBgNVBAoMEXN5c3RlbTprdWJl
LXByb3h5MSMwIQYDVQQLDBpLdWJlcm5ldGVyIENvbXBvbmVudCBwcm94eTEaMBgG
A1UEAwwRc3lzdGVtOmt1YmUtcHJveHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQDLogl1ieOA2eYWv65Zyafsxikr+5x+V7zJKw5bG4ZuYVVR8kJHq8q4
iKIiKyA8lU/ap3GcEOzK8e2BVTPc/zNMGqmpl1i8aDJSJBqx3gMfjHKkNUt235+a
539PJOqwrT9v3m6AUqpuQnT00vvv+HdaNtGo8kYJO9K5tJ6Ofy9mqUi9Xc7kePmD
uCE75jeIN7fsnK/onX9WKKS+ujHNnoe9o2gY0v+vr+kXqPazWL9DRchNrBVyC7pM
AdiBjldCP/PE1AwWv+NZxpMoOrwcvLZNUX1sJwcMNG5/NxPCpkzChjc3WPNfkq+H
h3SSCeP+7sFff9/IWsg4aiqDEJi69pALY0akgvFIgBF5poVJJpJ1HmM1COP7ur6c
2yZGNiyzCeQrl9rNecOb0LWQPZUzCddeCRfYzq9+ZJZPgVEgVA9aF6RYi8lmtWs0
JGjfwaIRO72hJ+dkscx6ZSbhIQL+mSe04Uc30AF5+WSC3MYjnTRqtCbtA31lPTUT
R7WI+wELq3ZClxz89DLfJHe/peRHIHOa2ns7HHQrpER8owIlarCV+3wVjRfUvU/6
EMjcSThI4qGHFhSdRTCwZ7H7c26OwDKoXksjZUXNTz3etcbr5lBio6BqsfaCT9YM
eAuLsu0XYIPI48vO6uF5tLoo5uT8wGifa9CFJiNFH7cXlGdTw0kBfQIDAQABMA0G
CSqGSIb3DQEBCwUAA4ICAQBrL4zXc5T41CUlvJS84/fXy15nCcXEGKRKMuJJYuRb
GnAlmhcFHaqtGFZrKNVq8Ois1WVtp7yV3OFRDXVf2NQZVmZRjbTKTOMrISxdnxkz
OTitZhgm8/dIssyM9QI6uVn/AZnI4tV2tUCrbt48F40RKQH2GZJz2yQAfoXA/MVG
2cPzi03BglEgM4kV3F7o78DDOiXfY5RZNR3mXSOTMjqjHQ4W6c4QM15DYp+ZH20k
lEYSINAO6Es5ng570OJYrpsED1l1qkjpw0hsdmIHmGIzCx+pLcHT9yBYYAVNzOPy
lfta0c4F5kuUGGnZlkfov4veczXoXTcTjcBbUehnUHo5fzhzpWaN2H2MD+b6r7Q4
EPqfZLY34p39Gcm9/SczlB0p4httnW/0VpxgskcDA1NIc0S6ZoBQvlphaIIyFhG1
J0Ep1fzaKQXkqgAG0opq1k8pVK5ZPHCUWRqoMkiQUf3d0XdXQ7WYpyDVJGvaOyiw
RVrR0yRZKV320H4v2kTP6wiG2zgq/4aVAXLpkFDesoE8HNna/pWPtoi/ssVGnLGE
u4dLH6RoA3Z+BumUXKWfuFH26EgRGRvNf866bWCMCzSETrUoh7ky56IPVCMkwZft
MTwdvR5re+KFq89iK6E2SjUPHPCG3L2q4fsxRHD/zMgSKvZ70ZqH0q8cnLBgoQ87
AQ==
-----END CERTIFICATE-----

