From f879c1cfaa14f0f1a8c5e5051fac1822c4efc9b4 Mon Sep 17 00:00:00 2001 From: Roman Zolotov Date: Tue, 12 Nov 2024 17:35:39 +0200 Subject: [PATCH 1/5] ADBDEV-6581: Add integration with Vault service - Add Vault service properties; - Add SSL properties; - Adjust pxf utils to work with https; - Create test environment with Vault service and SSL configuration --- automation/arenadata/Dockerfile | 8 +- automation/arenadata/README.md | 5 + automation/arenadata/build-images.sh | 5 + .../arenadata/conf/pxf-application.properties | 26 ++++ automation/arenadata/conf/ssl/certs/ca-cert | 30 ++++ .../arenadata/conf/ssl/certs/pxf-client.key | 32 ++++ .../arenadata/conf/ssl/certs/pxf-client.pem | 23 +++ automation/arenadata/conf/ssl/certs/pxf.jks | Bin 0 -> 7042 bytes automation/arenadata/docker-compose-ssl.yaml | 138 ++++++++++++++++++ .../arenadata/scripts/start_adb_cluster.sh | 97 ++++++++++-- automation/arenadata/vault/Dockerfile | 7 + .../arenadata/vault/certs/certificate.pem | 30 ++++ automation/arenadata/vault/certs/key.pem | 52 +++++++ .../vault/scripts/adb-only-policy.hcl | 3 + automation/arenadata/vault/scripts/vault.hcl | 15 ++ .../arenadata/vault/scripts/workflow-vault.sh | 97 ++++++++++++ .../vault/secrets/pxf/pxf-service.yml | 4 + cli/cmd/pxf.go | 27 +++- server/gradle.properties | 1 + server/pxf-service/build.gradle | 1 + .../src/main/resources/application.properties | 40 +++++ server/pxf-service/src/scripts/pxf | 22 ++- 22 files changed, 639 insertions(+), 24 deletions(-) create mode 100644 automation/arenadata/conf/pxf-application.properties create mode 100644 automation/arenadata/conf/ssl/certs/ca-cert create mode 100644 automation/arenadata/conf/ssl/certs/pxf-client.key create mode 100644 automation/arenadata/conf/ssl/certs/pxf-client.pem create mode 100644 automation/arenadata/conf/ssl/certs/pxf.jks create mode 100644 automation/arenadata/docker-compose-ssl.yaml create mode 100644 automation/arenadata/vault/Dockerfile create mode 100644 automation/arenadata/vault/certs/certificate.pem create mode 100644 automation/arenadata/vault/certs/key.pem create mode 100644 automation/arenadata/vault/scripts/adb-only-policy.hcl create mode 100644 automation/arenadata/vault/scripts/vault.hcl create mode 100755 automation/arenadata/vault/scripts/workflow-vault.sh create mode 100644 automation/arenadata/vault/secrets/pxf/pxf-service.yml diff --git a/automation/arenadata/Dockerfile b/automation/arenadata/Dockerfile index 9823378c82..8ca9a833f5 100644 --- a/automation/arenadata/Dockerfile +++ b/automation/arenadata/Dockerfile @@ -43,9 +43,10 @@ RUN set -eux; \ yum -y install /tmp/jdk-17.0.12_linux-x64_bin.rpm && \ rm -rf /tmp/jdk-17.0.12_linux-x64_bin.rpm; \ sed -i "s/JAVA_HOME=.*/JAVA_HOME=\$(readlink -f \/usr\/bin\/java | sed 's:bin\/java::')/g" /etc/profile.d/jdk_home.sh; \ + yum install -y ksh; \ ;; \ ubuntu*) \ - apt-get -y update && apt-get install -y unzip vim nano openjdk-17-jdk; \ + apt-get -y update && apt-get install -y unzip vim nano openjdk-17-jdk ksh; \ update-locale LANG=en_US.UTF-8; \ ;; \ esac; @@ -82,6 +83,9 @@ ENV PXF_HOME=/usr/local/greenplum-db-devel/pxf RUN localedef -c -i ru_RU -f CP1251 ru_RU.CP1251 RUN cp ${PXF_HOME}/templates/*-site.xml ${PXF_HOME}/servers/default/ +# Copy pxf-application.properties +COPY ./automation/arenadata/conf/pxf-application.properties ${PXF_HOME}/conf/pxf-application.properties + # Need to change ssh key to RSA for automation tests with Ubuntu RUN set -eux; \ . /etc/os-release; \ @@ -98,6 +102,6 @@ RUN set -eux; \ # Move libs to the destination folder RUN cp /tmp/libs/* ${PXF_HOME}/lib/ -RUN chmod a+x ./pxf_src/automation/arenadata/scripts/start_adb_cluster.sh +RUN chmod -R a+x ./pxf_src/automation/arenadata/scripts RUN chown -R gpadmin:gpadmin /usr/local/greenplum-db-devel ENTRYPOINT ["/home/gpadmin/pxf_src/automation/arenadata/scripts/start_adb_cluster.sh"] diff --git a/automation/arenadata/README.md b/automation/arenadata/README.md index a011ce21e4..34cb6be006 100644 --- a/automation/arenadata/README.md +++ b/automation/arenadata/README.md @@ -49,3 +49,8 @@ docker-compose exec mdw sudo -H -u gpadmin bash -l -c 'pushd $TEST_HOME && make cd pxf/automation/arenadata/hadoop/ docker build -f Dockerfile -t cloud-hub.adsw.io/library/pxf-hadoop:3.1.3 . ``` + +### Run PXF with SSL +```shell +docker-compose -f docker-compose-ssl.yaml up -d +``` \ No newline at end of file diff --git a/automation/arenadata/build-images.sh b/automation/arenadata/build-images.sh index 81a230c8ba..87e79e28f4 100755 --- a/automation/arenadata/build-images.sh +++ b/automation/arenadata/build-images.sh @@ -15,6 +15,11 @@ popd #docker build -f Dockerfile -t cloud-hub.adsw.io/library/pxf-hadoop:3.3.6 . #popd +#echo "====================================" +#echo " Build Vault image " +#echo "====================================" +docker build -f ./vault/Dockerfile -t hub.adsw.io/pxf/pxf-vault-test:it . + echo "==============================" echo "Build PXF image for automation" echo "==============================" diff --git a/automation/arenadata/conf/pxf-application.properties b/automation/arenadata/conf/pxf-application.properties new file mode 100644 index 0000000000..8c2464d728 --- /dev/null +++ b/automation/arenadata/conf/pxf-application.properties @@ -0,0 +1,26 @@ +############################################################################## +# This file contains PXF properties that can be specified by users # +# to customize their deployments. The configuration is loaded by Spring Boot # +# upon service start up. # +# # +# To update a property, uncomment the line and provide a new value. # +############################################################################## + +# Server connection timeout (-1 for infinite timeout) +# pxf.connection.timeout=5m +# pxf.connection.upload-timeout=5m + +# Threads +# pxf.max.threads=200 +# pxf.task.pool.allow-core-thread-timeout=false +# pxf.task.pool.core-size=8 +# pxf.task.pool.queue-capacity=0 +# pxf.task.pool.max-size=200 + +# Logging +# To enable debug logging, uncomment and change `info` to `debug` here +# pxf.log.level=info + +# Security +# Specify IP address (or hostname) of network interface that PXF listens to, or set to 0.0.0.0 for all interfaces +server.address=0.0.0.0 \ No newline at end of file diff --git a/automation/arenadata/conf/ssl/certs/ca-cert b/automation/arenadata/conf/ssl/certs/ca-cert new file mode 100644 index 0000000000..26f96ac558 --- /dev/null +++ b/automation/arenadata/conf/ssl/certs/ca-cert @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFFTCCAv2gAwIBAgIUHolZhRFmeXWGQDUfp2ky44DUR5IwDQYJKoZIhvcNAQEL +BQAwGjEYMBYGA1UEAwwPU1NMLVNlY3VyaXR5LUNBMB4XDTI0MTExMTIzNDQ1NloX +DTM0MTEwOTIzNDQ1NlowGjEYMBYGA1UEAwwPU1NMLVNlY3VyaXR5LUNBMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqfkVkLBs7aFgu+HhNOPxi7LgSC9i +GBNjxD9KD0ABtrARyRWsILkU38Zy2i7FOJ1DZ07ZcV6ELkAlNpc7Opja/x9zOrHa +JQAvBkkllc31kcJ5mSHgkOlww+gt1cGLsrkeP1YoR96RqJ4vsK7FP+XBS8z5K37N +xVj3tmODYZqTdjRX+ee9DL2lI54vNimkGHQznEomERK0xvpja6u7xr18CBipeMUe +EsFhIU0PW3NxMl84TqsdJigReOJx/3Hzggbd367f5yonSiq60KQqw0Qo0JhMUmQZ +jBeSK452eHoJSK3Uz7aTEA7Tc3YKvFrWBFENie423BLzErF6EwepzU+iVSr7Uc3g +812lnUZTQfIXzGQ0FFgNdl+2gvJ+FvsLoFI/yppuyB9oSu9FRmwpqRZ8xcJ0bSDT +6vu21oV5tfep/4cjDxWq38lk+8QemlVA9nrMk2QNyVQT+NcOeXS/ijTIZ8KwPqPm +554BODxKr8TNMMf7KEARa7sTZOGsHy09YosvBcwg0C9+/17FHWxsb4BqpLcd0FfK +6b2rG596+62M3iD3FXG27rJi9qN8hx37kzHo1herUCK+VMzkGN5MoF/KJDEy83xZ +XPUDQ+UN0anheMY1p+yVYixhTFlHTG5MgLVTWjfJWWs2c9fa5CLut8+X/R3zFt9D +ZArj3b2qxhrEN/0CAwEAAaNTMFEwHQYDVR0OBBYEFF56+WTUlez31PgtJiLoFpJB +rJ7bMB8GA1UdIwQYMBaAFF56+WTUlez31PgtJiLoFpJBrJ7bMA8GA1UdEwEB/wQF +MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAJkSgPbPBa5G5oNiiBrK/WjBM5t1NOD7 +WMrpC8++DJDRT1u90zmdK+us8Ab9DvBXkbjVcO0XXNOoV6RsGJuVJdufcvxyF3O6 +UdjWREic26PV/+1mJpgu2suwGVjU0FOKUGlQZVwHvrG6YJcFAcyqeZVvCoMC2Omp +aSQ0Z+MlA6T+3fZCNIScVsFwaV63IjYdEkRsrou+NuXDEqR2zHJoXsZsgN1lFUu6 +x1vlKnw2DLhNOIWRTyLMfU9DIXq02UrD/lZjW6yszrmVBoFm1W0gP/T16GLo91+S +BY66R0LGBtzmIOzjjgvcfB2aTSO+wskr4S8UhWXp7O4kkFf69rg6ogZLZbR0XxSG +EEYe7aD96RxlQ3QUq5hWLtZ/Toj5fwTO8RDhA57b5J0nsNL1AnmN96VUVUadaxug +VHLQIwpjqNdCVGfcV/WMdAFY6TMGBAjUe5xZLo0cxodEkQ/lUP9nxLH8wIBcpSXp +VD2gQSJmbsr6Nk/iklk1FKiYs7xMFPVuQi4+oahwWC50N2mdhW/Xn8UZDyLpUTWt +M5ld5jjlOBEAtyP07pLQj+K1qv+vEBN4rLNtkSbKPJkkVgTqhFSwo2RLM8rFkAxr +B3nFzk7SxAQkwYXlnH2OQNTluWnH0r1MjQeU1VvQOjUduFOHDKpXciI9ajPxSVSF +EchTqpmNaBAY +-----END CERTIFICATE----- diff --git a/automation/arenadata/conf/ssl/certs/pxf-client.key b/automation/arenadata/conf/ssl/certs/pxf-client.key new file mode 100644 index 0000000000..675563f5ee --- /dev/null +++ b/automation/arenadata/conf/ssl/certs/pxf-client.key @@ -0,0 +1,32 @@ +Bag Attributes + friendlyName: pxf + localKeyID: 54 69 6D 65 20 31 37 33 31 33 36 38 37 30 30 34 37 36 +Key Attributes: +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDgipdjFjENt7U+ +rCK0UMVEz7QO6U8Qq1VjhBOeXHf2vwkID3Vb/G5bmd9xaqezx0HploVnNMF8CzCn +M/Z/GcjV0e/eooKNHkulQRU7lNwbAJvylFH2+UNhepDIGzzHsyPEtSl00KIkFzMi +ocblTs4dHppBcFkDcOgo6glJuAeKyTkrexYfGdSjvIM2RyTmSdam2qJF1c3nOxPl +IHdJYFXgF4uqCRWWUh9MOKAUb4QxectBr9EnkDPhja4RmlgQcYlTbH3RMyHTk25Y +mdcf5DMi+8U5NkJTKWSZVqTnCwKAxbkbJXsGu6Z3I9sHS1meWwxELACctdGiqcxj +UOfFj8V3AgMBAAECggEAAPuU97SNqL3gl7J2K8GHaNUwjbjSBUR9XlmiIlkiQfIK +bpQZaI/SxdOHFFPUrGdCBRfeY+9prLV51DQt2dbkN6IFwZIxgxTvsidLmf6n9fWg +jm+9ahjOMDDdTbA81FzsL6dhU+cOhpzpYYyWtm3hXg7tED3seHo33JH6/MJxmgG5 +rxiNMByCFAgihVE9UszopT+ZJG8UNp4JGdsUJux9u1Er6RjjAoC0ffV71e1Ks0wr +xulgKR7Y5AIEMoMAmzNluNcL65kgFl+ZslEtdbfbUa/rChJT2nu81EYr5Tu4IlRa +jwxhrPHc41h7d9fRJRbixoBbw14xV5hLqpFwz1mcPQKBgQDi/weTb4ZWpyfiUcf1 +5hR2nTnRuhz0HXSx9XUVTp9TTkalw0cQnTrLHu9TvbZdPZTDah/JPap2x5NCdVWi +e60nW2Z11GTzgD7QmQkBXgtMxvZvsFIRWkftGEOFe5zB3R/7tZYwCkFFHLsgmeLy +V6LkpQRFxagbnUnf1vCx4KhCiwKBgQD9O0POQS1HqDKOCzy3EnJDMDwPJCSQR2VZ +2hbGFiUhFf42buWfxbqpadl45RzZq92GzSmgPOSv/fKAjyYcL8Mc4qlGoZSY+xo+ +UvD6cWNafp3mIS6iMQb4der1HFd2l5wFoNDXQ7IDdEI4IP40yNlMUKTj/Z6OMlK/ +5WHOjOpCRQKBgE8Xk1kwy7sXpRL7cdPhJhIqOEI2Oe5o8Qcswm35JhSNupn5T6Kf +ViP+FF+2Q3t7gIESUh75aJLYeRv37C2gMDX9Z9b4eXBKqBhgqj2aug83aBiEdCPt +tBANm0FAT99Qn9tBayI0AIgHOcBjPis4k95dDP8OnsN4a4wdxWIFKDt/AoGAK2Jn +74JDG6+5WZSbRlImuVQeNgnfKcjRmF9A35cTrWNzNigxtvnNTRERbSDznGdRgLLN +muJT28MKNPRRdyrHpr8+eRddugfrKxpSptWeS/a9Xpv4vVjg9Nhe9LdyVKMM2/n9 +TaQPb4APiEY+xxRSBj0awuTEsV/1xWKrKxQBXnECgYBnRX9QYHTMpQN+UuJPohKZ +jUdzgXplDk5LxPtor4BLjmvXUI7AtO1JMMr/ZLtJXZenLSAOZUVTYXUqTjM5661a +7Au053b7nsr2LvZXNcTa4MaqLRVlZziHufmITCMZ8xb9PqtnLLhiePybRdVWIhC/ +04df7EwLJTtu9o7aIYaIqg== +-----END PRIVATE KEY----- diff --git a/automation/arenadata/conf/ssl/certs/pxf-client.pem b/automation/arenadata/conf/ssl/certs/pxf-client.pem new file mode 100644 index 0000000000..743617a72c --- /dev/null +++ b/automation/arenadata/conf/ssl/certs/pxf-client.