| commit | a4ea9d03f1fb4248739392615967eaf07842e74b | [log] [tgz] |
|---|---|---|
| author | Lorenz Brun <lorenz@nexantic.com> | Thu Oct 31 11:40:30 2019 +0100 |
| committer | Lorenz Brun <lorenz@nexantic.com> | Thu Oct 31 11:40:30 2019 +0100 |
| tree | e2b8e2e3d9aa83ca7f650f2a0d972023869c1d3b | |
| parent | e47ace84cb3e30375dcb4236c17ee9710a77a6ad [diff] |
Added bootstrap CA This adds a self-contained CA for bootstrapping and securing etcd using certificates of infinite duration and a CRL for near-instant revocation. The bootstrapping problem is addressed by first generating the CA and issuing initial certificates and then injecting them once the consensus system is up and running. All files are also kept on the encrypted persistent data store to prevent the same bootstrapping problem when the node is already initialized. The CRL is synchronized using a sync loop on every node running the consensus service and distributed inside that. The CA uses Ed25519-based cryptography and identifies the hosts by their external hostname. Test Plan: Initial bootstrapping manually tested on a single node using a manual gRPC call for Setup() and openssl s_client for connecting to etcd. X-Origin-Diff: phab/D233 GitOrigin-RevId: bd67818b5b649b13e0c098e480059ef990826542
This is the monorepo storing all of nexantic's internal projects and libraries.
All builds should be executed using the shipped nexantic-dev container which is automatically built by the create script.
The container contains all necessary dependencies and env configurations necessary to get started right away.
Spinning up: scripts/create_container.sh
Spinning down: scripts/destroy_container.sh
Running commands: scripts/run_in_container.sh @
Using bazel: scripts/bin/bazel @