View file

@ -1,34 +1,34 @@
-----BEGIN CERTIFICATE-----
MIIF1zCCA78CCQCA8T/OXbv3EDANBgkqhkiG9w0BAQsFADCBtzELMAkGA1UEBhMC
UEwxFDASBgNVBAgMC01hem93aWVja2llMREwDwYDVQQHDAhXYXJzemF3YTEuMCwG
A1UECgwlU3Rvd2FyenlzemVuaWUgV2Fyc3phd3NraSBIYWNrZXJzcGFjZTEQMA4G
A1UECwwHaHNjbG91ZDEaMBgGA1UEAwwRQm9vdHN0cmFwIE5vZGUgQ0ExITAfBgkq
hkiG9w0BCQEWEnEza0BoYWNrZXJzcGFjZS5wbDAeFw0xOTAxMTIyMTMwMDZaFw0x
OTAyMTEyMTMwMDZaMIGiMQswCQYDVQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNr
aWUxFDASBgNVBAcMC01hem93aWVja2llMR4wHAYDVQQKDBVzeXN0ZW06a3ViZS1z
Y2hlZHVsZXIxJzAlBgNVBAsMHkt1YmVybmV0ZXMgQ29tcG9uZW50IHNjaGVkdWxl
cjEeMBwGA1UEAwwVc3lzdGVtOmt1YmUtc2NoZWR1bGVyMIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEAnnIWVbnVbV2s7QDs/VSKPApWCYxQo2Px69DAfqbT
qOkZRdMoydA9ogbaIFOcwKu5s4ipQug8tj4Fmq7ONAszAcvyNzvGXeS6t0eHFwwN
jJVMwSV3yKH/gVPwAcG3pSfMlijf8ZFlg3hA/i2jSmnlec9S+9Y1egnP7r00/WRl
NsmX4zE50WECOgAauPYbnQRih7psfMF+CTPUEbsgdrrpmHeRh1j8hr/AkrRQ7EHa
r7gMxaDV2LpVNRGeCnvO/z+r9pEPF/6dWdTCGTDL5x8Zzohn70u0wjtjMxPo34ij
2WRtBpMOYW8PnDbuv9bEOrqRzpc9CMzA223mhgRFPRHVVyqgXPOGxfqnEdWV2/3a
F3BIUUTJ1Tn+VE83Uv6vEjs1N2UNngrsLQyrg/bWpAu+gM57b09t90JmpcdHOia9
EbRfS43ADy2LaLElpULNWYRcbFUznAuGIsUfluf9Ujl6OM3fneZq254YxOp+g5ss
tsY3XFqoQdkwO7mkBQvDPVD4lKw3EEFx2WsjT0lLXX8G1Lcvo6T8ParKkiscZ1eQ
UkdUhEGiI3hOk+xBkcq5xOnDNqGiz9t98eMLF6oZ3Y5oFkyxU/le7x2z70YJiKI7
G+qaQ3azd0nCcpph6z09g0Quh6otIHZMBLvXELB0+sO6Quxg8vWCjCaReXuuHnWr
ThUCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAPTxRtV38O3JIMc+S079MdiUVOv5D
XOp92Uea1IURjg9oPVAkaiFsyr4DNdoMa+J3qaTPoHX4D1DobDzWteUOkJuMqNBg
SD/v5AZrkVvzH9jycfk7Qoqks5rlB7e0Hxj8/yyuJMzfiQBLnaJYf9sJ0jVixnxb
nzS2/V6FRMPIpaRZkp46IxfIVtXsFGleapWTIDm5iPBR2JDO3iDhe4wsEK140mHm
tTR/DLcbTXE5A/kG/JVOoKp980UUz6y0dkN7IZb2dDLMGlAynduzy9gFGmjMzsDu
m5Tt8tFfq1ur3Ppl7rWKGuiYVaN2tE18xhyx/hnfrGuWat5P+cGAAKi4aD+NEiIQ
dL5oO8vrQjCZ15gojbRS20TDy4jXeTj5xqhimezBK3I92IJt86kslqPZAWLrHVxy
OzI6yQryTvAQvfCQPvVsCt5nPIMOSOeYEXZ+PnV4XQDTKLu8pK0VyMqZQTQXcUtz
87emAel3nuVRpazqJXCPElE1Afq4iFNpRsjbPc+1cW/iG0mMAS/0LzlnkZop+t6I
5N7EvjOUSUldq9lECmBMQV3mIkG/joOOM0KdI1h3zogtoblpwmp77SJZ2vUFR89q
+rwwIkElLFzfh55uytQnZXjIqBOXcOSBC8kMEleMLa9IPNms6gkP7Co4wwHbMSTQ
g1RPicE/VHOS/rQ=
MIIF2TCCA8GgAwIBAgIJAIDxP85du/cmMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD
VQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNraWUxETAPBgNVBAcMCFdhcnN6YXdh
MS4wLAYDVQQKDCVTdG93YXJ6eXN6ZW5pZSBXYXJzemF3c2tpIEhhY2tlcnNwYWNl
MRAwDgYDVQQLDAdoc2Nsb3VkMRowGAYDVQQDDBFCb290c3RyYXAgTm9kZSBDQTEh
MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzE5NDU0
NFoXDTIwMDExMzE5NDU0NFowgZ8xCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv
d2llY2tpZTERMA8GA1UEBwwIV2Fyc3phd2ExHjAcBgNVBAoMFXN5c3RlbTprdWJl
LXNjaGVkdWxlcjEnMCUGA1UECwweS3ViZXJuZXRlciBDb21wb25lbnQgc2NoZWR1
bGVyMR4wHAYDVQQDDBVzeXN0ZW06a3ViZS1zY2hlZHVsZXIwggIiMA0GCSqGSIb3
DQEBAQUAA4ICDwAwggIKAoICAQCechZVudVtXaztAOz9VIo8ClYJjFCjY/Hr0MB+
ptOo6RlF0yjJ0D2iBtogU5zAq7mziKlC6Dy2PgWars40CzMBy/I3O8Zd5Lq3R4cX
DA2MlUzBJXfIof+BU/ABwbelJ8yWKN/xkWWDeED+LaNKaeV5z1L71jV6Cc/uvTT9
ZGU2yZfjMTnRYQI6ABq49hudBGKHumx8wX4JM9QRuyB2uumYd5GHWPyGv8CStFDs
QdqvuAzFoNXYulU1EZ4Ke87/P6v2kQ8X/p1Z1MIZMMvnHxnOiGfvS7TCO2MzE+jf
iKPZZG0Gkw5hbw+cNu6/1sQ6upHOlz0IzMDbbeaGBEU9EdVXKqBc84bF+qcR1ZXb
/doXcEhRRMnVOf5UTzdS/q8SOzU3ZQ2eCuwtDKuD9takC76AzntvT233Qmalx0c6
Jr0RtF9LjcAPLYtosSWlQs1ZhFxsVTOcC4YixR+W5/1SOXo4zd+d5mrbnhjE6n6D
myy2xjdcWqhB2TA7uaQFC8M9UPiUrDcQQXHZayNPSUtdfwbUty+jpPw9qsqSKxxn
V5BSR1SEQaIjeE6T7EGRyrnE6cM2oaLP233x4wsXqhndjmgWTLFT+V7vHbPvRgmI
ojsb6ppDdrN3ScJymmHrPT2DRC6Hqi0gdkwEu9cQsHT6w7pC7GDy9YKMJpF5e64e
datOFQIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQC4VNkClOS7qFz6JKSkCWsPNGYl
SZHihD/O4Nrd6pNhYgAeOJgRuEzbud7W214SjxIbhaZGIdRDiaYrSfaVrL0DiWso
5NVIyG0h0e9DBojSEG8CjzGNjzbe2JfsqdwwbKVwbNw1WnfiUd+JvLuefTgUXhAH
K2MZbqw11JUJQw+JNS8TXYRwBrii7Fb9mf1/mG6x1iiL+LYTur2WqD0X/d2VXoY5
r2kGlnZetjWjG0Bo4QmTws1FzbzPv/+GYycG3WFRuK3q8h0COZOfUPT3Q/prbXmT
hgRtxRecVj7jAm2Xh3eHJyXhPbDnnbTnV2DTDqQ4ADGckRAur3rYwHK0sp4fSkDV
rz8mRg7AWW+MCn7D4hRh/XVKE4+kAB8kfl1sstZhMIEUITvJBHeFDAu+w9PfrMxm
Z2R7ulGVgexKHLqfjufGQMZlYgeqFr+ZJgl+4xFZvnz/x9vKuDYnHubmr99gAyJY
hx6PFrERiymUbDqsP60KzL0Weez6VDKME5SxJwhy9ZFXWq+PkK7urVNvk3fpf3vt
plCq3Z0dV35hcE51PPEO2W5DV+8gofDtfjwn1njqtohBrArSwtbZGzzWlmbBqF4W
kjEPdf1xib1wJHy6FW/jWnELFqsUzpWpLtTHOXJdoliH8KFdcQVqxf/uBi7riYas
gBStDZ7N+bB3HknHew==
-----END CERTIFICATE-----