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID2jCCAcKgAwIBAgIUbcasatcUVVbJyvpwf0Z21bApocUwDQYJKoZIhvcNAQEL +BQAwGjEYMBYGA1UEAwwPU1NMLVNlY3VyaXR5LUNBMB4XDTI0MTExMTIzNDQ1N1oX +DTM0MTEwOTIzNDQ1N1owDjEMMAoGA1UEAxMDcHhmMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA4IqXYxYxDbe1PqwitFDFRM+0DulPEKtVY4QTnlx39r8J +CA91W/xuW5nfcWqns8dB6ZaFZzTBfAswpzP2fxnI1dHv3qKCjR5LpUEVO5TcGwCb +8pRR9vlDYXqQyBs8x7MjxLUpdNCiJBczIqHG5U7OHR6aQXBZA3DoKOoJSbgHisk5 +K3sWHxnUo7yDNkck5knWptqiRdXN5zsT5SB3SWBV4BeLqgkVllIfTDigFG+EMXnL +Qa/RJ5Az4Y2uEZpYEHGJU2x90TMh05NuWJnXH+QzIvvFOTZCUylkmVak5wsCgMW5 +GyV7BrumdyPbB0tZnlsMRCwAnLXRoqnMY1DnxY/FdwIDAQABoyQwIjAgBgNVHREE +GTAXggNtZHeCBHNkdzGCBHNkdzKCBHNtZHcwDQYJKoZIhvcNAQELBQADggIBAFrO +cClAsTHyLmxdgdTeM7a0AHg5ppndOoLj3TDf+eqQiZNzvCuIqq2Y4/BLRXpB8/L+ +ef81UT49mtYnImPW15saYidopfsdboD+w+bvFfhcgpPl0EzGZ3/+9VHxk8ygVQVi +jaiG0wjF7am4IIDKpKw6lZ/69/Co98s/Uh9x/Yr1raXrFkxDBmD1nZnzsron7/40 +teYt9cX08eRBe2wmZiTHr3H1s5VHlY2oojpATkBLUFBqYmY9cTnmgllue83qF6+D +wvNAJBKqY2hSnom4SDo6PeepNUvDSj/jYc9rzzafU52P8n/rRQfGu82ZWGY+jen2 +eXnsCMhv/U6PnZAiYyJpbJrumJWtsbdtk99BopiilUjqoVWy39WAqrUkAPz1aY1j +uNS7Wk/mkKVT0Haa2jh/hvaeFa1f0ZgpNXg/d5GPP7lxOuM3L+jQPYlXf8qmQpTX +7LSiWHJGMGWzZ5BDtYRSVJQ57X7TimSrjMusiFA2z4MSDO7Ykw7RrmnPIrYPt1kt +bhlV9vfKu1ldRI9dPkqme3fsT2ocIl1MWB5ZDvuRcIs4kE7NKVkix8pvqWpgcNlu +1WrDeWWUHXg2ZAkmxHGI0PPTCfARUHo5pixqAtsVcazAHGfq/wI7jkfpxwdXPF8g +lJsxcAVnz8O87DRzOnesVvE4WAXSipD8H/YdlBZ/ +-----END CERTIFICATE----- diff --git a/automation/arenadata/conf/ssl/certs/pxf.jks b/automation/arenadata/conf/ssl/certs/pxf.jks new file mode 100644 index 0000000000000000000000000000000000000000..04a8a35419250613e422a0dff4e932a45fd7f0fd GIT binary patch literal 7042 zcma)>RZtuXleUpT2KS)BWzb=83-0djPH+gWg9ixigEP1XcL*ASyE_Rk!6Lw(zy7WB z)n4shbanO9a`|4o4Te&LAR!`yp%g5rK-Or5=tpcsG{hn(1sMQJLHrNK2SZUR|3?cY z2LMIM_y?!_6N#vp|GkBUfrwNDMUnUiih}L_-9W(x8-fM@Q(}SH07OF1fbf-c^0-bO z+~^oMI(c^9Z)GGTW;`TB8ZZ_r`v1R(1VljqQ=tMaq7@KrkpYOT06fC+?>M3jYFpJ! zHpN(j-IxF;%7-BE z1?_|~$900oFKa_`vPPK$)e{aCyo?g*bavujEq(GXaP497fK^rB<=8^dbiEF47w=-2Qj$6DlVq^w~0?2k&#(K8|I_Y)<6Ul_l`n& z@C4vahCI{mB;^nx$M!(SgTQhdPH`V76J-SN2Z0QXtya`N*o&qNph<+U_za;7==a6; zdKoqxODbdauVgQvS;H>;l%7R%PFG4xlopI;{%0I(;}BEQO-R8uC1OT9TjKfN{OkZ3N<(d~#zL&7I;=bqfQ_m5Wy0t;C!qdxUxS35vej7^%a0!md6^JQ8Q(gY#kLlj6F~ zYXKv-!o*BG_v%HSNH9N&w{9=8c5gGpiCyo#SD3`^F4mFqr1_Sj}kGQA3zZtmbR?mRxdG%%(;tV`}|ld=if=@`ppbfb^`&BN}-~P_C)w$T*oRl($m0l;6Ogx{~gBH0eqUAx|G$Jnr2sC!$#EJMi=Wgsl_ETTf<{FxEZPMG0lv?J{;R)&a4O2WiG3CE#@5NijaRQtUOeE_gS zOUSRpEGm-^Y_gcr+%om#N>?meapU(zb1-6^OWbr8WwqCMkJji)Onw%>V2I^Lo0S6r z{>eQ8{~pkl_Kpc}uwlc4i!xvCW&%6jCrX;2J1ja4s}2aLNiIT2@7ETsJ>V7w6aOoh zKq7ARx2Op22!055VA}s+Vs0V;fsUh#Ee*E-4>u3Lpa2-mE5Hwi5?lT|goauKCD!@} zsUaaE{FCJW(?R^-1iIWW*64EkZ6|g&5^+lM8#M;KRgwRTK#vY}*(l4QI9Z1l5x>H| zVuV47W>sCnK~2hZ#7(*0ChGdW=}P=CGPhCGM)D#AK4KRtebHDQ8w~5VPjcWfB2*N)_Qw2`+!u0 zwk7(;QvrTOfUCCDOY1|8eR;MZ4`1sdWZ3>NXN6XrX7y+@V3eOcfB(27t{k4Unf`aa zk6eyi$|)jidSS!<$1g{AI`vpdmW*}7#vf?I7@j^-QbHCV8(?s4oyVHZj)4k}N1T0q zKJF=+WiJy^mt2o0pyX9PjA~Unr}&)A@FIrP={v#nOt71Ui;VlP8r1jqk&gNE_pB%4 z4D#64CQhV%V^o7H!<^9}7dcRX9nw_DJ#2?k0!po1xOAwn&rUJei z^dDn&wViafYk^3zyH6}6b8cBB`XCicpC4lQ*yH{aLKsq-Q6loh#m%{Sg)nbxpzG^O zHg4q>zD?iBA8UU2kHsZ6l;KAkfu9H8SaW9So;F17T8%a?Ry>W616EKgx4-R`f;uuU z&q^~7;SE{`&P|;2sY7A{Y>TWJh%9(JTUBY9Gc&TzJ9ba#sv{=@@Z4FoAlVQH%(Gmu z3xdUL9JsYGIK>G(;Uo>yF>^vUNAVjUa)tm85hx&Cg;!{yuq(*FQmUL;*Gg zLB=#a+MOJzFK>@&R|lF3x&yz5B?iwvKBNB{TkuPCr}NIqm7 z!)iX}@7JJM+DdXwTpdANyKywh6NfH$llsd1;7{EjA^tR4({TiQtN!p%Y7X3rVJo_2 zrlX)F89`+drVrW-#mw>vYJ3)aL{FC|QKXe@PJbR>QuE;JP}8ZG%+KUpNbgFnSEibG zwS#OEG~n9jgUT15JMt;p=f*`VkXr2t5Zbv|yQ2bImJSE85%Dbl_ZJxP!?&$#vmcjTlEP-x~sc8y6$iTV8)kP{K15v?$LDj z$ff#H$k#KD=I97$D<0?@XX=lpa-kEJ$qh}CgH&|)FM9!J#yyTHbN6I)=G5#5^H!DI zipO@4(I#BFLqs%NG~1Nn=rKd_o-{vl7DEa!=Y#II06Dnb2AxTagkcC`g|sBtv%_~n z@(Np$;c6-{Rm_#1>E5JSl@buyY}=qq#JIta^=#Kvi{DQufoe=2euvQ>X0W{N9B<-` zCLdL`yZ-E2@%HCW;}Jk$JVoV%EvUTc8SkYmDjj5Kd1qNO)HxQ_m?d-~IIIF^$dSw< z==_shX1fjKanq!&mOQ3}UfK5Z|JYS6VQj31q6?~Q=u{pBgi9FGwJ!8>1dHNte^mNCEe~(pfhCdf?C+jyZLYW)Z(sYN zQ^MWIu1*_ZY`H6)(F>h=LdD*@FD!zMoj*TZD}M++ohiXv`IzgZ+iu|tqSg0y5jDJE zTu(=NWQmTTZF+r8+aoocDJ{N#b5Ov8^5uhsV<0!p%Rw(zLzMF|F?6x-ASH8YRYxQt z8iuy{@{NI`SmYDF-Djg?Y27B0jaS^ zV&7;JUIZ5Q(O!Q)lIw2ij>+0E-3hGgAHChmYGfnfca|`+5|6QU*3BgXx^++A$XI>r z`JwPYB4vKa2dv>E+p%aZv5@BrOnC)_#@cC0ta&Bf~Yc2Vgky3?> zydHGd&&)Ny612-Ms7FGJa?V|q`=3lh8tA{vj@UD7 z$mdz3ZrdNJ;7gr_!&*qC%A6OUK5QK9t_w=b^RJMzQdYwZo=1-}cluVeHv6QP zwAhLuGvTzKtxp;txvPsGxB<^@S)is8ARgfU&K(-w{)44Nv=w(kp0jAUCOM>3D{I2^ z-KX#f=c(01!z~#|^Y)f~B<@3v5Y->AxBe4Klh0pk0?W-ia-B}<6dphRZ0S4Z@c#~J z2t&?ype-gXD4#A@5=D7E-e7*Z%otlU z9nFF1)d?yrRBaRtU*TYOt2Q{lsGLpbNtaA5MCPrxCg4I*Q1U>Py#i$PDca_2L7 zm@A*xZOm#i216$+y zW5A&;47Au^6>}}5wXcE!fLepWax&YuXh!YxYo7p1Jyemr+|#?6 zniDOP9VF^fOI0B(&Q?glmQ*`j0`(q53M>~lv8O)`NM(G${Lt`@qB6Buj>f{qGp;>& zI&e*~5~&oo091yhyh4R z#60dZdx-54owJ_&I_K(W)UkRC>MHNvP^Z8PgKDvhyJ0K;33W%`I7Rb?6pSMceZ_ zZDLj5TC>7Sw^jeUNVSy&x{XBQv!{XUo4MYG6rlx&&!p1FDV4opKolw)$WOIv` zDS}DucALO?0eKc80b`Se-S4FX18BZE#S=>rDpmziXKXbv@0_f|u5;yGMMx0=^%Acg zwGMj@r=`~dar>*u6<>8I)-QIhC1Rih=&$RaQ}(s>o)!FV^Zvljy$pD&cT-15oo$j` z1DxVp0;J$>yQNgF%{}gIm8aIh%o@KJmkxPF48{_E%=J#4Y*M9FbK+*4BRXonJ3)^l4Fy{& z_nlpc+Jtyn`{fj&kA*hftru@$H)|e=S(lB-1^=;Qw!G4gEA&|mqVi$<5Wb$k;#vL< z#ZOgvcwoi`c=Oez@uw#f&N=IQLJcU);-WeaY2@MGvqPVd`Zr5YHCRSE z7dT9|K122l`&cgv-pppKmt#K$>dS-lU2vb@vkSCT71kH7IN|ytG%hHP1q(fMFsBq& zuE?e#`_-PeZSx85_|_+I!uWDNPaX|^+Jtf*uDl^bDKO98A6=$^LwqBV*W3nKe54z@ zMc&jtHe;Lw;)B1}^j=R(^Uf7OL+70WZE zna@~24f*WgCcZJu#>zIBifnWk)&p6?S7hKnPbYt7zN_YFbbVET{Kc$4z$RT?j6sc; zdB+n7AP`;rgMOhZVKNW>i@B{jf|$&v+eyZN=E8VyfVhC{m9b&qj+E#aj#{h%tQ7F1 zC)FBr`;9f{((p@e$8>}zCA8#XTIT)>jU=i#Vocd|_t##>f^ZuX}SU>+(nu2tZ! zMMMI^l{DLSMaxu0@h<+9=(icg*z?<(!Sc4*|2703!ry6ZQ!$HQeP)!C;$fKH#8-x74jd z6Se69Bd>l6SHJw-(8mFgu&`!7>EF5}57V3YkuQPUrb`;R`f(!+FpZSa<}#&0>g zm`vy)o?I2IpZRW-SI!h4+l)8~Ulo5~D>0Slmeg{(Hchy$gbzA$U`u%kUc}jO6@_!~ zIehW;(L+Am8){n>25Z=XmAFsT_T5mO@R7MTPY?94bfFKS>;8czywc74?->s+*`!MZ zEU+w>=k|WCYpU8b;cq@?7%iE#x2`H-CEs{HSm;qEw39>~^Ja{&z}!{TBtLSeT3ob| z*kvcTp)+3!JK*rmkm}Wr&YY9VdX#F|0HI;+$u!@mOE(Q70Jgq9Ib(URiv9+^?hf6% z^-83>+AMsSX8mtO7P}N_7l*{{(sjwKi2ALOAc4^a+1t%rp%mhb*JshwV`b?EPsYHv z0u`>Wwyd%YhVB5X+h0;uCtS9T6YI#tkA2DMl0`c&HnvRi)xOQ|AVk?r6*hFH_^Tng}R`8=tZX;(G(FNgT)m9X*OcI(cMo@0vFN3|T&F<3rh;HnH`_0Pk;y4D zXGi5q8eHuBWE6!tFnTrn*0Cv`sbsR=;KZ-WV$(Lk>@4&}cdH3jG_Uk)dpQZWgt9Sy zln2zD4c;Q$SZB5B-@+vej4c2>U-_!TFXB`~dX)Zxmx32(2(BBsv$)OOeo*8B3>lih z$7&Z*Gx!`kV{v2^s}*zFz;TD-eg@Z&^qE_uv6Za7JOZg8{x7>CpP!cdJ5@B(U#zn` zPm*dq9wrAXn4oJKGMlS zt8z9V_n?7wfi*ARRt&_{^(mR?9sb;A_MGqc#3avvOBI>h$9KJtqx|%EV&U;)>gvoB zIcoo#vQQrquC>bbWJgguFKB3%*267xjDYOo%_CJjvi@l{9WJgyf2vIHE`C9XG-p-> z4FM9ei-WC5*6_-FN=yA`qC%H0-im1F>?nd)nlZ3xqfSe1m~yA}s{b|b8LhXqQcCGn z1k%&#KV~FOWN4o8L`|vT!m~ox_w~uR1UV`Jtdv%~x$2}`14EoferAVXhkdSm^NblO z^2pcpKm1quN4@7ZINCR)B&UAJ;pT2owg)G|mNUpinjj#PX&jEC@BC%9Mb@v?+1A8X zF53|DWlN(Kw*EFa(`sH7wa{6|8eplud^!WG(xy2~KY4oQ{3j*xLH;cjQ-T6FTLEjO z37uKNpl+6TLd0NblY(igP%8CVxxY) zK8-#0`(`kV;-V}Eb~1`gUg)8SX(ISoEq$!$7YRn~-^3eZ%tu}Kf`6{zdPd_{JY~W> zQQ*flYu16dNLxdX#a?E!=QP>c@Fj}7arIVitz2_0=IJ<-^zjoH$(wJfV!oQG01Os5 z$?5E`OlwXHEa^>FYX;X-| z<(DC3NBd$6?Wmi$PQ~kKQ=UHt=<5aPKPk(^!}P;)_EOfy=mA|8{2Jo+JE7xnMmQEmQrKMPW&(6jIe$w;;#NwWY=U;czeLPS#V2h5UDPj z2L7Qq-?X%AGzxU1pDt?!$E94FKyE4kL=dVWoS1zMK|T?;WJ*7oGwFCmzyD{c{uj2= BF^m8J literal 0 HcmV?d00001 diff --git a/automation/arenadata/docker-compose-ssl.yaml b/automation/arenadata/docker-compose-ssl.yaml new file mode 100644 index 0000000000..dfe91ea18a --- /dev/null +++ b/automation/arenadata/docker-compose-ssl.yaml @@ -0,0 +1,138 @@ +version: "3" +services: + vault: + image: "hub.adsw.io/pxf/pxf-vault-test:it" + restart: on-failure + ports: + - "8200:8200" + cap_add: + - IPC_LOCK + volumes: + - ./vault/certs:/certs:ro + - ./vault/scripts:/scripts:ro + - ./vault/secrets:/secrets:ro + - vault-env:/env:rw + entrypoint: [ "bash", "-c", "/scripts/workflow-vault.sh" ] + + mdw: + image: "gpdb6_pxf_automation:it" + restart: unless-stopped + working_dir: /home/gpadmin + hostname: mdw + ports: + - "5435:5432" + - "5005:5005" + environment: + - HOSTNAME=mdw + - DOCKER_GP_CLUSTER_HOSTS=mdw,sdw1,sdw2 + - DOCKER_GP_MASTER_SERVER=mdw + - DOCKER_GP_SEGMENT_SERVERS=sdw1,sdw2 + - DOCKER_GP_PRIMARY_SEGMENTS_PER_HOST=3 + - DOCKER_GP_WITH_MIRROR=false + - PXF_PROTOCOL=https + - PXF_HOST=mdw + - PXF_VAULT_ENABLED=true + - PXF_VAULT_SECRET_PATH=adb/adb-it/service/pxf + - PXF_SSL_ENABLED=true + - PXF_SSL_KEY_STORE_PATH=/opt/ssl/certs/pxf.jks + - PXF_SSL_TRUST_STORE_PATH=/opt/ssl/certs/pxf.jks + - PXF_SSL_CLIENT_AUTH=NEED + - PXF_SSL_CACERT_PATH=/opt/ssl/certs/ca-cert + - PXF_SSL_CERT=/opt/ssl/certs/pxf-client.pem + - PXF_SSL_KEY=/opt/ssl/certs/pxf-client.key + volumes: + - "vault-env:/vault/env:ro" + - "./conf/ssl/certs:/opt/ssl/certs:ro" + healthcheck: + test: sudo -H -u gpadmin bash -l -c "psql -d postgres -U gpadmin -Atc 'SELECT 1;'" + interval: 30s + timeout: 15s + retries: 3 + depends_on: + - sdw1 + privileged: true + sysctls: + kernel.sem: 500 1024000 200 4096 + net.unix.max_dgram_qlen: 4096 + + sdw1: + image: "gpdb6_pxf_automation:it" + restart: unless-stopped + privileged: true + hostname: sdw1 + ports: + - "8001:8000" + environment: + - HOSTNAME=sdw1 + - DOCKER_GP_CLUSTER_HOSTS=mdw,sdw1,sdw2 + - DOCKER_GP_MASTER_SERVER=mdw + - DOCKER_GP_SEGMENT_SERVERS=sdw1,sdw2 + - DOCKER_GP_PRIMARY_SEGMENTS_PER_HOST=3 + - DOCKER_GP_WITH_MIRROR=false + - PXF_PROTOCOL=https + - PXF_HOST=sdw1 + - PXF_VAULT_ENABLED=true + - PXF_VAULT_SECRET_PATH=adb/adb-it/service/pxf + - PXF_SSL_ENABLED=true + - PXF_SSL_KEY_STORE_PATH=/opt/ssl/certs/pxf.jks + - PXF_SSL_TRUST_STORE_PATH=/opt/ssl/certs/pxf.jks + - PXF_SSL_CLIENT_AUTH=NEED + - PXF_SSL_CACERT_PATH=/opt/ssl/certs/ca-cert + - PXF_SSL_CERT=/opt/ssl/certs/pxf-client.pem + - PXF_SSL_KEY=/opt/ssl/certs/pxf-client.key + volumes: + - "vault-env:/vault/env:ro" + - "./conf/ssl/certs:/opt/ssl/certs:ro" + healthcheck: + test: netstat -an | grep 5888 > /dev/null; if [ 0 != $$? ]; then exit 1; fi; + interval: 30s + timeout: 15s + retries: 3 + sysctls: + kernel.sem: 500 1024000 200 4096 + net.unix.max_dgram_qlen: 4096 + + sdw2: + image: "gpdb6_pxf_automation:it" + restart: unless-stopped + privileged: true + hostname: sdw2 + ports: + - "8002:8000" + environment: + - HOSTNAME=sdw2 + - DOCKER_GP_CLUSTER_HOSTS=mdw,sdw1,sdw2 + - DOCKER_GP_MASTER_SERVER=mdw + - DOCKER_GP_SEGMENT_SERVERS=sdw1,sdw2 + - DOCKER_GP_PRIMARY_SEGMENTS_PER_HOST=3 + - DOCKER_GP_WITH_MIRROR=false + - PXF_PROTOCOL=https + - PXF_HOST=sdw2 + - PXF_VAULT_ENABLED=true + - PXF_VAULT_SECRET_PATH=adb/adb-it/service/pxf + - PXF_SSL_ENABLED=true + - PXF_SSL_KEY_STORE_PATH=/opt/ssl/certs/pxf.jks + - PXF_SSL_TRUST_STORE_PATH=/opt/ssl/certs/pxf.jks + - PXF_SSL_CLIENT_AUTH=NEED + - PXF_SSL_CACERT_PATH=/opt/ssl/certs/ca-cert + - PXF_SSL_CERT=/opt/ssl/certs/pxf-client.pem + - PXF_SSL_KEY=/opt/ssl/certs/pxf-client.key + volumes: + - "vault-env:/vault/env:ro" + - "./conf/ssl/certs:/opt/ssl/certs:ro" + healthcheck: + test: netstat -an | grep 5888 > /dev/null; if [ 0 != $$? ]; then exit 1; fi; + interval: 30s + timeout: 15s + retries: 3 + sysctls: + kernel.sem: 500 1024000 200 4096 + net.unix.max_dgram_qlen: 4096 + +networks: + default: + name: pxf-automation + +volumes: + m2: + vault-env: diff --git a/automation/arenadata/scripts/start_adb_cluster.sh b/automation/arenadata/scripts/start_adb_cluster.sh index cfd46e1702..f610c860c2 100644 --- a/automation/arenadata/scripts/start_adb_cluster.sh +++ b/automation/arenadata/scripts/start_adb_cluster.sh @@ -9,6 +9,23 @@ segid=0 is_mirrored=$DOCKER_GP_WITH_MIRROR primary_segments_per_host=$DOCKER_GP_PRIMARY_SEGMENTS_PER_HOST +# Wait Vault service +if [[ "$PXF_VAULT_ENABLED" = true ]]; then + echo "--------------------------" + echo "Wait Vault service for PXF" + echo "--------------------------" + role_id_file="/vault/env/role_id" + secret_id_file="/vault/env/secret_id" + while [ ! -f "$role_id_file" ] || [ ! -f "$secret_id_file" ]; do + echo "Waiting for vault init approle envs" + sleep 1 + done + # Read the role_id and secret_id from the shared volume + export PXF_VAULT_ROLE_ID=$(cat "$role_id_file") + export PXF_VAULT_SECRET_ID=$(cat "$secret_id_file") + echo "Vault environment were initialized successfully" +fi + # Base config CONFIG="ARRAY_NAME='Demo Greenplum Cluster' TRUSTED_SHELL=ssh @@ -84,9 +101,9 @@ bash -c "/usr/sbin/sshd" chown -R gpadmin:gpadmin /home/gpadmin/.m2/ # Get ssh public keys of hosts -echo "**********************************" +echo "----------------------------" echo "Get ssh public keys of hosts" -echo "**********************************" +echo "----------------------------" keys=() max_iterations=10 wait_seconds=3 @@ -138,9 +155,9 @@ do done # Create config files -echo "**********************************************" +echo "----------------------------------------------" echo "Copy keys, set bash profile and create configs" -echo "**********************************************" +echo "----------------------------------------------" for key in "${keys[@]}" do bash -c "echo $key >> /home/gpadmin/.ssh/known_hosts" @@ -169,16 +186,43 @@ if [ "$HOSTNAME" == "$DOCKER_GP_MASTER_SERVER" ]; then echo "----------------------------------" echo "Run Greenplum cluster installation" echo "----------------------------------" + + echo "--------------------" + echo "Check SSH connection" + echo "--------------------" + max_iterations=60 + wait_seconds=5 + iterations=0 + while true + do + ((iterations++)) + echo "Try to connect to the hosts by ssh. Attempt $iterations" + all_available=1 + for server in $DOCKER_GP_CLUSTER_HOSTS + do + status=$(sudo -H -u gpadmin bash -c "ssh -o PasswordAuthentication=no $server 'exit'") + if [ $? -eq 0 ]; then + echo "Server $server is available by ssh" + else + echo "Failed to connect to $server by ssh" + all_available=0 + fi + done + if [ $all_available -eq 1 ]; then + echo "All ADB servers are available by ssh" + break + elif [ "$iterations" -ge "$max_iterations" ]; then + echo "Failed to connect to some ADB server by ssh after $max_iterations tries. Exit from script!" + exit 1 + fi + sleep $wait_seconds + done + + echo "-------------------------" + echo "Install Greenplum cluster" + echo "-------------------------" sudo -H -u gpadmin bash -c "source /home/gpadmin/.bash_profile && /usr/local/greenplum-db-devel/bin/gpinitsystem -a -I /home/gpadmin/gpdb_src/gpAux/gpdemo/create_cluster.conf -l /home/gpadmin/gpAdminLogs" - sudo -H -u gpadmin bash -c "source /home/gpadmin/.bash_profile && - psql -d postgres -Atc 'CREATE EXTENSION IF NOT EXISTS pxf;' && - psql -d postgres -Atc 'CREATE EXTENSION IF NOT EXISTS pxf_fdw;' && - echo 'local all testuser trust' >> /data1/master/gpseg-1/pg_hba.conf && - echo 'host all gpadmin 0.0.0.0/0 trust' >> /data1/master/gpseg-1/pg_hba.conf && - echo 'host all all 0.0.0.0/0 md5' >> /data1/master/gpseg-1/pg_hba.conf && - gpconfig -c gp_resource_manager -v group && - gpstop -aM fast && gpstart -a" # Check cluster echo "-------------------------------------" @@ -202,6 +246,18 @@ if [ "$HOSTNAME" == "$DOCKER_GP_MASTER_SERVER" ]; then echo "-------------------------------------" exit 1; fi + + echo "---------------------------------------------------" + echo "Configuration and installation Greenplum extensions" + echo "---------------------------------------------------" + sudo -H -u gpadmin bash -c "source /home/gpadmin/.bash_profile && + psql -d postgres -Atc 'CREATE EXTENSION IF NOT EXISTS pxf;' && + psql -d postgres -Atc 'CREATE EXTENSION IF NOT EXISTS pxf_fdw;' && + echo 'local all testuser trust' >> /data1/master/gpseg-1/pg_hba.conf && + echo 'host all gpadmin 0.0.0.0/0 trust' >> /data1/master/gpseg-1/pg_hba.conf && + echo 'host all all 0.0.0.0/0 md5' >> /data1/master/gpseg-1/pg_hba.conf && + gpconfig -c gp_resource_manager -v group && + gpstop -aM fast && gpstart -a" else echo "-------------------------" echo "Starting Greenplum server" @@ -232,6 +288,23 @@ do echo "---------" echo "Start PXF" echo "---------" + # Init Vault environment + if [[ "$PXF_VAULT_ENABLED" = true ]]; then + echo "----------------------------------------" + echo "Init Vault env variables for PXF service" + echo "----------------------------------------" + ksh -c env | grep -E 'PXF_VAULT' | sed 's/^/export /' >> /home/gpadmin/.bash_profile + ksh -c env | grep -E 'PXF_VAULT' | sed 's/^/export /' >> /home/gpadmin/.bashrc + fi + # Init SSL environment + if [[ "$PXF_PROTOCOL" = "https" ]]; then + echo "--------------------------------------" + echo "Init SSL env variables for PXF service" + echo "--------------------------------------" + ksh -c env | grep -E 'PXF_SSL|PXF_HOST|PXF_PROTOCOL' | sed 's/^/export /' >> /home/gpadmin/.bash_profile + ksh -c env | grep -E 'PXF_SSL|PXF_HOST|PXF_PROTOCOL' | sed 's/^/export /' >> /home/gpadmin/.bashrc + fi + if [ "$HOSTNAME" == "$DOCKER_GP_MASTER_SERVER" ]; then sudo -H -u gpadmin bash -c -l "pxf start && tail -f /data1/master/gpseg-1/pg_log/gpdb-*.csv" else diff --git a/automation/arenadata/vault/Dockerfile b/automation/arenadata/vault/Dockerfile new file mode 100644 index 0000000000..d1cf808c52 --- /dev/null +++ b/automation/arenadata/vault/Dockerfile @@ -0,0 +1,7 @@ +FROM vault:1.13.3 + +# Install bash, curl, jq, yq +RUN apk --no-cache add bash curl jq yq + +# Set bash as the default shell +CMD ["/bin/bash"] diff --git a/automation/arenadata/vault/certs/certificate.pem b/automation/arenadata/vault/certs/certificate.pem new file mode 100644 index 0000000000..d505eb70f2 --- /dev/null +++ b/automation/arenadata/vault/certs/certificate.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFGzCCAwOgAwIBAgIUX0E/LM3jQ/kdpIOJ/vtDNDhdJb8wDQYJKoZIhvcNAQEL +BQAwEDEOMAwGA1UEAwwFdmF1bHQwHhcNMjQxMTExMjM0NDU2WhcNMzQxMTA5MjM0 +NDU2WjAQMQ4wDAYDVQQDDAV2YXVsdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC +AgoCggIBAL3O8uywBT2coCbP8jTK1Dg9e8e5MhNhKwt40+wBRIizOTHWM5TtBhqA +WdvdwtDovo9t6/XjbzR177FHiE88QWgSE9WcFXkh49cvAhlb3CNIhIO03JggRO9X +XPq/X3JwyTeyzEzK/g/HYkIgoBhyBNcTMibri0yqi2CXdTyCDpAn6cnUuNfkatJG +Zu/p1jRS4luLn1nu8k6oAW/C32oQe3PibGscVy3QYpQhRtnPcTWwIbO/1a/SC6ED +eWtKLictF04BAyKKMbNz997ZwRqS5gJdU/0ggwpSurfAt/tjbN8tH7D9poJXZi/O +DqFXFejlxrGu40PiMMWrUc+/tx8k9VrX9vlKI+Tn0JROYRP22+nHdoP39S8TBoPN +K/xuRczVIPM8ox/5uwOztw3AZBZHAfi8SWsXy+gLVnrVP+zavGcbkKrHEweXY9Tb +2Rq/GLFfXB2HgUKz05guy+FoM4l1KI46mgXg7KWP3MvkmyHQums7NBEvuOFm1hxg +QNOzIizsfCaJX3+yjscBCKcTEaoxN3qbSd8U1NdTdXBN8Xf3q4b+ZD/3hmC9CC3A +ZKDnfqMnQU91qBkklOJekmGvFvUltiiRy8wd7wfiwNrEqY9fpNmo/Dzl90X7xBe6 +tv0lknOZTmzMB4n2nhDa6s5egvo8WuhuR8yhSd06IFb9TB9YtP5zAgMBAAGjbTBr +MB0GA1UdDgQWBBQ+PrLr2waShJQrPhKHfs9uKqCtUTAfBgNVHSMEGDAWgBQ+PrLr +2waShJQrPhKHfs9uKqCtUTAPBgNVHRMBAf8EBTADAQH/MBgGA1UdEQQRMA+CBXZh +dWx0ggZ2YXVsdCowDQYJKoZIhvcNAQELBQADggIBACsUNJaXr4QkRTfnuu6/ecRy +6hti3+WTvg4t+S1agj1QV3bb1DT9dOKryg7DjePUvWv5bcD3xzuNwA3zi67Dt3uR +qY9rcDGZa0qSWQcLBSW+QzsOGmS1JpLBjbjWBMvAC3g4BrZTHAMlzPC5ln3Gahqk +dsqro/ImS4HRJ7tXM1Kx9VJDhrc2jI8xRjEpI1TauNvMhFpvUF0GU24iD+Zfg/2V +Khn+IfZNV1EPF4Ao5wVK8yUjyhPcAqshXHDBsciEP3ZonUrUsVEbtu/I3FXA/VuF +rO9vMBeYy82idsasVFCk7hZhUrDXiZWUD1Nt1EZZALHkq/zIrc/WnkUlDOODywYB +7PMADp9BpXopzLfjZ2+T5O4PZwfmn4X7q/8PDgaGmwpr9Ja2nNa+6M6Vdo+IphJs +/CSFl17PQk1xYG0kAjOq05RWZnuLctjpUV+b8xgeHjv5l5RK9lk0Zj9ZyCGjPYYc +S5tUDmVfp6U+At4hF0Wg1V+f3N6DzItm2tVgQ7Bqvbo35hHlVHPfSm2Ojd0GLTl6 +pRbHcYmJlukbadcgqKrHls4gk4tgDzRHK2WHbVDTg07KloGN9fZir5aYu7meYODo +b1vWjsYeEwuw+ccgsaes/lcQzCIoLMgOaFESDJ30wsN35OkrAeiYK2Ri35Ce5j1I +T7hf9J0YlQNziFyF3hLM +-----END CERTIFICATE----- diff --git a/automation/arenadata/vault/certs/key.pem b/automation/arenadata/vault/certs/key.pem new file mode 100644 index 0000000000..c118d2fd08 --- /dev/null +++ b/automation/arenadata/vault/certs/key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC9zvLssAU9nKAm +z/I0ytQ4PXvHuTITYSsLeNPsAUSIszkx1jOU7QYagFnb3cLQ6L6Pbev14280de+x +R4hPPEFoEhPVnBV5IePXLwIZW9wjSISDtNyYIETvV1z6v19ycMk3ssxMyv4Px2JC +IKAYcgTXEzIm64tMqotgl3U8gg6QJ+nJ1LjX5GrSRmbv6dY0UuJbi59Z7vJOqAFv +wt9qEHtz4mxrHFct0GKUIUbZz3E1sCGzv9Wv0guhA3lrSi4nLRdOAQMiijGzc/fe +2cEakuYCXVP9IIMKUrq3wLf7Y2zfLR+w/aaCV2Yvzg6hVxXo5caxruND4jDFq1HP +v7cfJPVa1/b5SiPk59CUTmET9tvpx3aD9/UvEwaDzSv8bkXM1SDzPKMf+bsDs7cN +wGQWRwH4vElrF8voC1Z61T/s2rxnG5CqxxMHl2PU29kavxixX1wdh4FCs9OYLsvh +aDOJdSiOOpoF4Oylj9zL5Jsh0LprOzQRL7jhZtYcYEDTsyIs7HwmiV9/so7HAQin +ExGqMTd6m0nfFNTXU3VwTfF396uG/mQ/94ZgvQgtwGSg536jJ0FPdagZJJTiXpJh +rxb1JbYokcvMHe8H4sDaxKmPX6TZqPw85fdF+8QXurb9JZJzmU5szAeJ9p4Q2urO +XoL6PFrobkfMoUndOiBW/UwfWLT+cwIDAQABAoICAE8pca1/WCAzI6QsVCLqeQof +snFA7v6gJvi44wHqIXA192Oup4K0PDhvUYreeXLxrxBY0vGRcn7ZtScl41bQlaLW +70jGuTn1BXZol6KF6lEY3JOlqd8UjkuYDyJREHjFS1acjpJ0kvN3v6Y+vyaS3yvo +SKFs2YMXGdwmLvIWeAZtbxcLTjBUhqy+Sg5DY2AdNWTi3Yn/mzVs4nR/PPiaeTKC +u58MiduErqiDHG6ZEulGVTgHiRK0Mr9rmIdDv+3841xYFbuhEUt70WQzQ1NW8vEH +hZDrr1tt14vtp44EEJMf2bjSgVCZLPhBI17s2ClzM6RFgWl9e8PlSNCxb6lgm6cY +sCjjj7D3G02zEibf7FBXb7UxMcKTmDA933HfwO4YJesJNYDpwu5gWD12d1Ey2wFQ +/7V3unSwBWeztNbLQaWA5ryZxaP63RGM5uXis58kYCU12yaEyuhhKgRfyJRR9mI0 +RNjsGmRESIRIwWJovR0Is9QcP+BhZ3BdhbcUmpTZOcCyeB7y1bu1WSlFDFsWCb6U +3I5VgKt6MEhkkBDl4Mj5JQmr4kaMf/OCPLkf3672K1A7a/iNtsiwruV7bkEiqt4d +uZl40xIv3DJ5cbNFcU6O/NRRibPY7AqVd2B4GhqUx6/LWdL4ZC9FeSM9ZdSYhBzU +vmoptlb+om/Fpb7/OUf5AoIBAQDkct3rhPOnwkY7VuNV0+IIIJzMkaWAybn9moZV +ICB4CrtmQb7+MRnjInPG83CUOBoBMcmYvc1pPRpJhhq5GXAhRoRA59a8hFQBgujU +tPE8rkpgMYAgPjGrdk+GwhKzp9cNLckmy1/+qzMcBqr33vpIF65Ih9mB127W6yZl +VS7HZstKdwib0KJB2ZrQQoQ2YyqQ9q7GjzH+KYYPSb5lUChfonNBuh3BJ9oU9YZa +fheXNa4+q+EM3PT69aYEX+HzO2DigGIsIY9qgfA5j+WaOY2XrokZJLgZztVcWJUo +yqd6qxMSsTo8KAaG9/RpRpc2X2eZLsJ1iLK+4lIrHjarHJMlAoIBAQDUsxmVVNfh +NEbD8hK2ows+RaWsl8E62Ib0udcjHUhmYLHPKd2YI6BWDvg6E55FAhU9oCUTH1Vh +pqpUcV7RE2Vltw2iSt5uAw/hf1ndfOsY4Sd5sPThs33e/soDQ6A5KkjqRxcJ9AMN +mDR9fJkk5QPud3Z3xisqA6wOl8ki9seLBr8JvTpcPb/wrL4ll0Knmt2JI40yZh4q +NLqSy3OlWqP1AhR7d5bZT6j2uY9NJZIEZ9fi7HwJTROZDu5HCR2Vs+CCJNfLRBTC +oG53ZIJgZtkpw4hgQuefGtSt1HvKvfm0doUDXCcdkgA8D8RO5UiK42RaEtJUb4Qk +Xm4+WfXbNuO3AoIBAD+EqKuJhe3JGJn7KK5+gURdPPusK2ZJsIsQ4fTdP+ngogZm +lWI76MS8mZBhs5Wim6hlXXY4n9p5AMwcm2WH6yN1ZeReEdjMukbJTU+HF+QVWdyx +JrzQTiMsfCQt5eFJ84NYjatZtNEsbMOIHxVYTCKrYuwLybBOZCUhsMVQD/elXzTP +L/eS5OqGRINPW0979yPjUukme3H9vaaWjHfC99bPZliKFSfVms9lDPwwPwLuDAqk +46gd74evsX9Z4YstoVyY8bLvid7FTjPTDLX69qGMB9aT3RRf6/cHMkHrRvHWizER +Ue3T+yyf2LdEx1p44Gc5Fxxy67AjYVFXzz94bHkCggEAalhNv0MXWKrpgsjCoHwu +f+kUp5GMdB6Ug0FzlkPq0f0gicKV355YaQ68/1SVuk0LT6+FOeVdrCBHY0b3sDMx +bES01WL3iSuQwh8JUFtHtD3Gnepi1YIHufnMCQvDzTEeGbyHgVt2N1LVU7R7YV37 +tDwYiFQVesExQm6Tix61sAYkd/sbdckN8Yh83ZCeK+ybPRkAXKWACXwpmIGOhasm +9LYghYbKbkaM5Sbrxhe1xOwinXu9nGzkEo/LhMrC9vljk85V8nRMqO7LrHgdU5O4 +mlAAHJj2867XjT4C0uBfO+JSKNbnW7qG0YDUltm+hmqg3wQwEzVabVClcBlMelkc +SwKCAQBV/7O+XUaNqLT+4KjkwT+2834nmutKdoBUa/wXjBDh9GjdOgPr0Wb5Bszs +ih3V7WtjKeZIkmLIV9Qm4Dpuo8VXfXhMZOv7wk1+ztwgZL9Ujv20ZvdE2otIIiOQ +b1taj0ZqbljrtYk2lKmIuoYasdL3nG3Ya0yQhd6NNsrP/vb7YQkkOpVvexV1FseH +s8Psk81zv8T7e0h/KAAHa++IiueLevjeL2qxK5rTPm7gv3/IpVBVI+jmi68WlTTT +VqMeOjBp1X+l1GE5qznysTHniHjmKV4cp4Se/dwjWW2064vRnVv5ypPxiKAi/xb9 +A1moPU7gBtqWAAUvERAZg/qKzKdG +-----END PRIVATE KEY----- diff --git a/automation/arenadata/vault/scripts/adb-only-policy.hcl b/automation/arenadata/vault/scripts/adb-only-policy.hcl new file mode 100644 index 0000000000..845855a27b --- /dev/null +++ b/automation/arenadata/vault/scripts/adb-only-policy.hcl @@ -0,0 +1,3 @@ +path "secret/*" { + capabilities = ["list", "read"] +} diff --git a/automation/arenadata/vault/scripts/vault.hcl b/automation/arenadata/vault/scripts/vault.hcl new file mode 100644 index 0000000000..49ed45f65f --- /dev/null +++ b/automation/arenadata/vault/scripts/vault.hcl @@ -0,0 +1,15 @@ +listener "tcp" { + address = "0.0.0.0:8200" + tls_disable = 0 + tls_cert_file = "/certs/certificate.pem" + tls_key_file = "/certs/key.pem" +} + +storage "inmem" { +} + +default_lease_ttl = "168h" +max_lease_ttl = "720h" +ui = true + +log_level = "trace" diff --git a/automation/arenadata/vault/scripts/workflow-vault.sh b/automation/arenadata/vault/scripts/workflow-vault.sh new file mode 100755 index 0000000000..5b2e709990 --- /dev/null +++ b/automation/arenadata/vault/scripts/workflow-vault.sh @@ -0,0 +1,97 @@ +#!/usr/bin/env bash + +# Set environment variables +export VAULT_ADDR='https://0.0.0.0:8200' +export VAULT_SKIP_VERIFY='true' +export ADB_CLUSTER_NAME=${ADB_CLUSTER_NAME:-adb-it} + +# Handler on vault stop to clean up generated credentials +termination_handler() { + echo "Termination signal received. Cleaning up credentials" + rm -f /env/* + exit 0 +} + +trap 'termination_handler' SIGTERM + +# Start Vault server in the background +vault server -config /scripts/vault.hcl & +sleep 5 + +# Initialize Vault and capture the output +vault operator init -key-shares=3 -key-threshold=2 -format=json > init_output.json + +# Check if the initialization was successful +if [ $? -ne 0 ]; then + echo "Vault initialization failed" + exit 1 +fi + +# Parse unseal keys and root token from the JSON output +UNSEAL_KEYS=$(jq -r ".unseal_keys_b64[]" init_output.json) +ROOT_TOKEN=$(jq -r ".root_token" init_output.json) + +if [ -z "$UNSEAL_KEYS" ] || [ -z "$ROOT_TOKEN" ]; then + echo "Failed to parse unseal keys or root token" + exit 1 +fi + +# Unseal Vault +for key in ${UNSEAL_KEYS}; do + vault operator unseal ${key} + if [ $? -ne 0 ]; then + echo "Failed to unseal Vault with key ${key}" + exit 1 + fi +done + +# Save root token for later use +echo ${ROOT_TOKEN} > root_token.txt + +# Export Vault root token +export VAULT_TOKEN=${ROOT_TOKEN} + +# Enable KV secrets engine +vault secrets enable -path=secret kv-v2 +if [ $? -ne 0 ]; then + echo "Failed to enable KV secrets engine" + exit 1 +fi + +# Enable the AppRole auth method +vault auth enable approle +if [ $? -ne 0 ]; then + echo "Failed to enable AppRole auth method" + exit 1 +fi + +# Create a policy adb-only +vault policy write adb-only /scripts/adb-only-policy.hcl +if [ $? -ne 0 ]; then + echo "Failed to write adb-only policy" + exit 1 +fi + +# Create an AppRole with the policy adb-only +vault write auth/approle/role/pxf policies="adb-only" +if [ $? -ne 0 ]; then + echo "Failed to create AppRole pxf" + exit 1 +fi + +# Retrieve the RoleID and SecretID for the AppRole +ROLE_ID=$(vault read -field=role_id auth/approle/role/pxf/role-id) +SECRET_ID=$(vault write -field=secret_id -f auth/approle/role/pxf/secret-id) + +# Save the RoleID and SecretID for later use +echo ${ROLE_ID} > /env/role_id +echo ${SECRET_ID} > /env/secret_id + +# PXF secrets +yq -o=json eval /secrets/pxf/pxf-service.yml | vault kv put -mount=secret adb/"$ADB_CLUSTER_NAME"/service/pxf - + +vault token create -policy="adb-only" + +echo "Vault setup completed successfully" + +wait diff --git a/automation/arenadata/vault/secrets/pxf/pxf-service.yml b/automation/arenadata/vault/secrets/pxf/pxf-service.yml new file mode 100644 index 0000000000..c75c352646 --- /dev/null +++ b/automation/arenadata/vault/secrets/pxf/pxf-service.yml @@ -0,0 +1,4 @@ +server: + ssl: + key-store-password: '123456' + trust-store-password: '123456' \ No newline at end of file diff --git a/cli/cmd/pxf.go b/cli/cmd/pxf.go index d2796229c8..6985e55ccb 100644 --- a/cli/cmd/pxf.go +++ b/cli/cmd/pxf.go @@ -22,8 +22,8 @@ const ( // For pxf migrate pxfConf envVar = "PXF_CONF" // For pxf profile reload - pxfHost envVar = "PXF_HOST" - pxfPort envVar = "PXF_PORT" + pxfProtocol envVar = "PXF_PROTOCOL" + pxfPort envVar = "PXF_PORT" ) type messageType int @@ -75,25 +75,36 @@ func (cmd *command) GetFunctionToExecute() (func(string) string, error) { inputs[pxfBase]) }, nil case reload: + pxfDefaultProtocol := "http" pxfDefaultHost := "localhost" pxfDefaultPort := "5888" + var pxfProtocolStr string var pxfHostStr string var pxfPortStr string - reloadCommandTemplate := "curl --silent --fail --show-error --request POST http://%s:%s/pxf/reload --header \"Content-Type: application/json\" --data '{\"profile\":\"%s\",\"server\":\"%s\"}'" - // Set pxf host - pxfHostStr, isPxfHostSet := os.LookupEnv(string(pxfHost)) - if !isPxfHostSet { - pxfHostStr = pxfDefaultHost + // Set pxf protocol + pxfProtocolStr, isPxfProtocolSet := os.LookupEnv(string(pxfProtocol)) + if !isPxfProtocolSet { + pxfProtocolStr = pxfDefaultProtocol } + reloadCommandTemplate := "" + if pxfProtocolStr == "https" { + reloadCommandTemplate = "curl -k --cacert ${PXF_SSL_CACERT_PATH} --cert ${PXF_SSL_CERT} --key ${PXF_SSL_KEY} --silent --fail --show-error --request POST %s://%s:%s/pxf/reload --header \"Content-Type: application/json\" --data '{\"profile\":\"%s\",\"server\":\"%s\"}'" + } else { + reloadCommandTemplate = "curl --silent --fail --show-error --request POST %s://%s:%s/pxf/reload --header \"Content-Type: application/json\" --data '{\"profile\":\"%s\",\"server\":\"%s\"}'" + } + + // Set pxf host to localhost as we cannot run curl remotely for security reason + pxfHostStr = pxfDefaultHost + // Set pxf port pxfPortStr, isPxfPortSet := os.LookupEnv(string(pxfPort)) if !isPxfPortSet { pxfPortStr = pxfDefaultPort } - reloadCommand := fmt.Sprintf(reloadCommandTemplate, pxfHostStr, pxfPortStr, ReloadProfileName, ReloadServerName) + reloadCommand := fmt.Sprintf(reloadCommandTemplate, pxfProtocolStr, pxfHostStr, pxfPortStr, ReloadProfileName, ReloadServerName) if !ReloadAutoConfirm { cmd.warn = true err := cmd.Warn(os.Stdin) diff --git a/server/gradle.properties b/server/gradle.properties index d38e50109e..b0747ac39c 100644 --- a/server/gradle.properties +++ b/server/gradle.properties @@ -26,6 +26,7 @@ junitVersion=4.11 parquetVersion=1.13.1 awsJavaSdk=1.12.261 springBootVersion=3.2.3 +springCloudVaultVersion=4.1.3 org.gradle.daemon=true org.gradle.parallel=false orcVersion=1.6.13 diff --git a/server/pxf-service/build.gradle b/server/pxf-service/build.gradle index 6e913de1c9..1969d5ae03 100644 --- a/server/pxf-service/build.gradle +++ b/server/pxf-service/build.gradle @@ -43,6 +43,7 @@ dependencies { //implementation('org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:3.1.7') implementation("com.univocity:univocity-parsers") implementation("org.springframework:spring-web") + implementation("org.springframework.cloud:spring-cloud-starter-vault-config:${springCloudVaultVersion}") implementation("org.apache.hadoop:hadoop-hdfs-client") { transitive = false } implementation("org.apache.hadoop:hadoop-auth") { transitive = false } diff --git a/server/pxf-service/src/main/resources/application.properties b/server/pxf-service/src/main/resources/application.properties index 835aed53ec..3af023a986 100644 --- a/server/pxf-service/src/main/resources/application.properties +++ b/server/pxf-service/src/main/resources/application.properties @@ -22,6 +22,46 @@ pxf.service.kerberos.constrained-delegation.credential-cache.expiration=1d spring.profiles.active=default +# SSL configuration +# enable/disable SSL +server.ssl.enabled=${PXF_SSL_ENABLED:false} +# the list of supported TLS protocols (separated by comma) +server.ssl.enabled-protocols=${PXF_SSL_ENABLED_PROTOCOLS:TLSv1.2} +# path to the keystore with server private key and signed server certificate +server.ssl.key-store=${PXF_SSL_KEY_STORE_PATH:classpath:cert/server.p12} +# password to the keystore +server.ssl.key-store-password=${PXF_SSL_KEY_STORE_PASSWORD:} +# type of the keystore +server.ssl.key-store-type=${PXF_SSL_KEY_STORE_TYPE:PKCS12} +# client authentication method. NONE won't check certificate, NEED - for mTLS +server.ssl.client-auth=${PXF_SSL_CLIENT_AUTH:NONE} +# path to the truststore with client private key and signed client certificate +server.ssl.trust-store=${PXF_SSL_TRUST_STORE_PATH:classpath:cert/truststore.p12} +# password to the truststore +server.ssl.trust-store-password=${PXF_SSL_TRUST_STORE_PASSWORD:} +# type of the truststore +server.ssl.trust-store-type=${PXF_SSL_TRUST_STORE_TYPE:PKCS12} + +# Vault integration +spring.cloud.vault.enabled=${PXF_VAULT_ENABLED:false} +spring.cloud.vault.kv.enabled=${PXF_VAULT_KV_ENABLED:true} +spring.cloud.vault.kv.backend=${PXF_VAULT_MOUNT_PATH:secret} +spring.cloud.vault.kv.application-name=${PXF_VAULT_SECRET_PATH:} +spring.cloud.vault.kv.default-context=${PXF_VAULT_DEFAULT_CONTEXT:} +spring.cloud.vault.kv.profiles=${PXF_VAULT_KV_PROFILES:} +spring.cloud.vault.fail-fast=${PXF_VAULT_FAIL_FAST:true} +spring.cloud.vault.namespace=${PXF_VAULT_NAMESPACE} +spring.cloud.vault.host=${PXF_VAULT_HOST:vault} +spring.cloud.vault.port=${PXF_VAULT_PORT:8200} +spring.cloud.vault.scheme=${PXF_VAULT_SCHEME_TYPE:https} +spring.cloud.vault.authentication=${PXF_VAULT_AUTHENTICATION_TYPE:approle} +spring.cloud.vault.app-role.role-id=${PXF_VAULT_ROLE_ID} +spring.cloud.vault.app-role.secret-id=${PXF_VAULT_SECRET_ID} +spring.cloud.vault.token=${PXF_VAULT_TOKEN} +spring.cloud.vault.ssl.trust-store=${PXF_VAULT_SSL_TRUST_STORE:file:/opt/ssl/certs/pxf.jks} +spring.cloud.vault.ssl.trust-store-password=${PXF_VAULT_SSL_TRUST_STORE_PASSWORD:123456} +spring.config.import=optional:${PXF_VAULT_CONFIG_IMPORT:vault://} + # server network interface and port to bind the listening socket to, use localhost by default for local traffic only server.address=localhost server.port=${pxf.port:5888} diff --git a/server/pxf-service/src/scripts/pxf b/server/pxf-service/src/scripts/pxf index 0da7fd7a79..034c697238 100755 --- a/server/pxf-service/src/scripts/pxf +++ b/server/pxf-service/src/scripts/pxf @@ -56,6 +56,12 @@ export PXF_LOGDIR=${PXF_LOGDIR:=${PXF_BASE}/logs} # Path to Run directory export PXF_RUNDIR=${PXF_RUNDIR:=${PXF_BASE}/run} +# Protocol +export PXF_PROTOCOL=${PXF_PROTOCOL:-http} + +# Hostname +export PXF_HOST=${PXF_HOST:-localhost} + # Port export PXF_PORT=${PXF_PORT:=5888} @@ -128,9 +134,15 @@ function waitForSpringBoot() { echo_after_attempts=$2 # only start echoing after this number of attempts sleep_time=1 # sleep 1 second between attempts + if [[ "$PXF_PROTOCOL" = "https" ]]; then + curl_command="$curl --cacert ${PXF_SSL_CACERT_PATH} --cert ${PXF_SSL_CERT} --key ${PXF_SSL_KEY} --silent --connect-timeout 1 -I ${PXF_PROTOCOL}://${PXF_HOST}:${PXF_PORT}" + else + curl_command="$curl --silent --connect-timeout 1 -I ${PXF_PROTOCOL}://${PXF_HOST}:${PXF_PORT}" + fi + # wait until spring boot is up: echoYellow 'Checking if PXF is up and running...' - until $curl --silent --connect-timeout 1 -I "http://localhost:$PXF_PORT" | grep 'PXF Server' > /dev/null; do + until $curl_command | grep 'PXF Server' > /dev/null; do if (( ++attempts == max_attempts )); then echoRed 'ERROR: PXF is down - the application is not running' return 1 @@ -151,7 +163,13 @@ function waitForSpringBoot() { function checkWebapp() { waitForSpringBoot "$1" "$2" || return 1 - curlResponse=$($curl -s "http://localhost:${PXF_PORT}/actuator/health") + if [[ "$PXF_SSL_ENABLED" = true ]]; then + curl_response_command="$curl -s --cacert ${PXF_SSL_CACERT_PATH} --cert ${PXF_SSL_CERT} --key ${PXF_SSL_KEY} ${PXF_PROTOCOL}://${PXF_HOST}:${PXF_PORT}/actuator/health" + else + curl_response_command="$curl -s ${PXF_PROTOCOL}://${PXF_HOST}:${PXF_PORT}/actuator/health" + fi + + curlResponse=$($curl_response_command) [[ $curlResponse == {\"status\":\"UP\"* ]] || fail "PXF is inaccessible. Check logs ($PXF_LOGDIR) for more information" return 0 From 0f2d99ccee85321d2e51cde4f9e41a5f8ac4e9bb Mon Sep 17 00:00:00 2001 From: Roman Zolotov Date: Thu, 28 Nov 2024 13:42:27 +0200 Subject: [PATCH 2/5] ADBDEV-6581: Update entrypoint script --- .../arenadata/scripts/start_adb_cluster.sh | 69 +++++++++---------- 1 file changed, 34 insertions(+), 35 deletions(-) diff --git a/automation/arenadata/scripts/start_adb_cluster.sh b/automation/arenadata/scripts/start_adb_cluster.sh index f610c860c2..8c30ae4304 100644 --- a/automation/arenadata/scripts/start_adb_cluster.sh +++ b/automation/arenadata/scripts/start_adb_cluster.sh @@ -187,48 +187,48 @@ if [ "$HOSTNAME" == "$DOCKER_GP_MASTER_SERVER" ]; then echo "Run Greenplum cluster installation" echo "----------------------------------" - echo "--------------------" - echo "Check SSH connection" - echo "--------------------" - max_iterations=60 + echo "---------------------------------" + echo "Check ssh connection to the hosts" + echo "---------------------------------" + max_iterations=20 wait_seconds=5 iterations=0 while true do ((iterations++)) - echo "Try to connect to the hosts by ssh. Attempt $iterations" - all_available=1 + echo "Check SSH connection. Attempt $iterations" + status=0 for server in $DOCKER_GP_CLUSTER_HOSTS do - status=$(sudo -H -u gpadmin bash -c "ssh -o PasswordAuthentication=no $server 'exit'") - if [ $? -eq 0 ]; then - echo "Server $server is available by ssh" - else - echo "Failed to connect to $server by ssh" - all_available=0 - fi + echo "Check SSH connection to the $server" + sudo -H -u gpadmin bash -c -l "ssh -o PasswordAuthentication=no $server 'exit'" + if ! [ $? -eq 0 ]; then + echo "Server $server is not available for ssh connection. We will try again..." + status=1 + break + fi done - if [ $all_available -eq 1 ]; then - echo "All ADB servers are available by ssh" + if [ $status -eq 0 ]; then + echo "All Greenplum servers are available for SSH connection" break elif [ "$iterations" -ge "$max_iterations" ]; then - echo "Failed to connect to some ADB server by ssh after $max_iterations tries. Exit from script!" + echo "Error to connect to some Greenplum server via SSH after $max_iterations tries. Exit from script!" exit 1 + else + echo "Wait $wait_seconds seconds and try again to connect to the servers" + sleep $wait_seconds fi - sleep $wait_seconds done echo "-------------------------" echo "Install Greenplum cluster" echo "-------------------------" - sudo -H -u gpadmin bash -c "source /home/gpadmin/.bash_profile && - /usr/local/greenplum-db-devel/bin/gpinitsystem -a -I /home/gpadmin/gpdb_src/gpAux/gpdemo/create_cluster.conf -l /home/gpadmin/gpAdminLogs" + sudo -H -u gpadmin bash -c -l "/usr/local/greenplum-db-devel/bin/gpinitsystem -a -I /home/gpadmin/gpdb_src/gpAux/gpdemo/create_cluster.conf -l /home/gpadmin/gpAdminLogs" - # Check cluster echo "-------------------------------------" echo "Check connection to Greenplum cluster" echo "-------------------------------------" - result="$( sudo -H -u gpadmin bash -c "source /home/gpadmin/.bash_profile && /usr/local/greenplum-db-devel/bin/psql -d postgres -Atc 'SELECT 1;'" )" + result="$( sudo -H -u gpadmin bash -c -l "psql -d postgres -Atc 'SELECT 1;'" )" if [ "${result}" == "1" ]; then echo "--------------------------------------------" echo "Fantastic!!! Greenplum cluster is available!" @@ -238,7 +238,7 @@ if [ "$HOSTNAME" == "$DOCKER_GP_MASTER_SERVER" ]; then echo "------------------------------" echo "Activate standby master server" echo "------------------------------" - sudo -H -u gpadmin bash -c "source /home/gpadmin/.bash_profile && /usr/local/greenplum-db-devel/bin/gpinitstandby -a -s $DOCKER_GP_STANDBY_SERVER" + sudo -H -u gpadmin bash -c -l "/usr/local/greenplum-db-devel/bin/gpinitstandby -a -s $DOCKER_GP_STANDBY_SERVER" fi else echo "-------------------------------------" @@ -247,23 +247,22 @@ if [ "$HOSTNAME" == "$DOCKER_GP_MASTER_SERVER" ]; then exit 1; fi - echo "---------------------------------------------------" - echo "Configuration and installation Greenplum extensions" - echo "---------------------------------------------------" - sudo -H -u gpadmin bash -c "source /home/gpadmin/.bash_profile && - psql -d postgres -Atc 'CREATE EXTENSION IF NOT EXISTS pxf;' && - psql -d postgres -Atc 'CREATE EXTENSION IF NOT EXISTS pxf_fdw;' && - echo 'local all testuser trust' >> /data1/master/gpseg-1/pg_hba.conf && - echo 'host all gpadmin 0.0.0.0/0 trust' >> /data1/master/gpseg-1/pg_hba.conf && - echo 'host all all 0.0.0.0/0 md5' >> /data1/master/gpseg-1/pg_hba.conf && - gpconfig -c gp_resource_manager -v group && - gpstop -aM fast && gpstart -a" + echo "-------------------" + echo "Configure Greenplum" + echo "-------------------" + sudo -H -u gpadmin bash -c -l "psql -d postgres -Atc 'CREATE EXTENSION IF NOT EXISTS pxf;' && + psql -d postgres -Atc 'CREATE EXTENSION IF NOT EXISTS pxf_fdw;' && + echo 'local all testuser trust' >> /data1/master/gpseg-1/pg_hba.conf && + echo 'host all gpadmin 0.0.0.0/0 trust' >> /data1/master/gpseg-1/pg_hba.conf && + echo 'host all all 0.0.0.0/0 md5' >> /data1/master/gpseg-1/pg_hba.conf && + gpconfig -c gp_resource_manager -v group && + gpstop -aM fast && gpstart -a" else echo "-------------------------" echo "Starting Greenplum server" echo "-------------------------" - sudo -H -u gpadmin bash -c "source /home/gpadmin/.bash_profile && gpstart -a" - result="$( sudo -H -u gpadmin bash -c "source /home/gpadmin/.bash_profile && /usr/local/greenplum-db-devel/bin/psql -d postgres -Atc 'SELECT 1;'" )" + sudo -H -u gpadmin bash -c -l "gpstart -a" + result="$( sudo -H -u gpadmin bash -c -l "psql -d postgres -Atc 'SELECT 1;'" )" if [ "${result}" == "1" ]; then echo "--------------------------------------------" echo "Fantastic!!! Greenplum cluster is available!" From c5e9e27a77870ada5f22d8c54c5030c279f955d7 Mon Sep 17 00:00:00 2001 From: Roman Zolotov Date: Tue, 3 Dec 2024 11:46:00 +0200 Subject: [PATCH 3/5] ADBDEV-6581: Change the environment variable name of the CA certificate --- automation/arenadata/docker-compose-ssl.yaml | 6 +++--- cli/cmd/pxf.go | 2 +- server/pxf-service/src/scripts/pxf | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/automation/arenadata/docker-compose-ssl.yaml b/automation/arenadata/docker-compose-ssl.yaml index dfe91ea18a..c20502b299 100644 --- a/automation/arenadata/docker-compose-ssl.yaml +++ b/automation/arenadata/docker-compose-ssl.yaml @@ -37,7 +37,7 @@ services: - PXF_SSL_KEY_STORE_PATH=/opt/ssl/certs/pxf.jks - PXF_SSL_TRUST_STORE_PATH=/opt/ssl/certs/pxf.jks - PXF_SSL_CLIENT_AUTH=NEED - - PXF_SSL_CACERT_PATH=/opt/ssl/certs/ca-cert + - PXF_SSL_CACERT=/opt/ssl/certs/ca-cert - PXF_SSL_CERT=/opt/ssl/certs/pxf-client.pem - PXF_SSL_KEY=/opt/ssl/certs/pxf-client.key volumes: @@ -77,7 +77,7 @@ services: - PXF_SSL_KEY_STORE_PATH=/opt/ssl/certs/pxf.jks - PXF_SSL_TRUST_STORE_PATH=/opt/ssl/certs/pxf.jks - PXF_SSL_CLIENT_AUTH=NEED - - PXF_SSL_CACERT_PATH=/opt/ssl/certs/ca-cert + - PXF_SSL_CACERT=/opt/ssl/certs/ca-cert - PXF_SSL_CERT=/opt/ssl/certs/pxf-client.pem - PXF_SSL_KEY=/opt/ssl/certs/pxf-client.key volumes: @@ -114,7 +114,7 @@ services: - PXF_SSL_KEY_STORE_PATH=/opt/ssl/certs/pxf.jks - PXF_SSL_TRUST_STORE_PATH=/opt/ssl/certs/pxf.jks - PXF_SSL_CLIENT_AUTH=NEED - - PXF_SSL_CACERT_PATH=/opt/ssl/certs/ca-cert + - PXF_SSL_CACERT=/opt/ssl/certs/ca-cert - PXF_SSL_CERT=/opt/ssl/certs/pxf-client.pem - PXF_SSL_KEY=/opt/ssl/certs/pxf-client.key volumes: diff --git a/cli/cmd/pxf.go b/cli/cmd/pxf.go index 6985e55ccb..a3fdd762a6 100644 --- a/cli/cmd/pxf.go +++ b/cli/cmd/pxf.go @@ -90,7 +90,7 @@ func (cmd *command) GetFunctionToExecute() (func(string) string, error) { reloadCommandTemplate := "" if pxfProtocolStr == "https" { - reloadCommandTemplate = "curl -k --cacert ${PXF_SSL_CACERT_PATH} --cert ${PXF_SSL_CERT} --key ${PXF_SSL_KEY} --silent --fail --show-error --request POST %s://%s:%s/pxf/reload --header \"Content-Type: application/json\" --data '{\"profile\":\"%s\",\"server\":\"%s\"}'" + reloadCommandTemplate = "curl -k --cacert ${PXF_SSL_CACERT} --cert ${PXF_SSL_CERT} --key ${PXF_SSL_KEY} --silent --fail --show-error --request POST %s://%s:%s/pxf/reload --header \"Content-Type: application/json\" --data '{\"profile\":\"%s\",\"server\":\"%s\"}'" } else { reloadCommandTemplate = "curl --silent --fail --show-error --request POST %s://%s:%s/pxf/reload --header \"Content-Type: application/json\" --data '{\"profile\":\"%s\",\"server\":\"%s\"}'" } diff --git a/server/pxf-service/src/scripts/pxf b/server/pxf-service/src/scripts/pxf index 034c697238..863938494d 100755 --- a/server/pxf-service/src/scripts/pxf +++ b/server/pxf-service/src/scripts/pxf @@ -135,7 +135,7 @@ function waitForSpringBoot() { sleep_time=1 # sleep 1 second between attempts if [[ "$PXF_PROTOCOL" = "https" ]]; then - curl_command="$curl --cacert ${PXF_SSL_CACERT_PATH} --cert ${PXF_SSL_CERT} --key ${PXF_SSL_KEY} --silent --connect-timeout 1 -I ${PXF_PROTOCOL}://${PXF_HOST}:${PXF_PORT}" + curl_command="$curl --cacert ${PXF_SSL_CACERT} --cert ${PXF_SSL_CERT} --key ${PXF_SSL_KEY} --silent --connect-timeout 1 -I ${PXF_PROTOCOL}://${PXF_HOST}:${PXF_PORT}" else curl_command="$curl --silent --connect-timeout 1 -I ${PXF_PROTOCOL}://${PXF_HOST}:${PXF_PORT}" fi @@ -164,7 +164,7 @@ function checkWebapp() { waitForSpringBoot "$1" "$2" || return 1 if [[ "$PXF_SSL_ENABLED" = true ]]; then - curl_response_command="$curl -s --cacert ${PXF_SSL_CACERT_PATH} --cert ${PXF_SSL_CERT} --key ${PXF_SSL_KEY} ${PXF_PROTOCOL}://${PXF_HOST}:${PXF_PORT}/actuator/health" + curl_response_command="$curl -s --cacert ${PXF_SSL_CACERT} --cert ${PXF_SSL_CERT} --key ${PXF_SSL_KEY} ${PXF_PROTOCOL}://${PXF_HOST}:${PXF_PORT}/actuator/health" else curl_response_command="$curl -s ${PXF_PROTOCOL}://${PXF_HOST}:${PXF_PORT}/actuator/health" fi From 4fc40cba558678c094354d85ae2181b54ee00c78 Mon Sep 17 00:00:00 2001 From: Roman Zolotov Date: Tue, 3 Dec 2024 12:23:08 +0200 Subject: [PATCH 4/5] ADBDEV-6581: Change the certificate type format to PEM --- automation/arenadata/docker-compose-ssl.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/automation/arenadata/docker-compose-ssl.yaml b/automation/arenadata/docker-compose-ssl.yaml index c20502b299..4488ab3934 100644 --- a/automation/arenadata/docker-compose-ssl.yaml +++ b/automation/arenadata/docker-compose-ssl.yaml @@ -40,6 +40,7 @@ services: - PXF_SSL_CACERT=/opt/ssl/certs/ca-cert - PXF_SSL_CERT=/opt/ssl/certs/pxf-client.pem - PXF_SSL_KEY=/opt/ssl/certs/pxf-client.key + - PXF_SSL_CERT_TYPE=PEM volumes: - "vault-env:/vault/env:ro" - "./conf/ssl/certs:/opt/ssl/certs:ro" @@ -80,6 +81,7 @@ services: - PXF_SSL_CACERT=/opt/ssl/certs/ca-cert - PXF_SSL_CERT=/opt/ssl/certs/pxf-client.pem - PXF_SSL_KEY=/opt/ssl/certs/pxf-client.key + - PXF_SSL_CERT_TYPE=PEM volumes: - "vault-env:/vault/env:ro" - "./conf/ssl/certs:/opt/ssl/certs:ro" @@ -117,6 +119,7 @@ services: - PXF_SSL_CACERT=/opt/ssl/certs/ca-cert - PXF_SSL_CERT=/opt/ssl/certs/pxf-client.pem - PXF_SSL_KEY=/opt/ssl/certs/pxf-client.key + - PXF_SSL_CERT_TYPE=PEM volumes: - "vault-env:/vault/env:ro" - "./conf/ssl/certs:/opt/ssl/certs:ro" From 0c4a478511bfaec10ce5f041c8593e32ad212710 Mon Sep 17 00:00:00 2001 From: Roman Zolotov Date: Mon, 16 Dec 2024 10:44:08 +0200 Subject: [PATCH 5/5] ADBDEV-6581: Add DNS:localhost as subjectAltName for test environment certificate --- automation/arenadata/conf/ssl/certs/ca-cert | 56 +++--- .../arenadata/conf/ssl/certs/pxf-client.key | 54 +++--- .../arenadata/conf/ssl/certs/pxf-client.pem | 159 +++++++++++++++--- automation/arenadata/conf/ssl/certs/pxf.jks | Bin 7042 -> 7058 bytes .../arenadata/vault/certs/certificate.pem | 56 +++--- automation/arenadata/vault/certs/key.pem | 100 +++++------ 6 files changed, 271 insertions(+), 154 deletions(-) diff --git a/automation/arenadata/conf/ssl/certs/ca-cert b/automation/arenadata/conf/ssl/certs/ca-cert index 26f96ac558..00a428404f 100644 --- a/automation/arenadata/conf/ssl/certs/ca-cert +++ b/automation/arenadata/conf/ssl/certs/ca-cert @@ -1,30 +1,30 @@ -----BEGIN CERTIFICATE----- -MIIFFTCCAv2gAwIBAgIUHolZhRFmeXWGQDUfp2ky44DUR5IwDQYJKoZIhvcNAQEL -BQAwGjEYMBYGA1UEAwwPU1NMLVNlY3VyaXR5LUNBMB4XDTI0MTExMTIzNDQ1NloX -DTM0MTEwOTIzNDQ1NlowGjEYMBYGA1UEAwwPU1NMLVNlY3VyaXR5LUNBMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqfkVkLBs7aFgu+HhNOPxi7LgSC9i -GBNjxD9KD0ABtrARyRWsILkU38Zy2i7FOJ1DZ07ZcV6ELkAlNpc7Opja/x9zOrHa -JQAvBkkllc31kcJ5mSHgkOlww+gt1cGLsrkeP1YoR96RqJ4vsK7FP+XBS8z5K37N -xVj3tmODYZqTdjRX+ee9DL2lI54vNimkGHQznEomERK0xvpja6u7xr18CBipeMUe -EsFhIU0PW3NxMl84TqsdJigReOJx/3Hzggbd367f5yonSiq60KQqw0Qo0JhMUmQZ -jBeSK452eHoJSK3Uz7aTEA7Tc3YKvFrWBFENie423BLzErF6EwepzU+iVSr7Uc3g -812lnUZTQfIXzGQ0FFgNdl+2gvJ+FvsLoFI/yppuyB9oSu9FRmwpqRZ8xcJ0bSDT -6vu21oV5tfep/4cjDxWq38lk+8QemlVA9nrMk2QNyVQT+NcOeXS/ijTIZ8KwPqPm -554BODxKr8TNMMf7KEARa7sTZOGsHy09YosvBcwg0C9+/17FHWxsb4BqpLcd0FfK -6b2rG596+62M3iD3FXG27rJi9qN8hx37kzHo1herUCK+VMzkGN5MoF/KJDEy83xZ -XPUDQ+UN0anheMY1p+yVYixhTFlHTG5MgLVTWjfJWWs2c9fa5CLut8+X/R3zFt9D -ZArj3b2qxhrEN/0CAwEAAaNTMFEwHQYDVR0OBBYEFF56+WTUlez31PgtJiLoFpJB -rJ7bMB8GA1UdIwQYMBaAFF56+WTUlez31PgtJiLoFpJBrJ7bMA8GA1UdEwEB/wQF -MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAJkSgPbPBa5G5oNiiBrK/WjBM5t1NOD7 -WMrpC8++DJDRT1u90zmdK+us8Ab9DvBXkbjVcO0XXNOoV6RsGJuVJdufcvxyF3O6 -UdjWREic26PV/+1mJpgu2suwGVjU0FOKUGlQZVwHvrG6YJcFAcyqeZVvCoMC2Omp -aSQ0Z+MlA6T+3fZCNIScVsFwaV63IjYdEkRsrou+NuXDEqR2zHJoXsZsgN1lFUu6 -x1vlKnw2DLhNOIWRTyLMfU9DIXq02UrD/lZjW6yszrmVBoFm1W0gP/T16GLo91+S -BY66R0LGBtzmIOzjjgvcfB2aTSO+wskr4S8UhWXp7O4kkFf69rg6ogZLZbR0XxSG -EEYe7aD96RxlQ3QUq5hWLtZ/Toj5fwTO8RDhA57b5J0nsNL1AnmN96VUVUadaxug -VHLQIwpjqNdCVGfcV/WMdAFY6TMGBAjUe5xZLo0cxodEkQ/lUP9nxLH8wIBcpSXp -VD2gQSJmbsr6Nk/iklk1FKiYs7xMFPVuQi4+oahwWC50N2mdhW/Xn8UZDyLpUTWt -M5ld5jjlOBEAtyP07pLQj+K1qv+vEBN4rLNtkSbKPJkkVgTqhFSwo2RLM8rFkAxr -B3nFzk7SxAQkwYXlnH2OQNTluWnH0r1MjQeU1VvQOjUduFOHDKpXciI9ajPxSVSF -EchTqpmNaBAY +MIIFFTCCAv2gAwIBAgIUXW9KLp/W8zBxrMxc85lzIMLKysAwDQYJKoZIhvcNAQEL +BQAwGjEYMBYGA1UEAwwPU1NMLVNlY3VyaXR5LUNBMB4XDTI0MTIxNjA3NTgxMloX +DTM0MTIxNDA3NTgxMlowGjEYMBYGA1UEAwwPU1NMLVNlY3VyaXR5LUNBMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3ErKIC2d+WSh9qAuLZbGXq7IIU/y +iD4JFNek/60N9HL6lMPR6u2DyX0ceHqCaAE09+cEWRicoebL19JDFCW3X7GDp9Bb +bfnX+SkUEJyoVlb8xIlGYuhohoTGe98d7qQSAmaZWXllOS3iKEQnvLLDFT0NaiaO +u9aR/Q5F+WQZws/XK75ZVrgm/jWHM9MfjzpgzuGVEex4r1BEQRODV3PfFEDwMEEX +0+8+jimk1yftNtsQiJ/zSRdTYkryxCSRvqhSy2XV9MI/yMpHwVit7AYsczFcA7O3 +TRKKkGxmM1Fqec5NesVQVCMFvtig3hmJ2nN5EV3DJo9pg+4VpbyToZabDiz2kVDJ +8Wm5YNSNrvbicajeELCE0qrS0nSQLBcvnAgjTGjJIZsD4n+eEm3OTnGfvjF4IVg1 +cTYF7Vy3EKnZpWkc2QBa/GGoIuwnCe3EV7mqz3I+Iyxs8mEgvqhyAc3AsJ/KOEG8 +q+gO01CKGV6IcIvGeQ1yMypHHmzowr5Jv+fFf2iSfa7va3N3cXiuY+BXLYAtU3+M +Ar8qrtS2YqP8BoMZUi8shQzhhpoPjmDtjJzCQ5SCrcLxfNMqZwrl0yq+vc/H+/wG +kvpw0hGS9PM47RiFohaW+tkoUKEa//XD3hqKP+zs9EiiNTCNquqm03gxa/e7tLzn +UBAVDTK+ustJyJsCAwEAAaNTMFEwHQYDVR0OBBYEFG5lb1aysCohceTvtQCVfQWv +y6kOMB8GA1UdIwQYMBaAFG5lb1aysCohceTvtQCVfQWvy6kOMA8GA1UdEwEB/wQF +MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAFer6p6bLbPmMasz9+ARfjG1ZoEbnxd/ +NPsRU7pN826B3AGoXOMj7ciIN3Nh8+rsaCS2RwN86/HF0jlC4A6r1NRvcOxSIswR +XSH+moxUPo6SIil/0b+eDEFf3jrXAMU+xXDHtgL5J/weNKw8/4VsjQL29T/KvGvK +IBSQ7IGsXHK3+b+72oYASEepMBbSSb5zOA1pMq3jRM3MbZqAMgNPVn2i6vGde+/d +MS9L3gWZbpfeOr3Ks57+4M4P7LzojXDLA2s5XYpbBL9jgCm8EARwvpo7QnGPB3C6 +Dyh7xsz6iOwLSVdY/T6PmmDY51Yewx+5VCUvCyGfEYj73eUbBp/AEKkSuXRl/ah4 +9MXmXCN8fvxOindJuRuuxltbKrj9E74SFHcZ9xUYWqwyE7X7X5VsNOJSkoCTIsD3 +DEaPo6RO9Grh1KiAeObQp50Kr4HZYz7W+Fc6n3f5ExUvb0mjDmvIVzj33HpT0w4y +Cjja0UhDDwqY1OcsnxuHByfg+NJLUMaWZfhasUmpFiuqqOlTjPz4KJdZVsnlT5DA +5CV6utTjziiv/l3T+eaUfoegf6PKt7ZKOBuknp7uTomcalxR5t5JC8g0A5rg2DWO +dwzYSe52zGV5sLhhS8sdMfpxL4tuzgvBL8W3/zoxWj7oT6cByCMhC8pV/ElXCJQE +CCAVmYoxlBzo -----END CERTIFICATE----- diff --git a/automation/arenadata/conf/ssl/certs/pxf-client.key b/automation/arenadata/conf/ssl/certs/pxf-client.key index 675563f5ee..47af04d3dc 100644 --- a/automation/arenadata/conf/ssl/certs/pxf-client.key +++ b/automation/arenadata/conf/ssl/certs/pxf-client.key @@ -1,32 +1,32 @@ Bag Attributes friendlyName: pxf - localKeyID: 54 69 6D 65 20 31 37 33 31 33 36 38 37 30 30 34 37 36 + localKeyID: 54 69 6D 65 20 31 37 33 34 33 33 35 38 39 34 34 30 35 Key Attributes: -----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDgipdjFjENt7U+ -rCK0UMVEz7QO6U8Qq1VjhBOeXHf2vwkID3Vb/G5bmd9xaqezx0HploVnNMF8CzCn -M/Z/GcjV0e/eooKNHkulQRU7lNwbAJvylFH2+UNhepDIGzzHsyPEtSl00KIkFzMi -ocblTs4dHppBcFkDcOgo6glJuAeKyTkrexYfGdSjvIM2RyTmSdam2qJF1c3nOxPl -IHdJYFXgF4uqCRWWUh9MOKAUb4QxectBr9EnkDPhja4RmlgQcYlTbH3RMyHTk25Y -mdcf5DMi+8U5NkJTKWSZVqTnCwKAxbkbJXsGu6Z3I9sHS1meWwxELACctdGiqcxj -UOfFj8V3AgMBAAECggEAAPuU97SNqL3gl7J2K8GHaNUwjbjSBUR9XlmiIlkiQfIK -bpQZaI/SxdOHFFPUrGdCBRfeY+9prLV51DQt2dbkN6IFwZIxgxTvsidLmf6n9fWg -jm+9ahjOMDDdTbA81FzsL6dhU+cOhpzpYYyWtm3hXg7tED3seHo33JH6/MJxmgG5 -rxiNMByCFAgihVE9UszopT+ZJG8UNp4JGdsUJux9u1Er6RjjAoC0ffV71e1Ks0wr -xulgKR7Y5AIEMoMAmzNluNcL65kgFl+ZslEtdbfbUa/rChJT2nu81EYr5Tu4IlRa -jwxhrPHc41h7d9fRJRbixoBbw14xV5hLqpFwz1mcPQKBgQDi/weTb4ZWpyfiUcf1 -5hR2nTnRuhz0HXSx9XUVTp9TTkalw0cQnTrLHu9TvbZdPZTDah/JPap2x5NCdVWi -e60nW2Z11GTzgD7QmQkBXgtMxvZvsFIRWkftGEOFe5zB3R/7tZYwCkFFHLsgmeLy -V6LkpQRFxagbnUnf1vCx4KhCiwKBgQD9O0POQS1HqDKOCzy3EnJDMDwPJCSQR2VZ -2hbGFiUhFf42buWfxbqpadl45RzZq92GzSmgPOSv/fKAjyYcL8Mc4qlGoZSY+xo+ -UvD6cWNafp3mIS6iMQb4der1HFd2l5wFoNDXQ7IDdEI4IP40yNlMUKTj/Z6OMlK/ -5WHOjOpCRQKBgE8Xk1kwy7sXpRL7cdPhJhIqOEI2Oe5o8Qcswm35JhSNupn5T6Kf -ViP+FF+2Q3t7gIESUh75aJLYeRv37C2gMDX9Z9b4eXBKqBhgqj2aug83aBiEdCPt -tBANm0FAT99Qn9tBayI0AIgHOcBjPis4k95dDP8OnsN4a4wdxWIFKDt/AoGAK2Jn -74JDG6+5WZSbRlImuVQeNgnfKcjRmF9A35cTrWNzNigxtvnNTRERbSDznGdRgLLN -muJT28MKNPRRdyrHpr8+eRddugfrKxpSptWeS/a9Xpv4vVjg9Nhe9LdyVKMM2/n9 -TaQPb4APiEY+xxRSBj0awuTEsV/1xWKrKxQBXnECgYBnRX9QYHTMpQN+UuJPohKZ -jUdzgXplDk5LxPtor4BLjmvXUI7AtO1JMMr/ZLtJXZenLSAOZUVTYXUqTjM5661a -7Au053b7nsr2LvZXNcTa4MaqLRVlZziHufmITCMZ8xb9PqtnLLhiePybRdVWIhC/ -04df7EwLJTtu9o7aIYaIqg== +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDXZzXf3fh6mulH +ng/OMKDFpj6RxnH9xbjmkLCHrUrp0A4LnUmpqrml7IwBFCPid9WYIF2zOfKZ0N8h +6Z0NJJaFU3pJV91tpgRnRAY0T4ZGe9PGVMOF8FNcqLbG1+9XkUghQjHnnRFOKQ0a +jOO/82zWGEMQ3iEci+SpRo46j1Q90wslC/9IYXlGKC6y+x2z8h/+0Zj+zxDn0YA5 +XTNAZkxFIyp+fOTyUcjhzoA4tvg98nSNZc6bTaci9SGAY4mbM01bHUezo58bWTY+ +XTf/zhs9Mq0fUVmI6O3zG7uuyo5AkBPoeVtLVw2PlmxzmWbBVDSEp8Gmy5RxZWvb +Kd7pfRG7AgMBAAECggEARddzuvIMaqiG4g9Ifaj7wApOuFJ5THjLIosgieVw6E3q +9+4YX9h42GlR3dmrZvdG/MvlxcKQvDni12qZXxURbwppmJVSOQa+38LJJjXwyjLF +MEX0nZ2WUfFsTh3ev2xeUFZXuwsM/ORHmOe8wtTJYcO9Hx9+6fQcAJzdafRmMqL9 +95f7MpdP/Qg76b325qUNd1lwZ4SfukUxRctkyhQHbQzO31Y2bZBjRVQU1FuzzxZv +aEs/8BwlcZ5wIiN9TiokPu2KMga3xjYz4KzyUQhwdL1qxkPgj3ksm/3++uGMIqdD +I+A2LhfTTQTPPmVNpEKnODg2g4Pz9JT/1FBQfwAj7QKBgQDZK7uDlM82eTwayvCK +RI+I+HJtpzoONYtF7PMFl+USsJ/V/4TDU4I/IkjIp3P11Cm2rT7LfK1NLwNHlF5w +/SMiXf8rrKBtSmXK6e+qScqEPVe5xELZvGr12Huv1Tpmo2pugZlp/Qgw6ZBRbc8u +UB6v1KoW6cZp7x2hk/+zlDbfJwKBgQD96pGuDvfnRc1ys4KmahQtsKyTkfmmrI2E +catOJnZBeejfPMlCCVLO0zKKUX6qdUY9KkDyg5mj7rSfpeWZXAhFn+RPlUx09oI7 +wBK0Y6SszARgDoGJDY6TTtM2MRSoQMHZMRRDdxBr+9FSr1TkFgHSyrsUFvEjP/2P +v4vKinxVTQKBgH6PhvLy2SOE2as/k5jwxblsGLuglivLtoOkyCf9Umlm928uPv/Z +/fCvGT2eoOylnT2xjwPlf9WYTU/8vmEYlM4le1zHeKLYlaQAW0ShRl10plhDcTYV +ITxu0f4xxJwmJhOKgY6MAKcIpqtd1DzIQmn0BL/fs1rvGBSe/Ih6GtRHAoGANvZR +dmXTD4KyiAOHYlJP79vwXzkX2xY6w9J/DDmTG3UyDTBxOBQgkphwtjQRwQAFpjPB +Pz1xQmTnQC9+1YVwXPHRT9C3bhH1+s0Gv3laKfU3dTtumqYOmKBVY8OX/xuVWlgf +VMMvENC/bLB7JawF1QUBHcYhiEnPrw/9SGhVpXkCgYEAlZ1JkHfyUvns+fLflS3c +uwmNoGcA2ETj+ZTVAaTQW7m7oc/dHGXk/GmZ8OuxyBNN61ZIO1ZGvB4Y/DGWfN0N +JUnjh4SzZSDmYMfzoRIOnjL57/SQN511IbUNsMd7e7xuNH3znsz88MN5mBB7Lk0d +1bhQ+3eQIuACvXa47hd+t1s= -----END PRIVATE KEY----- diff --git a/automation/arenadata/conf/ssl/certs/pxf-client.pem b/automation/arenadata/conf/ssl/certs/pxf-client.pem index 743617a72c..0052b9f339 100644 --- a/automation/arenadata/conf/ssl/certs/pxf-client.pem +++ b/automation/arenadata/conf/ssl/certs/pxf-client.pem @@ -1,23 +1,140 @@ +Bag Attributes + friendlyName: pxf + localKeyID: 54 69 6D 65 20 31 37 33 34 33 33 35 38 39 34 34 30 35 +subject=CN = pxf + +issuer=CN = SSL-Security-CA + -----BEGIN CERTIFICATE----- -MIID2jCCAcKgAwIBAgIUbcasatcUVVbJyvpwf0Z21bApocUwDQYJKoZIhvcNAQEL -BQAwGjEYMBYGA1UEAwwPU1NMLVNlY3VyaXR5LUNBMB4XDTI0MTExMTIzNDQ1N1oX -DTM0MTEwOTIzNDQ1N1owDjEMMAoGA1UEAxMDcHhmMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEA4IqXYxYxDbe1PqwitFDFRM+0DulPEKtVY4QTnlx39r8J -CA91W/xuW5nfcWqns8dB6ZaFZzTBfAswpzP2fxnI1dHv3qKCjR5LpUEVO5TcGwCb -8pRR9vlDYXqQyBs8x7MjxLUpdNCiJBczIqHG5U7OHR6aQXBZA3DoKOoJSbgHisk5 -K3sWHxnUo7yDNkck5knWptqiRdXN5zsT5SB3SWBV4BeLqgkVllIfTDigFG+EMXnL -Qa/RJ5Az4Y2uEZpYEHGJU2x90TMh05NuWJnXH+QzIvvFOTZCUylkmVak5wsCgMW5 -GyV7BrumdyPbB0tZnlsMRCwAnLXRoqnMY1DnxY/FdwIDAQABoyQwIjAgBgNVHREE -GTAXggNtZHeCBHNkdzGCBHNkdzKCBHNtZHcwDQYJKoZIhvcNAQELBQADggIBAFrO -cClAsTHyLmxdgdTeM7a0AHg5ppndOoLj3TDf+eqQiZNzvCuIqq2Y4/BLRXpB8/L+ -ef81UT49mtYnImPW15saYidopfsdboD+w+bvFfhcgpPl0EzGZ3/+9VHxk8ygVQVi -jaiG0wjF7am4IIDKpKw6lZ/69/Co98s/Uh9x/Yr1raXrFkxDBmD1nZnzsron7/40 -teYt9cX08eRBe2wmZiTHr3H1s5VHlY2oojpATkBLUFBqYmY9cTnmgllue83qF6+D -wvNAJBKqY2hSnom4SDo6PeepNUvDSj/jYc9rzzafU52P8n/rRQfGu82ZWGY+jen2 -eXnsCMhv/U6PnZAiYyJpbJrumJWtsbdtk99BopiilUjqoVWy39WAqrUkAPz1aY1j -uNS7Wk/mkKVT0Haa2jh/hvaeFa1f0ZgpNXg/d5GPP7lxOuM3L+jQPYlXf8qmQpTX -7LSiWHJGMGWzZ5BDtYRSVJQ57X7TimSrjMusiFA2z4MSDO7Ykw7RrmnPIrYPt1kt -bhlV9vfKu1ldRI9dPkqme3fsT2ocIl1MWB5ZDvuRcIs4kE7NKVkix8pvqWpgcNlu -1WrDeWWUHXg2ZAkmxHGI0PPTCfARUHo5pixqAtsVcazAHGfq/wI7jkfpxwdXPF8g -lJsxcAVnz8O87DRzOnesVvE4WAXSipD8H/YdlBZ/ +MIID5TCCAc2gAwIBAgIULVEVAzi+bNInYaEHrd70lL5FBfMwDQYJKoZIhvcNAQEL +BQAwGjEYMBYGA1UEAwwPU1NMLVNlY3VyaXR5LUNBMB4XDTI0MTIxNjA3NTgxM1oX +DTM0MTIxNDA3NTgxM1owDjEMMAoGA1UEAxMDcHhmMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA12c13934eprpR54PzjCgxaY+kcZx/cW45pCwh61K6dAO +C51Jqaq5peyMARQj4nfVmCBdsznymdDfIemdDSSWhVN6SVfdbaYEZ0QGNE+GRnvT +xlTDhfBTXKi2xtfvV5FIIUIx550RTikNGozjv/Ns1hhDEN4hHIvkqUaOOo9UPdML +JQv/SGF5Rigusvsds/If/tGY/s8Q59GAOV0zQGZMRSMqfnzk8lHI4c6AOLb4PfJ0 +jWXOm02nIvUhgGOJmzNNWx1Hs6OfG1k2Pl03/84bPTKtH1FZiOjt8xu7rsqOQJAT +6HlbS1cNj5Zsc5lmwVQ0hKfBpsuUcWVr2yne6X0RuwIDAQABoy8wLTArBgNVHREE +JDAiggNtZHeCBHNkdzGCBHNkdzKCBHNtZHeCCWxvY2FsaG9zdDANBgkqhkiG9w0B +AQsFAAOCAgEAgo9nCYTAgRjVLt540cu2YkdbhpZq8A9Y6XDAC+oAr0g+m1Ll63Gv +CYyocKbGQ9Kem181ggc4dS3caKfGGHzOnjrT0H0tZMnpmlkxTqFMavHP9lgqVDdA +Na/YHy2WbO/tODmvCqCIRvlLHG+X3clfUsqyBpmhwR1cH+Dm4Eg/58JD4B36EbR5 +9/ddxN8WQm1DEdVQ6gCVPUHiCP/zDW1kZ8cSF6UTPAWni4dHSnjv6ZgWxI1nNlfi +OHLNiVz8uD3e496b9mMEgmbesOslRFHpQGdT5Nwi30/vU/npp4/5g6B4Ou2Bvc07 +MAt7bXUEGMmY11zMtAOHq7DSsS2suKAhCEyWR5y3zVXw3JXuQyXBD8WDXywDPdht +gICoydDcTNl7xcKALniV/YKxwDDqIvArZeR3JjwsXiD4t8oIyNZaN2QccEwGwfjk +HKHzWY1mN5yij/59A7CMHfFfYtJU0Eq3R2GTa9yqwnYNY7FNdHgeyo88z9CkMOkf +iL1NkicIaPydZ2MF3udQrYt/AJDHLLQFY2rQATdWRhrCErLIQQqyv+nC2DrqQp73 +lJs6dMVpE3MPNwpFlzHO4rhdqLF0lwFB4ZAJ6r/OnCtbZ/HkCGxkRtBXikX1APJO +rQ9jNPf8VxHzy24QeOLqV+i9LWyCSYs6/u7Tr5UpJ/BMIF+1GZmGq4E= +-----END CERTIFICATE----- +Bag Attributes + friendlyName: CN=SSL-Security-CA +subject=CN = SSL-Security-CA + +issuer=CN = SSL-Security-CA + +-----BEGIN CERTIFICATE----- +MIIFFTCCAv2gAwIBAgIUXW9KLp/W8zBxrMxc85lzIMLKysAwDQYJKoZIhvcNAQEL +BQAwGjEYMBYGA1UEAwwPU1NMLVNlY3VyaXR5LUNBMB4XDTI0MTIxNjA3NTgxMloX +DTM0MTIxNDA3NTgxMlowGjEYMBYGA1UEAwwPU1NMLVNlY3VyaXR5LUNBMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3ErKIC2d+WSh9qAuLZbGXq7IIU/y +iD4JFNek/60N9HL6lMPR6u2DyX0ceHqCaAE09+cEWRicoebL19JDFCW3X7GDp9Bb +bfnX+SkUEJyoVlb8xIlGYuhohoTGe98d7qQSAmaZWXllOS3iKEQnvLLDFT0NaiaO +u9aR/Q5F+WQZws/XK75ZVrgm/jWHM9MfjzpgzuGVEex4r1BEQRODV3PfFEDwMEEX +0+8+jimk1yftNtsQiJ/zSRdTYkryxCSRvqhSy2XV9MI/yMpHwVit7AYsczFcA7O3 +TRKKkGxmM1Fqec5NesVQVCMFvtig3hmJ2nN5EV3DJo9pg+4VpbyToZabDiz2kVDJ +8Wm5YNSNrvbicajeELCE0qrS0nSQLBcvnAgjTGjJIZsD4n+eEm3OTnGfvjF4IVg1 +cTYF7Vy3EKnZpWkc2QBa/GGoIuwnCe3EV7mqz3I+Iyxs8mEgvqhyAc3AsJ/KOEG8 +q+gO01CKGV6IcIvGeQ1yMypHHmzowr5Jv+fFf2iSfa7va3N3cXiuY+BXLYAtU3+M +Ar8qrtS2YqP8BoMZUi8shQzhhpoPjmDtjJzCQ5SCrcLxfNMqZwrl0yq+vc/H+/wG +kvpw0hGS9PM47RiFohaW+tkoUKEa//XD3hqKP+zs9EiiNTCNquqm03gxa/e7tLzn +UBAVDTK+ustJyJsCAwEAAaNTMFEwHQYDVR0OBBYEFG5lb1aysCohceTvtQCVfQWv +y6kOMB8GA1UdIwQYMBaAFG5lb1aysCohceTvtQCVfQWvy6kOMA8GA1UdEwEB/wQF +MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAFer6p6bLbPmMasz9+ARfjG1ZoEbnxd/ +NPsRU7pN826B3AGoXOMj7ciIN3Nh8+rsaCS2RwN86/HF0jlC4A6r1NRvcOxSIswR +XSH+moxUPo6SIil/0b+eDEFf3jrXAMU+xXDHtgL5J/weNKw8/4VsjQL29T/KvGvK +IBSQ7IGsXHK3+b+72oYASEepMBbSSb5zOA1pMq3jRM3MbZqAMgNPVn2i6vGde+/d +MS9L3gWZbpfeOr3Ks57+4M4P7LzojXDLA2s5XYpbBL9jgCm8EARwvpo7QnGPB3C6 +Dyh7xsz6iOwLSVdY/T6PmmDY51Yewx+5VCUvCyGfEYj73eUbBp/AEKkSuXRl/ah4 +9MXmXCN8fvxOindJuRuuxltbKrj9E74SFHcZ9xUYWqwyE7X7X5VsNOJSkoCTIsD3 +DEaPo6RO9Grh1KiAeObQp50Kr4HZYz7W+Fc6n3f5ExUvb0mjDmvIVzj33HpT0w4y +Cjja0UhDDwqY1OcsnxuHByfg+NJLUMaWZfhasUmpFiuqqOlTjPz4KJdZVsnlT5DA +5CV6utTjziiv/l3T+eaUfoegf6PKt7ZKOBuknp7uTomcalxR5t5JC8g0A5rg2DWO +dwzYSe52zGV5sLhhS8sdMfpxL4tuzgvBL8W3/zoxWj7oT6cByCMhC8pV/ElXCJQE +CCAVmYoxlBzo +-----END CERTIFICATE----- +Bag Attributes + friendlyName: CARoot + 2.16.840.1.113894.746875.1.1: +subject=CN = SSL-Security-CA + +issuer=CN = SSL-Security-CA + +-----BEGIN CERTIFICATE----- +MIIFFTCCAv2gAwIBAgIUXW9KLp/W8zBxrMxc85lzIMLKysAwDQYJKoZIhvcNAQEL +BQAwGjEYMBYGA1UEAwwPU1NMLVNlY3VyaXR5LUNBMB4XDTI0MTIxNjA3NTgxMloX +DTM0MTIxNDA3NTgxMlowGjEYMBYGA1UEAwwPU1NMLVNlY3VyaXR5LUNBMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3ErKIC2d+WSh9qAuLZbGXq7IIU/y +iD4JFNek/60N9HL6lMPR6u2DyX0ceHqCaAE09+cEWRicoebL19JDFCW3X7GDp9Bb +bfnX+SkUEJyoVlb8xIlGYuhohoTGe98d7qQSAmaZWXllOS3iKEQnvLLDFT0NaiaO +u9aR/Q5F+WQZws/XK75ZVrgm/jWHM9MfjzpgzuGVEex4r1BEQRODV3PfFEDwMEEX +0+8+jimk1yftNtsQiJ/zSRdTYkryxCSRvqhSy2XV9MI/yMpHwVit7AYsczFcA7O3 +TRKKkGxmM1Fqec5NesVQVCMFvtig3hmJ2nN5EV3DJo9pg+4VpbyToZabDiz2kVDJ +8Wm5YNSNrvbicajeELCE0qrS0nSQLBcvnAgjTGjJIZsD4n+eEm3OTnGfvjF4IVg1 +cTYF7Vy3EKnZpWkc2QBa/GGoIuwnCe3EV7mqz3I+Iyxs8mEgvqhyAc3AsJ/KOEG8 +q+gO01CKGV6IcIvGeQ1yMypHHmzowr5Jv+fFf2iSfa7va3N3cXiuY+BXLYAtU3+M +Ar8qrtS2YqP8BoMZUi8shQzhhpoPjmDtjJzCQ5SCrcLxfNMqZwrl0yq+vc/H+/wG +kvpw0hGS9PM47RiFohaW+tkoUKEa//XD3hqKP+zs9EiiNTCNquqm03gxa/e7tLzn +UBAVDTK+ustJyJsCAwEAAaNTMFEwHQYDVR0OBBYEFG5lb1aysCohceTvtQCVfQWv +y6kOMB8GA1UdIwQYMBaAFG5lb1aysCohceTvtQCVfQWvy6kOMA8GA1UdEwEB/wQF +MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAFer6p6bLbPmMasz9+ARfjG1ZoEbnxd/ +NPsRU7pN826B3AGoXOMj7ciIN3Nh8+rsaCS2RwN86/HF0jlC4A6r1NRvcOxSIswR +XSH+moxUPo6SIil/0b+eDEFf3jrXAMU+xXDHtgL5J/weNKw8/4VsjQL29T/KvGvK +IBSQ7IGsXHK3+b+72oYASEepMBbSSb5zOA1pMq3jRM3MbZqAMgNPVn2i6vGde+/d +MS9L3gWZbpfeOr3Ks57+4M4P7LzojXDLA2s5XYpbBL9jgCm8EARwvpo7QnGPB3C6 +Dyh7xsz6iOwLSVdY/T6PmmDY51Yewx+5VCUvCyGfEYj73eUbBp/AEKkSuXRl/ah4 +9MXmXCN8fvxOindJuRuuxltbKrj9E74SFHcZ9xUYWqwyE7X7X5VsNOJSkoCTIsD3 +DEaPo6RO9Grh1KiAeObQp50Kr4HZYz7W+Fc6n3f5ExUvb0mjDmvIVzj33HpT0w4y +Cjja0UhDDwqY1OcsnxuHByfg+NJLUMaWZfhasUmpFiuqqOlTjPz4KJdZVsnlT5DA +5CV6utTjziiv/l3T+eaUfoegf6PKt7ZKOBuknp7uTomcalxR5t5JC8g0A5rg2DWO +dwzYSe52zGV5sLhhS8sdMfpxL4tuzgvBL8W3/zoxWj7oT6cByCMhC8pV/ElXCJQE +CCAVmYoxlBzo +-----END CERTIFICATE----- +Bag Attributes + friendlyName: vault + 2.16.840.1.113894.746875.1.1: +subject=CN = vault + +issuer=CN = vault + +-----BEGIN CERTIFICATE----- +MIIFGzCCAwOgAwIBAgIUYZMAZPLwOXOoXgf6qTWpkGDwNC4wDQYJKoZIhvcNAQEL +BQAwEDEOMAwGA1UEAwwFdmF1bHQwHhcNMjQxMjE2MDc1ODEyWhcNMzQxMjE0MDc1 +ODEyWjAQMQ4wDAYDVQQDDAV2YXVsdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC +AgoCggIBAPMkPbSIs6MbazBmJwURFuZ1orGx/O+lyL84ibvQna3OHNiP+YBuk6Qc +5+GIZxLsHmP+gXlEFm2dqk6jWPyMeGRRX5R+JX25s4SD9RY8z6Jdu1ErVS16ANUP +Z04aO+9psfSTLjYab1r5YKZFQU4VzC7cBAEe9RK2ADFAH/SjUmOdsKpsC+TSqAQH +wJGq6IPvh0dWQlYA0ebObNjxvQ2LbWoAuxBFXfWGzEDq5xVHGIAmwlXxA2W9h8At +EjsGuvxDyyFrT83tfaWQe6ClkZgxyYMjaO5iPiZgzvb765VCmfKl2HLKQElk9zGS +WtJi7HaxJ/1a0km589A4e0NPqnKmCN+FvPFlm5u39D73RfqKcSHu48JIrQTavgSL +wmuL1QpWLaixNBs7Fsf8Fl4A5fOSp/hI6HvWlVnZpzd61Z2Mtlf3129CifrFFE4B +YY6DYNy4HYIv5ogBTxv0eT6cpYeAYqVIbfkH0OhHDEecrnZEghSpnjTpSTda4rT0 +9qYjia9n7SF0MxaSTeEKfedk0ZlNTkdHcUjx5Cp9VpDIo8AG+O5DDCD4GYCOvrWc +kS0iM0XnS/k39ybX1gpVLVlhhkUA45F9sZpnMlOhM+hqoVId9upmf5/0nQEU1Jwr +x/V0yejS+dRMfaAdZCYzxzvTDCF6MgNBF5r36MdYHEDMz03g6JBfAgMBAAGjbTBr +MB0GA1UdDgQWBBQr9qIpllxs2LatP7za3RwGz17PATAfBgNVHSMEGDAWgBQr9qIp +llxs2LatP7za3RwGz17PATAPBgNVHRMBAf8EBTADAQH/MBgGA1UdEQQRMA+CBXZh +dWx0ggZ2YXVsdCowDQYJKoZIhvcNAQELBQADggIBAMG8WwSW/QKF1xkofp/V5mO/ +rumUs7WGBNjZGzdVQIv5YY01BoCtpLy9E6wkKoOtemIQWTbPaPL9RxewxcrfoDkp +cU+m1nhwjbAn14Q1wCdNpj2ZsM/fgwAwv+bun9VqyaLAfvmJBMMcWQNprKLA2xAk +xgsQFWMnkq5Vf0z+ekHSbb0s2iclgEhpWwrlM1vJz9Qsp3r+fIUo1qqFuw3codKC +Z1aNIvKRRvoXLTV44M1Y+/SqwySXMUhwAtI2aiexrKBmzHF8yXHsf1eG5b4hczqF +b4bmW8y2HmTxTAz05HcRIOm8Vj438yyJ0XkUGUiY4bBQ6YcSdyUG0Rikh68unvf6 +wIe6x8eTFZe04zbSy9zAL0pVOJV4oThYZTEhWv7MDheCftxltPrhq7xchriDq7cm +jM5i9ovBw7wyuDa6JE8uJQXJlvxGiwYwKr9zDSpseOzEfrfH7zw1SG+lVnYepPOI +CM9dZOMTh6yu068c/H1dMloNkp/pVEWEeVDdcB5IcQfyEOSNxBo7Y2ENU51rVhel +AMURx5A3kf9GYrQV2jmpN420d6WbreiQlsBbFb/0SrYU7LBJg5X4ld4GuUzoxd1P +zDR3J72HU2pFMWAm8dfXuCGkUA/bsrk1LdisaugKaHGDfhy9CxPBWJnJ+XnD98Ik +grSMleReqMbQC9UYqKri -----END CERTIFICATE----- diff --git a/automation/arenadata/conf/ssl/certs/pxf.jks b/automation/arenadata/conf/ssl/certs/pxf.jks index 04a8a35419250613e422a0dff4e932a45fd7f0fd..95b312acd547330f86324849f2d877aa90ecd572 100644 GIT binary patch delta 6907 zcmVEt0d5M+}p1|)w*BQZ>2s>qTD+N1l!yZn6wf&|b3Gp6YIVd2s5 z)cMfvGr4>&5w`>&)7Zi-ZO2220ZA^cEup#4A`c2O{~&9P4AR0^c*Nj(>M+XKM{0hS z795DLi1@VB#FT}}4!Q=y#^F(;(DVIPlWuwq=GxBGOP|7vX<#M*Oxo z*H(LgY33j;*XEs~>xp}j{luk#oru>foV&Pm;keJhA}i*U|Gt$yusIDmn9jAbo9p#4 zYj~ql@3I`GHDH8M7svUa^NF77K9nN29z3inOW*i+q}j~5-mp}aZbzn*szT!IP#5db zu07x96I1flQ%TE8UEDnYPbYuqU=aKinmaOV1)yIdw=!svR9E*aD5xfG6!wPfg&iAx zfE=}Euj*R6AB`k-=H*F72+o64@ILM=5$jHcHR0lm5R>!