View file

@ -1,33 +1,34 @@
-----BEGIN CERTIFICATE-----
MIIFrjCCA5YCCQCA8T/OXbv3FTANBgkqhkiG9w0BAQsFADCBtzELMAkGA1UEBhMC
UEwxFDASBgNVBAgMC01hem93aWVja2llMREwDwYDVQQHDAhXYXJzemF3YTEuMCwG
A1UECgwlU3Rvd2FyenlzemVuaWUgV2Fyc3phd3NraSBIYWNrZXJzcGFjZTEQMA4G
A1UECwwHaHNjbG91ZDEaMBgGA1UEAwwRQm9vdHN0cmFwIE5vZGUgQ0ExITAfBgkq
hkiG9w0BCQEWEnEza0BoYWNrZXJzcGFjZS5wbDAeFw0xOTAxMTIyMjA4MTBaFw0x
OTAyMTEyMjA4MTBaMHoxCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpvd2llY2tp
ZTEUMBIGA1UEBwwLTWF6b3dpZWNraWUxJDAiBgNVBAoMG0t1YmVybmV0ZXMgU2Vy
dmljZSBBY2NvdW50czEZMBcGA1UEAwwQc2VydmljZS1hY2NvdW50czCCAiIwDQYJ
KoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVIKq5dWNAA1Q0giQYWCyCsIrGoXiBP
WzEhwOeyjKdwReex2p9gCffK+LSIRmrQnAyQCFYj2T2gBXgM5beEwGupZlSNGcc/
BTCh7C9TCoJnKM7OEVLLLYTaISrvJ+tmSDFVUch1QyirXv3+NFFrx+T+hSaqKJA1
bL/+rpVfUBJft6WHigp/BEwXCd/q9A7tZSbbCqVtg0doaOJcMxW4ZTLHxcb8XRzV
isBA8g/Hm9ToZVX5Cl2XfwT/AMhQJL9E+aXwzZDl4GWOjY9eGvbq07Y5C467lQG/
ODh7uTWsQqwyXBBIBMHY8hXIs1CtY3rNS4jalXY5QTo6t6Fkjqqlnd6j5AmLj3pC
uJl5nq0ufOg89rD1AgkbTdKLbk+NPunVQsTHsRDY45wEFeNShAXUoOSqionkYSoD
aJ79T0WGhsVRpCmqJmw5ZgbTy72gRHM2cr6HTnteMuxuWh0GLh3bH6gsWLSrZX/N
vrK2zeMeJxMTIBcKQ6rerqkV3s3xhRtJTk6DwGCTorM+hJsqWDovy20PBddBE2Xj
/UJHr7XuEUIQKgpFUq9N45fQ7tGX+tpakvlaYFmiGloN9B9WlEE40Lin0rvdueUr
s/UTfwOutY7iQ7vGuYYXQq5FdULMFmeAb7x2kckwGDsLIfRa/dmatwSBvStHBZiP
wtjvURDM7YPZAgMBAAEwDQYJKoZIhvcNAQELBQADggIBAAwmZd6/Z6uOcrswDZbx
IK3M+l8e+xJUP+4ARZK9Of98tI4yCFQko3qWapi6pSDpMU/kvLxrj606e6NzoNoQ
VFnnrZSeq7a5nPDBoid1OzPViI64xcfSdnVmE9uGhmLKaZY2GLtD3v8Qy7jBeJOZ
xff83E5d2NWbbraXVe9PdFvUd4k6cNKeAUpyV+yr4P58MyNLD/kS3f2WNqz9sduN
ZouZ/MRkS8vG/nam/G8v9FXSVXekXUHU0I+Ar2jrhEfWdA9viCTCJZRHL8jasIpz
KBDHLa2Ywv8oGe4yxgEiGlSOM697tQUwV9MPT8H8O46Lm4/ZbkxRlsHRvjd5qCKA
tPmnGlAK7m2fXDQLHhXVy5dKuuZplsVn6+ieymQ31v86sMaSGYE+Zg9ynWlbwRnI
TbutwuONEEaucAkICf3gNV87kSL4BICpNmyRGuUnSNQscHnn3+0Px5qRLggl0zOc
N5JfyY+oPPoFfop7TE/pDPEhpLyojXtcAebNGxfja6w2VpG7xO7KFIKIEZ/jrmcY
D7XDoXPxn8KtoHNQkjayken75867J67yEftYELHHkD1kM+5V3ZxiiyNC2KDGwjHD
SMgCI1QacFCLz0+aCyvhhdsCYUYO9T2DZXzTpXcBGbod2LkTRI92kyIPKldLLwSx
7kgCUIUpS2PS4gElXF0QAPJp
MIIF5zCCA8+gAwIBAgIJAIDxP85du/coMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD
VQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNraWUxETAPBgNVBAcMCFdhcnN6YXdh
MS4wLAYDVQQKDCVTdG93YXJ6eXN6ZW5pZSBXYXJzemF3c2tpIEhhY2tlcnNwYWNl
MRAwDgYDVQQLDAdoc2Nsb3VkMRowGAYDVQQDDBFCb290c3RyYXAgTm9kZSBDQTEh
MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzE5NDU0
NVoXDTIwMDExMzE5NDU0NVowga0xCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv
d2llY2tpZTERMA8GA1UEBwwIV2Fyc3phd2ExLjAsBgNVBAoMJVN0b3dhcnp5c3pl
bmllIFdhcnN6YXdza2kgSGFja2Vyc3BhY2UxKjAoBgNVBAsMIUt1YmVybmV0ZXMg
U2VydmljZSBBY2NvdW50IFNpZ25lcjEZMBcGA1UEAwwQc2VydmljZS1hY2NvdW50
czCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVIKq5dWNAA1Q0giQYW
CyCsIrGoXiBPWzEhwOeyjKdwReex2p9gCffK+LSIRmrQnAyQCFYj2T2gBXgM5beE
wGupZlSNGcc/BTCh7C9TCoJnKM7OEVLLLYTaISrvJ+tmSDFVUch1QyirXv3+NFFr
x+T+hSaqKJA1bL/+rpVfUBJft6WHigp/BEwXCd/q9A7tZSbbCqVtg0doaOJcMxW4
ZTLHxcb8XRzVisBA8g/Hm9ToZVX5Cl2XfwT/AMhQJL9E+aXwzZDl4GWOjY9eGvbq
07Y5C467lQG/ODh7uTWsQqwyXBBIBMHY8hXIs1CtY3rNS4jalXY5QTo6t6Fkjqql
nd6j5AmLj3pCuJl5nq0ufOg89rD1AgkbTdKLbk+NPunVQsTHsRDY45wEFeNShAXU
oOSqionkYSoDaJ79T0WGhsVRpCmqJmw5ZgbTy72gRHM2cr6HTnteMuxuWh0GLh3b
H6gsWLSrZX/NvrK2zeMeJxMTIBcKQ6rerqkV3s3xhRtJTk6DwGCTorM+hJsqWDov
y20PBddBE2Xj/UJHr7XuEUIQKgpFUq9N45fQ7tGX+tpakvlaYFmiGloN9B9WlEE4
0Lin0rvdueUrs/UTfwOutY7iQ7vGuYYXQq5FdULMFmeAb7x2kckwGDsLIfRa/dma
twSBvStHBZiPwtjvURDM7YPZAgMBAAEwDQYJKoZIhvcNAQELBQADggIBAFm01HCY
EEbzh4zAENHSdqDmwkbt58f8KpLLmS03nl1S3E0CiujnuR+exkOx5Kgb9TB9KbBK
/sa9ewNRFvIDMZp3rmIcW1iruQta6KgSBOJeWP1SCgLXQPWHhZ9gak3gaCUZEztD
UMwdnHD0pcAfghw5BTvVpc1t3DKFZ4HeLaBIXPgLQEzEuBDKfNwHc/2QLmFKIcLB
nQNtz4gGGAgR51Wzpju4fj5qCG+nj2q8dL3mkUiXj1E0eVTkVqFx7vYz0c7kUbjQ
fh4nBCva1hnHF38lb9nAQe1nraR3Yi52rbJrtcI0avDeIhPJo3dulU29zen/uk5O
6JLTCidYuHFD2025VEv9eeAegZVq3FigghBtMT6nv4Lgg5HGcZGKJ27zDzfOYwkP
NqjDCUOzBjRp6p6yIErr2w1k43mX+UABu8M7cQ5jvHeOgRAvLe3HmdYoKz75Ii1k
Zsj2Zwfy5rSJavIhzoJFGWkyYskJZmzUD7bQIMizWIx09mrwwXcisHuFxNTej1J0
ZhY32/kAlXnBvyqEtxQfr0VtN3UYurjSXgWzWiqiM/TvsGt05RQ9jEebCSZf99f4
nFGBYrQhbtKjchdebRbpZ17aVa6J3xYO2pu3/YIy3h+HPsWgv/velvBBafNknWt6
0vrLPy6Q8MtE6cC6JAEiIGHJU+PjMBVr3P0b
-----END CERTIFICATE-----

1
cluster/secrets/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
plain

View file

@ -1,3 +0,0 @@
*
!.gitignore
!cipher/

200
env.sh
View file

@ -5,7 +5,7 @@ if [ "$0" == "$BASH_SOURCE" ]; then
exit 1
fi
hscloud_root="$( cd "$(dirname "$BASH_SOURCE")"; pwd -P )"
export hscloud_root="$( cd "$(dirname "$BASH_SOURCE")"; pwd -P )"
if [ ! -f "$hscloud_root/WORKSPACE" ]; then
echo "Could not find WORKSPACE"
@ -16,200 +16,6 @@ hscloud_path="$hscloud_root/bazel-bin/tools"
[[ ":$PATH:" != *":$hscloud_path:"* ]] && PATH="$hscloud_path:${PATH}"
# legacy crap follows
hscloud-dc() {
( cd "$hscloud_root" && docker-compose -f "docker/docker-compose.yml" "$@" )
}
hscloud-pki-dev() {
(
set -e
cd "$hscloud_root"
rm -rf docker/pki
cp -rv go/pki/dev-certs docker/pki
cd docker/pki
bash gen.sh m6220-proxy arista-proxy cmc-proxy topo client
ls *pem
)
}
# Generate a per-node certificate remotely on the node.
hscloud-node-remote-cert() {
(
set -e
if [ -z "$1" ] || [ -z "$2" ] || [ -x "$3" ]; then
echo >&2 "Usage: hscloud-node-remote-cert node.fqdn.com certname subj"
exit 1
fi
fqdn="$1"
certname="$2"
subj="$3"
echo "Node: ${fqdn}; Cert: ${certname}"
echo "Checking node livenes..."
ssh root@$fqdn uname -a
echo "Checking if node already has key..."
ssh root@$fqdn stat /opt/hscloud/${certname}.key || (
echo "Generating key..."
ssh root@$fqdn -- mkdir -p /opt/hscloud
ssh root@$fqdn -- nix-shell -p openssl --command "\"openssl genrsa -out /opt/hscloud/${certname}.key 4096\""
ssh root@$fqdn -- chmod 400 /opt/hscloud/${certname}.key
)
echo "Checking if node already has cert..."
ssh root@$fqdn stat /opt/hscloud/${certname}.crt && exit 0
echo "No cert, will generate..."
cd "$hscloud_root"
secrets="$hscloud_root/secrets"
ca="$secrets/ca.key"
[ ! -f "$ca" ] && ( scripts/secretstore decrypt "$secrets/cipher/ca.key" > $ca )
cp data/openssl.cnf san.cnf
echo -ne "\n[SAN]\nsubjectAltName=DNS:${fqdn}" >> san.cnf
scp san.cnf root@$fqdn:/opt/hscloud/san.cnf
ssh root@$fqdn -- nix-shell -p openssl --command "\"openssl req -new -key /opt/hscloud/${certname}.key -out /opt/hscloud/${certname}.csr -subj '${subj}' -config /opt/hscloud/san.cnf -reqexts SAN\""
scp root@$fqdn:/opt/hscloud/${certname}.csr ${fqdn}-${certname}.csr
openssl x509 -req \
-in ${fqdn}-${certname}.csr \
-CA data/ca.crt \
-CAkey "$ca" -CAcreateserial \
-out "data/${fqdn}-${certname}.crt" \
-extensions SAN -extfile san.cnf
scp "data/${fqdn}-${certname}.crt" root@$fqdn:/opt/hscloud/${certname}.crt
scp "data/ca.crt" root@$fqdn:/opt/hscloud/ca.crt
ssh root@$fqdn -- chmod 444 /opt/hscloud/${certname}.crt /opt/hscloud/ca.crt
rm ${fqdn}-${certname}.csr
rm san.cnf
)
}
# Generate locally (if not present) a shared certificate, and upload it to the node
hscloud-node-shared-cert() {
(
set -e
if [ -z "$1" ] || [ -z "$2" ] || [ -x "$3" ]; then
echo >&2 "Usage: hscloud-node-shared-cert node.fqdn.com certname subj"
exit 1
fi
fqdn="$1"
certname="$2"
subj="$3"
cd "$hscloud_root"
secrets="$hscloud_root/secrets"
keyfile="$secrets/$certname.key"
cert="$hscloud_root/data/$certname.crt"
csr="$hscloud_root/data/$certname.csr"
ca="$secrets/ca.key"
[ ! -f "$ca" ] && ( scripts/secretstore decrypt "$secrets/cipher/ca.key" > $ca )
echo "Checking if key exists..."
if [ ! -f "$keyfile" ]; then
echo "No key, trying to decrypt..."
if ! scripts/secretstore decrypt "$secrets/cipher/$certname.key" > "$keyfile" ; then
echo "No encrypted key, generating..."
openssl genrsa -out $keyfile 4096
echo "Encrypting..."
scripts/secretstore encrypt "$keyfile" > "$secrets/cipher/$certname.key"
fi
fi
echo "Checking if cert exists..."
if [ ! -f "$cert" ]; then
echo "No cert, generating..."
rm -f "${csr}"
openssl req -new -key "${keyfile}" -out "${csr}" -subj "${subj}"
openssl x509 -req -in "${csr}" -CA data/ca.crt -CAkey "$ca" -CAcreateserial -out "${cert}"
fi
echo "Copying certificate to node..."
scp "${cert}" root@$fqdn:/opt/hscloud/${certname}.crt
scp "${keyfile}" root@$fqdn:/opt/hscloud/${certname}.key
ssh root@$fqdn -- chmod 444 /opt/hscloud/${certname}.crt
ssh root@$fqdn -- chmod 400 /opt/hscloud/${certname}.key
)
}
hscloud-node-certs() {
(
set -e
if [ -z "$1" ]; then
echo >&2 "Usage: hscloud-node-certs node.fqdn.com"
exit 1
fi
fqdn="$1"
hscloud-node-remote-cert ${fqdn} node "/C=PL/ST=Mazowieckie/L=Mazowieckie/O=Stowarzyszenie Warszawski Hackerspace/OU=Node Bootstrap Certificate/CN=\"$fqdn\""
hscloud-node-remote-cert ${fqdn} kube-node "/C=PL/ST=Mazowieckie/L=Mazowieckie/O=system:nodes/OU=Kubernetes Node Certificate/CN=system:node:\"$fqdn\""
for component in controller-manager proxy scheduler; do
hscloud-node-shared-cert ${fqdn} kube-${component} "/C=PL/ST=Mazowieckie/L=Mazowieckie/O=system:kube-${component}/OU=Kubernetes Component ${component}/CN=system:kube-${component}"
done
hscloud-node-shared-cert ${fqdn} kube-apiserver "/C=PL/ST=Mazowieckie/L=Mazowieckie/O=Kubernetes API/CN=k0.hswaw.net"
hscloud-node-shared-cert ${fqdn} kube-serviceaccounts "/C=PL/ST=Mazowieckie/L=Mazowieckie/O=Kubernetes Service Accounts/CN=service-accounts"
)
}
hscloud-k8s-config() {
(
set -e
if [ -z "$1" ]; then
echo >&2 "Usage: hscloud-k8s-config username"
exit 1
fi
username="$1"
cd "$hscloud_root"
mkdir -p .kubectl
cert="$hscloud_root/.kubectl/client.crt"
csr="$hscloud_root/.kubectl/client.csr"
keyfile="$hscloud_root/.kubectl/client.key"
secrets="$hscloud_root/secrets"
ca="$secrets/ca.key"
if [ ! -f "$keyfile" ]; then
echo "Generating ${keyfile}..."
openssl genrsa -out $keyfile 4096
rm -f "$cert"
fi
if [ ! -f "$cert" ]; then
echo "Signing ${cert}..."
[ ! -f "$ca" ] && ( scripts/secretstore decrypt "$secrets/cipher/ca.key" > $ca )
openssl req -new -key "${keyfile}" -out "${csr}" -subj "/C=PL/ST=Mazowieckie/O=system:masters/OU=Kubernetes Admin Account for ${username}/CN=${username}"
openssl x509 -req -in "${csr}" -CA data/ca.crt -CAkey "$ca" -CAcreateserial -out "${cert}"
fi
kubeconfig="$hscloud_root/.kubectl/client.kubeconfig"
echo "Generating ${kubeconfig}..."
rm -rf ${kubeconfig}
kubectl config set-cluster k0.hswaw.net \
--certificate-authority=${hscloud_root}/data/ca.crt \
--embed-certs=true \
--server=https://k0.hswaw.net:4001 \
--kubeconfig=${kubeconfig}
kubectl config set-credentials ${username} \
--client-certificate=${cert} \
--client-key=${keyfile} \
--embed-certs=true \
--kubeconfig=${kubeconfig}
kubectl config set-context default \
--cluster=k0.hswaw.net \
--user=${username} \
--kubeconfig=${kubeconfig}
kubectl config use-context default --kubeconfig=${kubeconfig}
)
gpg-unlock() {
echo "test" | gpg2 --sign --batch --no-tty -o /dev/null
}

12
requirements.txt Normal file
View file

@ -0,0 +1,12 @@
asn1crypto==0.24.0
bcrypt==3.1.5
cffi==1.11.5
cryptography==2.4.2
fabric==2.4.0
idna==2.8
invoke==1.2.0
paramiko==2.4.2
pyasn1==0.4.5
pycparser==2.19
PyNaCl==1.3.0
six==1.12.0

View file

@ -1,25 +1,36 @@
load("@bazel_tools//tools/build_defs/pkg:pkg.bzl", "pkg_tar", "pkg_deb")
load("@py_deps//:requirements.bzl", "requirement")
load("//bzl:rules.bzl", "copy_go_binary")
py_binary(
name = "secretstore",
srcs = ["secretstore.py"],
visibility = ["//visibility:public"],
)
py_binary(
name = "clustercfg",
srcs = ["clustercfg.py"],
visibility = ["//visibility:public"],
deps = [
requirement("fabric"),
],
)
py_binary(
name = "pass",
srcs = ["pass.py"],
visibility = ["//visibility:public"],
)
copy_go_binary(
name = "kubectl",
src = "@io_k8s_kubernetes//cmd/kubectl:kubectl",
visibility = ["//visibility:public"],
)
copy_go_binary(
name = "kubecfg",
src = "@com_github_ksonnet_kubecfg//:kubecfg",
)
filegroup(
name = "tools",
srcs = [
":secretstore",
":kubectl",
":kubecfg",
],
visibility = ["//visibility:public"],
)

352
tools/clustercfg.py Normal file
View file

@ -0,0 +1,352 @@
#!/usr/bin/env python
from builtins import object
import datetime
from io import BytesIO
import logging
import os
import tempfile
import subprocess
import sys
from cryptography import x509
from cryptography.hazmat.backends import default_backend
import fabric
import secretstore
cluster = 'k0.hswaw.net'
remote_root = '/opt/hscloud'
local_root = os.getenv('hscloud_root')
if local_root is None:
raise Exception("Please source env.sh")
logger = logging.getLogger(__name__)
logger.setLevel(logging.DEBUG)
logger.addHandler(logging.StreamHandler())
def decrypt(base):
src = os.path.join(local_root, 'cluster/secrets/cipher', base)
dst = os.path.join(local_root, 'cluster/secrets/plain', base)
secretstore.decrypt(src, dst)
class PKI(object):
def __init__(self):
self.cacert = os.path.join(local_root, 'cluster/certs/ca.crt')
self.cakey = os.path.join(local_root, 'cluster/secrets/plain/ca.key')
if not os.path.exists(self.cakey):
decrypt('ca.key')
def sign(self, csr, crt, conf, days=365):
logger.info('pki: signing {} for {} days'.format(csr, days))
subprocess.check_call([
'openssl', 'x509', '-req',
'-in', csr,
'-CA', self.cacert,
'-CAkey', self.cakey,
'-out', crt,
'-extensions', 'SAN', '-extfile', conf,
'-days', str(days),
])
class Subject(object):
hswaw = "Stowarzyszenie Warszawski Hackerspace"
def __init__(self, o, ou, cn):
self.c = 'PL'
self.st = 'Mazowieckie'
self.l = 'Warszawa'
self.o = o
self.ou = ou
self.cn = cn
@property
def parts(self):
return {
'C': self.c,
'ST': self.st,
'L': self.l,
'O': self.o,
'OU': self.ou,
'CN': self.cn,
}
def __str__(self):
parts = self.parts
res = []
for p in ['C', 'ST', 'L', 'O', 'OU', 'CN']:
res.append('/{}={}'.format(p, parts[p]))
return ''.join(res)
def _file_exists(c, filename):
res = c.run('stat "{}"'.format(filename), warn=True, hide=True)
return res.exited == 0
def openssl_config(san):
with open(os.path.join(local_root, 'cluster/openssl.cnf'), 'rb') as f:
config = BytesIO(f.read())
config.seek(0, 2)
config.write(b'\n[SAN]\n')
for s in san:
config.write('subjectAltName=DNS:{}\n'.format(s).encode())
f = tempfile.NamedTemporaryFile(delete=False)
path = f.name
f.write(config.getvalue())
f.close()
return path
def remote_cert(pki, c, fqdn, cert_name, subj, san=[], days=365):
logger.info("{}/{}: remote cert".format(fqdn, cert_name))
remote_key = os.path.join(remote_root, '{}.key'.format(cert_name))
remote_cert = os.path.join(remote_root, '{}.crt'.format(cert_name))
remote_csr = os.path.join(remote_root, '{}.csr'.format(cert_name))
remote_config = os.path.join(remote_root, 'openssl.cnf')
generate_cert = False
if not _file_exists(c, remote_key):
logger.info("{}/{}: generating key".format(fqdn, cert_name))
c.run('openssl genrsa -out "{}" 4096'.format(remote_key), hide=True)
genereate_cert = True
b = BytesIO()
try:
c.get(local=b, remote=remote_cert)
cert = x509.load_pem_x509_certificate(b.getvalue(), default_backend())
delta = cert.not_valid_after - datetime.datetime.now()
logger.info("{}/{}: existing cert expiry: {}".format(fqdn, cert_name, delta))
if delta.total_seconds() < 3600 * 24 * 60:
logger.info("{}/{}: expires soon, regenerating".format(fqdn, cert_name))
generate_cert = True
except (FileNotFoundError, ValueError):
generate_cert = True
if not generate_cert:
return False
local_config = openssl_config(san)
c.put(local=local_config, remote=remote_config)
c.run("""
nix-shell -p openssl --command "openssl req -new -key {remote_key} -out {remote_csr} -subj '{subj}' -config {remote_config} -reqexts SAN"
""".format(remote_key=remote_key, remote_csr=remote_csr, subj=str(subj), remote_config=remote_config))
local_csr_f = tempfile.NamedTemporaryFile(delete=False)
local_csr = local_csr_f.name
local_csr_f.close()
local_cert = os.path.join(local_root, 'cluster/certs', '{}-{}.crt'.format(fqdn, cert_name))
c.get(local=local_csr, remote=remote_csr)
pki.sign(local_csr, local_cert, local_config, days)
c.put(local=local_cert, remote=remote_cert)
os.remove(local_csr)
os.remove(local_config)
return True
def shared_cert(pki, c, fqdn, cert_name, subj, san=[], days=365):
logger.info("{}/{}: shared cert".format(fqdn, cert_name))
local_key = os.path.join(local_root, 'cluster/secrets/plain', '{}.key'.format(cert_name))
local_cert = os.path.join(local_root, 'cluster/certs', '{}.crt'.format(cert_name))
remote_key = os.path.join(remote_root, '{}.key'.format(cert_name))
remote_cert = os.path.join(remote_root, '{}.crt'.format(cert_name))
generate_cert = False
if not os.path.exists(local_key):
try:
decrypt('{}.key'.format(cert_name))
except subprocess.CalledProcessError:
logger.info("{}/{}: generating key".format(fqdn, cert_name))
subprocess.check_call([
'openssl', 'genrsa', '-out', local_key, '4096',
])
generate_cert = True
if os.path.exists(local_cert):
with open(local_cert, 'rb') as f:
b = f.read()
cert = x509.load_pem_x509_certificate(b, default_backend())
delta = cert.not_valid_after - datetime.datetime.now()
logger.info("{}/{}: existing cert expiry: {}".format(fqdn, cert_name, delta))
if delta.total_seconds() < 3600 * 24 * 60:
logger.info("{}/{}: expires soon, regenerating".format(fqdn, cert_name))
generate_cert = True
else:
generate_cert = True
if not generate_cert:
return False
local_csr_f = tempfile.NamedTemporaryFile(delete=False)
local_csr = local_csr_f.name
local_csr_f.close()
local_config = openssl_config(san)
subprocess.check_call([
'openssl', 'req', '-new',
'-key', local_key,
'-out', local_csr,
'-subj', str(subj),
'-config', local_config,
'-reqexts', 'SAN',
])
pki.sign(local_csr, local_cert, local_config, days)
c.put(local=local_key, remote=remote_key)
c.put(local=local_cert, remote=remote_cert)
os.remove(local_csr)
os.remove(local_config)
return True
def configure_k8s(username, ca, cert, key):
subprocess.check_call([
'kubectl', 'config',
'set-cluster', cluster,
'--certificate-authority=' + ca,
'--embed-certs=true',
'--server=https://' + cluster + ':4001',
])
subprocess.check_call([
'kubectl', 'config',
'set-credentials', username,
'--client-certificate=' + cert,
'--client-key=' + key,
'--embed-certs=true',
])
subprocess.check_call([
'kubectl', 'config',
'set-context', cluster,
'--cluster=' + cluster,
'--user=' + username,
])
subprocess.check_call([
'kubectl', 'config',
'use-context', cluster,
])
def admincreds(args):
if len(args) != 1:
sys.stderr.write("Usage: admincreds q3k\n")
return 1
username = args[0]
pki = PKI()
local_key = os.path.join(local_root, '.kubectl/admin.key')
local_cert = os.path.join(local_root, '.kubectl/admin.crt')
local_csr = os.path.join(local_root, '.kubectl/admin.csr')
generate_cert = False
if not os.path.exists(local_key):
subprocess.check_call([
'openssl', 'genrsa', '-out', local_key, '4096',
])
generate_cert = True
if os.path.exists(local_cert):
with open(local_cert, 'rb') as f:
b = f.read()
cert = x509.load_pem_x509_certificate(b, default_backend())
delta = cert.not_valid_after - datetime.datetime.now()
logger.info("admin: existing cert expiry: {}".format(delta))
if delta.total_seconds() < 3600 * 24:
logger.info("admin: expires soon, regenerating")
generate_cert = True
else:
generate_cert = True
if not generate_cert:
return configure_k8s(username, pki.cacert, local_cert, local_key)
local_config = openssl_config([])
subj = Subject('system:masters', "Kubernetes Admin Account for {}".format(username), username)
subprocess.check_call([
'openssl', 'req', '-new',
'-key', local_key,
'-out', local_csr,
'-subj', str(subj),
'-config', local_config,
'-reqexts', 'SAN',
])
pki.sign(local_csr, local_cert, local_config, 5)
os.remove(local_config)
configure_k8s(username, pki.cacert, local_cert, local_key)
def nodestrap(args):
if len(args) != 1:
sys.stderr.write("Usage: nodestrap bc01n01.hswaw.net\n")
return 1
fqdn = args[0]
logger.info("Nodestrapping {}...".format(fqdn))
c = fabric.Connection('root@{}'.format(fqdn))
p = PKI()
modified = False
modified |= remote_cert(p, c, fqdn, "node", Subject(Subject.hswaw, 'Node Certificate', fqdn))
modified |= remote_cert(p, c, fqdn, "kube-node", Subject('system:nodes', 'Kubelet Certificate', 'system:node:' + fqdn), san=[fqdn,])
for component in ['controller-manager', 'proxy', 'scheduler']:
o = 'system:kube-{}'.format(component)
ou = 'Kuberneter Component {}'.format(component)
modified |= shared_cert(p, c, fqdn, 'kube-{}'.format(component), Subject(o, ou, o))
modified |= shared_cert(p, c, fqdn, 'kube-apiserver', Subject(Subject.hswaw, 'Kubernetes API', cluster))
modified |= shared_cert(p, c, fqdn, 'kube-serviceaccounts', Subject(Subject.hswaw, 'Kubernetes Service Account Signer', 'service-accounts'))
if modified:
logger.info('{}: cert(s) modified, restarting services...'.format(fqdn))
services = [
'kubelet', 'kube-proxy',
'kube-apiserver', 'kube-controller-manager', 'kube-scheduler',
'etcd'
]
for s in services:
c.run('systemctl stop {}'.format(s))
for s in services[::-1]:
c.run('systemctl start {}'.format(s))
def usage():
sys.stderr.write("Usage: {} <nodestrap|admincreds>\n".format(sys.argv[0]))
def main():
if len(sys.argv) < 2:
usage()
return 1
mode = sys.argv[1]
if mode == "nodestrap":
return nodestrap(sys.argv[2:])
elif mode == "admincreds":
return admincreds(sys.argv[2:])
else:
usage()
return 1
if __name__ == '__main__':
sys.exit(main() or 0)

12
tools/install.sh Executable file
View file

@ -0,0 +1,12 @@
#!/usr/bin/env bash
if [ -z "$hscloud_root" ]; then
echo 2>&1 "Please first source env.sh"
exit 1
fi
cd "${hscloud_root}"
bazel build \
//tools:kubectl //tools:kubecfg //tools:clustercfg //tools:secretstore \
//tools:pass

6
tools/pass.py Normal file
View file

@ -0,0 +1,6 @@
#!/usr/bin/env python
# This is a fake `pass` to make docker-credential-helpers shut up.
import sys
sys.exit(1)

View file

@ -10,6 +10,18 @@ keys = [
"482FF104C29294AD1CAF827BA43890A3DE74ECC7", # inf
]
def encrypt(src, dst):
cmd = ['gpg' , '--encrypt', '--armor', '--batch', '--yes', '--output', dst]
for k in keys:
cmd.append('--recipient')
cmd.append(k)
cmd.append(src)
subprocess.check_call(cmd)
def decrypt(src, dst):
cmd = ['gpg', '--decrypt', '--output', dst, src]
subprocess.check_call(cmd)
def main():
if len(sys.argv) < 3 or sys.argv[1] not in ('encrypt', 'decrypt'):
sys.stderr.write("Usage: {} encrypt/decrypt file\n".format(sys.argv[0]))
@ -20,15 +32,9 @@ def main():
src = sys.argv[2]
if action == 'encrypt':
cmd = ['gpg' , '--encrypt', '--armor', '--batch', '--yes', '--output', '-']
for k in keys:
cmd.append('--recipient')
cmd.append(k)
cmd.append(src)
subprocess.check_call(cmd)
encrypt(src, '-')
else:
cmd = ['gpg', '--decrypt', '--output', '-', src]
subprocess.check_call(cmd)
decrypt(src, '-')
if __name__ == '__main__':
sys.exit(main() or 0)