>e`vWAmSh+%j-qs@R@gSH zGXVEpob1)>l$u54r4HZMgO03$LVp{LtotHCLIhjo`!Xeri|^Fb)|G!-*%>&vYDoDu zYw>iu6OTi#Su`DK08nbSIPmTpp{V;S1LbW(Iwm-dYCu*fKBhX+*8mR|ObnjESeI&7 ztIq;;FTv+jsDFC>w8g!O*l}+B`9ddx%^L|dxx&T+6j4$N#}yMzfok+Ve2?bC>zRcC z^9A@3amkZ3R8rO;dUAiYtbTqDME3F>j;e~elcqMsAIDz-;X3<%oL-Rn{F!#p`itGD zE3S4*lIC00t@^VrUJ%0J%(xAV+>LnY_ACjrLQbCpVEl!xDQahxu)tg=7 zO!*Tg`Ml(v;%9$e)}C}6@I^}KHsmGULi$L1^d${O#oM?Cx`&|Z82B-0ztq2%VnBw< zT8Wp7PrY+5Vr%f(zBJ-A=Wbl=Q=szHCs^$2!$VDbtS60j0uyb8Us zM=|6rtJH2+{=*9acZxi+oN>^0NKd)I@B_Gk78=(ss9lXmM$hP+uS5+SqguT6$`R27(%?Rj0(c`%;#im(Y9_qb$DsGfeBMqxPJfB;*B5XJx=HYWUak{ zZx-6g+maEsKaTAp@%*P$=xWl!(~5siQc{@%9NbZ7PAhVOvpMB;EtF}F_rWJKLKHlv zfUdR|$^$$x;^loq`+GC#9tQOpUR(pz0yZpLR_lLJ;H01=K85>z-P6InTq-|s++&S^ z(PWPHtlaG@FfCDuKtwPweGZc(#udZier4n>zGTT=8NyQ*6THS*?uR3jT-S4aktIT5 z?3)dl#%eFVV6iWh@9n&q3q*q5cPd(>U;r9sRLiB9uIbYKF*-061_>&LNQU;)?n z=ZNZmOVOjojastwQi#s7iX>_FlPd-!f8_Wbn$*j0OwSZ3^)cNr41j_Z;3$6=Cij%t z;=$6i+t5URl%xTwIkNyWE#aNlHNls#`&2rOL?TdxWvUUC8APF*_&fC0c(^zmHJ;)T zq%23$A(0&&{n?*k<9cIG=XO12@hI#RugVUDZwC?e{v^mtpy2sI08Ln59wbBK@|yq(?#1p08krx^ge%0tc>) zvF6M!%G`;xJJNM#)8r^+Xpx-ze_)R_Q9rY1>mahrXTOfux?Y!F-i2HHLFs*&hGrIV z^^ER0-c<{wC5>QXO)oB2I@CoR>Hm0PS(z7$bfN&49$#j#Fh!F8>3;91hE;^G*`C9i zHJU^docDbzYUV-F-a|;bXy zm?SMM0IvVn8ZeBlxY~+v!1j3W@sYqXHL(B`s(}T7DVcWOi~lTnQU;ju;MPaBV3<69 zKXJ!M1~uN!htispN!Vixe+u|`h&0h${yKp8P^pQ9y3;=}^N1AmrR%-y&C~V$Su%Mn z@CgsWzVE;HH`{Hsx@q;b*f1+2jdc)Ig|oZapnIR7hwZ_|eDyQ==)KK7q>Dv?YA~9x z8`N?_zr5a)Ss7|XujUcwg;3m?ti6)WmHG+?-Z<9^w8&fqN;$a=fBc?o`~u8IeukvJ z+ZITdd+Gc__)v z!lAHwR+OZV89kP<|IXslr)v()$=e*)bNpOKWx;b~&{E-Z%E z2^C8**OGH1%nq73$QG|e$Q9LR_S;GJvKh@Df}yXB0}I}q7cc@5-d9P+uREFW-SBVu zD}__@KRbyh-zhD~;*4qR%4rMB;|wg)sUDtsK*8S4E9nKZgcV8qMkkYqGkll5(UKQI z=JBnURf0mwe|o|-Ly1h^#wOrd7g-f`#iWwJuTqsZ%TymAS!!v^S)v>?n{bXb>^JAeYF9?@(OE~{oKYgn~( z0*?tuWU*PjO9jR@v`S!_-xGNC-&uD|UEKQwpUEtbe|E0eP9+iIs)^QohG_oHx&4|S z#_{yge*TcmIrqR3jsd=O;Stk>zF<|&OS}lx4(>P--nqSxsrYb3Op3tI|EQ%8USAbq z0RHr*?y$?+)^`(QyOlz+@6v6?Oe2nIQ9-VcquZ`u$inZzh!;vfU1 zSRMy=uI!sh6E=(nX;t8CI$K@SOmJkAXv5&Cf0PPeCHOM@--Tn__+eClDBja6^@NZM zJ682NA2gkiu&^Vcv$wvWH(G&Am2nEWn^EYs)~~NgNYctfYSw(<1S!#cJ6~G*3-7>A zC7q{B)IKbu%z-H%pF<0`~unl%=!NlYaqlx&iPOivk#Fg?f8C zT%Rgn=ar`}A%EE~yU}ryvBT9sbWMrNe%>%OAPEI@O!8OB-lF1L}j=W`F5OzPN=2qg)} zrEW)?z$#OQ+3Gj(|6_SCYComa9MbEqhbP-`lx-xx&#V8=u3w!80N^~>r@C-~f8GE| z2q(Beqx3SSUO%dscU&xSL&K%ui3r|_iyF`apL2spdD?Md3Fdn5CXItb1z+q-QlC$A zKLu<&@v3Idf>p;a6Xf9TxXcb9;PjE<^qbU89n>O~CJy?n-$7i`7zGW8IQ?%t#2KWM zR!?JJ;wD3PXu7byCyXh9{GQ#me;LmOy9g`zcu9#VCyGUa!YpPyZ8BzSz+9e>w9f7K z@XM}!<)oCL#`Nb?ak?M*O@{GY;N`{&zEyIhB`7Vl#L(0wO7aU)+vInU(7;{;H2cs; zrOlHb3vu=@d%JF1<%J`QmtjFFu3XgR6<(=tk43(Z6wXA>DDatqQOw(1c zqky;SCLN^M_XSz-{kLO7A?jrc3QiQLg32Dbp4>qYIIXKaobb#l#5BG|e};ZypNtP3Zt#`-lYiN4E^^5{Pmt|&HOR+(a9G<~oqwGJ zW?Rb$Z2mFmyUd12R5tn^5ZCm)w*F7QdTNEazleYZj}axbuyBxi0=f~6lSH434?%jt zdI?U*Y2IikZ&m82gxq!S>!Gv5%u_!jSZ!{&)_dz+>@XL7Tf#!;f2ZVIIn=&EW+pKV z#pM*>^HYf84m=i4$H*RQ8dR6mpe-n3G4Rxmc7E4TaanAiZ5b$mCRq&Ix};WjvEjEM z0%CA8$Q9j?`0GXHa=HgG4cIvA7k+NzY)O$m&c|iub(ygFb{xOM#EcE3(CTH;qaX)G z^+ZL#2+R4+G-$x5e}~t-j;_Zt*DIL~v~X z!P@)DXqUOClD=CL7G-z_(T?U_?9?x3;4 zX8>g{YZgy=MFODoA4!={*Be^+Ubv>=TnE6I1rik1;!tBXGkyAwiqLN7SL3|Lgev6S zX3?M4aJxO1ZngNU$?4i>E==EWhzA54V3jXXTI3WriNq_UMA2H_I-C~}4-@p{fjzZV z%|-9H9Xz(0e+^!&CoD!E0|M%Ubg*`Wt(Xzo)UKxp)4+I#p1w9N*L>`)euALV(`|PS z>zzHMr^}y(v=;UzK|3F&tAJMF;_oL^KxYFALA-aXY?zgaz>SKz9NdoCfxLm9o;k{&eBr`KJd-yzy~eEeF(>}Eoqf1BlLmQ1HPE}tf0p|!A4V)p zSrDDqL&Vg*o$V?t%*RsTV9k5y1a=N<(K?a>q?K< zZ~eUbh*}HINj&zFjsr<@EHwZS|Hkzgb9Gj@r>8%n*&h8! z6fV?7b6Q`yKK^{)jayK5^(5=KCe#XPOTk_ke~ZffIlKa?%oUlGaRM-n8begq-FpLD zr;{OEN)fb@Z@lp+55?#N9h1b#M{D~~o!!twVa%}0(w2Ri8Ndvlntb3G}cs`DFRSgt%*-2gHI)$6;C z%#?c)UwEV0<;lm@2gS}aZh;vF@?aq2%-aBlS3ply8Fm1x_AC6)47$IAPq)wyDKy>s z;QO(dz?I$ykYq32k@WSLm|)&>qH~2k zYl!J8UYuZarVRQDB>%DvCm?U!AjrL2@clGz>|xtXAGk}r%VR|my^-8XW=KI#S`%Xn z%qWj7%mL-v`9o5!;_HX%14Urae@Q!E`CW+$(6E+D77hVC z7IUS3ctans%TIGuGxh?2*oY-aPx~9b?%Gq+qXn(9!3)S}3nEi$f6jsxC=X0? zi^en1NU^45lO#T5Rwtc~M3`vwhw1&+o{8JK@b$|$yawE7(k#}=+LA-l=;H@mX56Cx z=Hme~REWfdTD|>g^xC;a;N`nx3s`ovXIlmq!9mW#^+a+qm-?310V65Ly{K_uHhL1( z@`T_YmsXBl21EfwyP}C=WmMvB!15bR-fg~^F5L7v|zGreZkmy zweJnDog~+Ty@o{0T7-6Te7KjgCo^4UcJpq$*Gbn?qpB`%{6R!-4fqMh@b-+oU)O>K zPAw0bagc+#|KRWoCo16V!?=MauY)G0rOoN639)n-OcL~6j`;@^f63aQZRbE%lxAS> zN%K3Udh-YyKPRJKB>I8D0r5~n*_e!_S>i`gmS-tAk&&CRAwde#Vf_4=*;AL-R!t;g z9xw6Bpg^H!5S*Q|-V+;kxZ5q`4aAoeWfh~fXJBF(91i0Z!QCG!qjNM&XRJrALMGr$ z@sFbRBza3F&Y4vkfAqc52JLX4X{e?@`bMc^h^1{Qr^*hUX;pPag{*V%736QM#_dgf z2K=%Jq^*uxlp~qu=Dj<$Y!mgfIDb5RU(VU9h8$$l(~;5z-24ALST}=^;&EMdh&Z3$ z9xflZCf|>{z`867oHg#~mT#^b0HNWnNH%>ohS%2sl^yaLe<(&a2U0?N#D!s+8gj3r z#CqLdQbWuT$@C}y#Yv}yD5;%&U|NciVuBv!UH?Mgk+-0$En}G^1uEGa;2d1EleHP- zL_I%a^!uSbh#;Fbu0;UQLc(xgH&k@6dwB-njc|mZx4HAa##}S(@~Qy*mU*i+C%R`Y za&{pK8?z8Ke+X;}j;pHzh|S**Ys)pW7Z_wJdDc>@M%s69m`8A~_z{>5>%o+>E}nbF zZ!_ol6a91ni&A3@yf|P1!Ct?mXa6`oYh%px;`>eN_WFZ*C z7Xpj1gg!Co38CEbRyHxUvCc|(N5|L+?WjPt9plv?e=m=5&)q=EGoOM~JFZ*$)zFGf zp1TKxI6>3a))!Ib_Y?M$TOkuhNs!hy(h63R4`Z8Swu8KTi#}P`!Dq~?Nn#a7JY-o` zfk^~2K7&-JKI0DsYny%&lq79A)DEVw*Z-{bVguJB^E#1w*rTt($;*s}FrL$69yR%QAk(Ke^)YQ?n$){_V?IM@u&zE zf8#n|>6ncxEaBOvGE%ZU4!bvEJ>;wA%0I)@Dhe-JpdXl|16-XeK-*FYwo_2{$h(?( zrJ|uhov%0Z?y!bwr5p)if$AAefg*(p)W=h?Ci}Y|M)U%n5p_BZRm{sEcXRsj#$TeDf6hGa=MV)g{|+&WZVYFZPRPM^H5tpn(0we+ ziz%3JNM8=kZ@4j!SO`fkedABCDZRW`uf_K^w&B^~@ZTklClKyj BVVVE{ delta 6891 zcmV zf;jGlJGpFXHrS*1be?X!C~=&rs`Qy0DWM>&(F|PXg6YWDg3o1l_*v&yM)ze>R9dL1rsp4S+N7^1E9n9C5tW=FDZ{4bW*##Q?Y_2Ml5P7ycXwSZEV)@h&Y;6 zpL?cDpxAI?J#0a|IyB-Epvq)gPn^7f?~XwC6_yb&ot$6GKUIIS*?PtDIu#}}^-rL3 z0-Sgo9&i3dW*(J46>jx(*Csvm?b-sHLN)ax){jJ9ffy}XTb2Vl5&rH3QQu%o{P0JvDxc)bL zGo2W$Rv$W1#q5F1YLZj94l>FnzT7;gz|*bj81BL&^{qUj{dC;XeD2?Db5^KBS1H>@ zn`hWBUHW-!(5jjZF)kcLV@B|l3O!Ymw zTbrX;8pb=9Yt%SUBuTY5vfLs}F2p**MYc*9Y_gW4}YUC;&Cy<6cSTJJqa&=H=(DDhJ&EdZsCaDx%`1iF(x zCJ@1|+i@=(oksD=4U2Y#LlV1yhLa4f2?VQ&LNQU;)?n zrg(^2?%p1`4Z8vrk&qWoBv#lvlPd-!f5yVPWJ^W`YGZ$(75|*d3V?zX&`oWDDX~i; z6|tIh8su!b!VGjp*dX_#fe@;KX=E-qKCY?W30Y$S7#O}unFH!x!zO|v4=^EmUBcZG z3%sg=w2At_10r-P*UREWkp8Q(*|(_?{7`e|m0H zLjJY(t7oQ|I5Rc1)H1|pcK`52lS+M8_#0qkDLP9xUim#ldQ&jh>+_=D}E%y%MS2Z!sAl7qSJZ+kB z_z6Mpotz!mLz$uM8CmUz7;5Jdf6mW+Z(waiaQUkSYxRU_oznFx=|3b#4P(e9Eh{O4 z4SZ;jf*Ufd=4x8QEn>85(c6^2YL*9PSyVv#P4S=ZisscaWbP)OHLD2d$E~cnB4yco z0!85XC>GIgm!elGOksBDJrNDadC55nLQ#b~M-`#6nwy`TbYlr_|JRrgf2iFNWWMS9 zV>YGe)YU5m#P?)3^W)4anb0Em+dO8qTHEc{a#{m=*9NHG%;BRcxR&ngqn6~QuTtY| zu`be*!aX-D)GCz$C=lP>sgst^&qZwCX7~tA#p%GMn$S*sMSf@t>zXia0ASFGFtwk3 zk!mo>YD1hU2hx#e~lW#TZbxN$9Z_K zNu#wE@D-|q6|CFk%QJ}xM)8vWC-!+Czk@&c#;dsHoE}g1_M=}3-G?in@+Tr292Ug} zCORX0+|rGwPz9lw=XD1B@T(a+$*)#F0ZJ}be%__G@Ar%x*)_E@woqU zROYUlUvb!>J(o6r-U}21Wj)E__&bR(fX3&<+jJ<~oV4a_8cQ|bklYPK=}u=zxxhCg zY;HR029uJNQ2q+27LE0SC__oGd^vLRPstM^@AUK{yMb5-%iB>F%ABZ2e^w}4pI-fW9pYzIe$ zso>iEZl@me^IOFPdy5;W$z>^~p#2d3q=l3zSz+{HtHQa*g|L@7={Uqpr6id_mlC=A zkfdea2{Ug|A*w;<9D?saUzDn%B98)45hTp>*K>C^)dW^L6k`b$#m3q7c`Lnrc8g>2>(g4Dj_k(SliR6C4@ zoCnM8ZI9$9q$Gd^@19{gKVpHQAOGn zcZOUv04OZRy?J;R@Vi5}%dCJ^$qex5y}L_Je;LJr^kJMCqH)LCD%{l)BHD6ygosyT z(!zmz6iYTTbqvJiWygk6J%0V|3r9!*u&mBp#B6;IeN}+J2aEVn8ZjpoV^T-{#iK}- zo4g2avnQ+hj8mlTAH{#5ne1*$zxZ8#uOsJ0#qq!5fja*$txSLxS`s0+<$LQmETD(& ze}|&ibZ-I9{R={DDfsjO;j<&U76s+$hRibmwzq(D90Gp5D@#+JT}d*o#eBV^&SHr| zb{f(uh4Q!e9i`Q|pTtu56~9K4L`yF1j&f|QDjceuSpCN4mfybDQrx~n z)lw^(U$~lT>8(ijiu1I-<}G>W zGOvIGooFGU7@nrirb<8LkSUYj#(KL5Be#ajuV)9mCt#xA=NA5biVea3V!e>NhP zhh<(=QNYgF$sG&^Qw1|Skij0^HQg4?fy67q4(!gQ36S)5dgLW!0VSGyq!k$cSiFWy zx&0b|ZZ&hu9<{|d?J(F6lTFKCsWe<$RkMnyJ^)o^c8Hxqt8pbzqMUl{zQABnr`i0boL7({k3HiCh;f1spJh%K<6 zuEi;rI-2utdw{QyIwu?p zYfQ0}fP>Nx{VaZE)go+GN7^pf#)aljvQDHzV`B{fcc1qAMchXbkX(y3pk0-Bg7FE_REC; z1X3{StTurVIAJP2;87=i?E8KuC}<1!_}<9plTa1p-eat*HrBvL#X7ML$o1 z-2$h!{n{aoslM5=NdCKGzdnRc*Nh_DjTP(o!0_?Wy|0lu(`d8me`*@q4o}T6cEU2P zIkEW5vb1wu09>rzwm0ma8kYeQC9z;;`qkrDf}LL*_$Z(T45t*ih^h&j>>0Rbxz|3Y zexMQ`)ih=wR4kb;VRO?JxBp!4HL8CM`7AHh6$xl5{BHZ|EZN$;*Acs4zk9jim8Ft& zvABM%WshdBr5ntQe=?r*-n64ews46asd7@|&)GI}FH{<*hYHmZhim&jJ@Vc(o>9J_ zW!&u8)qzgroRkhtTcDJkK)g~_K431@ETxK2^;k{+1TXu85O1Dx85~oWwl`rw82p7Y z>jw2)d3GvGkOrW*BVc>u9lu<0zo}QPl)wlRbXd7@G=~80e{nvm{@fjtsxA+e>;Y*} zKIsUF7=JKfOTO#vJY;@zV|baM2*-c1^xC1_4YEeXiJx}Vd>wWr zb%EN9C~~Gg1$a$M#K6yF3GvEpu=8>z4(uvx6HtPjVC|}#0>$q98 z0>9j&>QE@fxzjCN-Lo>`S-vXno)^%S+NKTndsjy(S8WgdYb-aksh_T&*J=-U0I<_Z z$9*~dEhmwmsMkf419+_Lw%#>5-*>KzE}S))v&-ede~#ROF67r283mqSnBvCP8>KRL zgag@c!63b0{=c~Q$?>mP+e?K@yLASq8l%Ys!Fr00hPdiKGkXLQJk5^H*zBwQpa!l4AE_``9|Me#WRtAqV3K^^}`@R20sCZq|Up?*nA2eDg;%S zj&(3I9bPZk3E*IZi~#RLE8eHH&8MN@5zUG_e*+C@Gpoxx3W?kHR?u?A)jNc?bR6;u zKWs~XmzCCpt;8;a0@yRWR+WZG^e;#lzO0&i31UGa;>!+YMyEEg}|P)VQE zf8DHY0F>1z1~fo@>UpqvV)mmn{hW;yr6;^6WU9O5-Bg=BvpGBjmw8vdZmfsU^@?^O zL&PG!wxzV|u*{iN3nmDDaxbSUvo-Nc*Xv35wpuO||4HZ#N+zb7qO2}%vB_@Nfx&4l z4MKA`?TKVBpn)wlXv24QRs-bW!nW8te=tyHFiJ7$PU3F{Y7ql3-0I_23{`^mf7*F_ zTr@+n;%g=2?khv0H((55*3sef+EGnpu@T(;m0Hzax3$l3?w&7G{``wg@NgI%p0x&lpy$#?R~+MRB80WC?N zcXpY_oBv69Sa)z}yWp-$7~oSVH49$97dzCtNg>q2KW3Cw8DbQ_V*)aJhFF;1vM+xd zKPB+%hR(;Nlvwy%2_846ZVjK2V2wIULCMUOF)mYstad8YUc$deb@s+^yL}mdR(AM0 zf;V&L2RT8Lhu`>oj-NAkc+qHwf2FlXAih!|;2+0*EU*4e7cv{wa#QoQ@G?OS8d_x! z@Z@5XR`J#NGDy*ePLlsAypR@BzL+N&i=qqQl%*k+6BP9q>X~fey>)1VWET6Ip`79H zwlJ*D<0!1YB(>lMb-M{=Y2hseh2lv+$yV67gLOT~Sc6#`#YlrQAF$3%e?p15lF`A{ z^be?JMiQq||D{PQf*QO??^RaBJx)jU2t&_}uS6N{$rc-GX5Ncls1KO^GTQ`H)6%m4 zp7yRx4~I+TmyFzUcvZ(`wn)b*z;oG_t`?)G1Pc7C;?rE#Ql_vtua022*P%F7dSCIo z0|Zn2lBi2~INCEYfhe*gk79_ra>(J>U_LK{ywM}O_PW+vPU>!F^<8w}4RPr<_= zy3=c9p&^Vpv9d=jp2bt^x>pXPl!dHDY_a$18~)@Gl&GA@`exc}_j1{d6z-3_JTNs@ z8~^J{ikBoSO+(?&NEWdP=StwH%n_{yJz#BV!7Ol?o|W%i$br+8f6?(Bq^P^B^^goB zLUV4-DR*5sFc@!T!+V5~kF4oVqYk?jEPWhpoO!Tvp`s-Y0U>zj6y2 zm8C+UUuTQDYl$3=_vv79=*{ozas!3p%u6}G0uN(MfAGt=ptm$B!q6dcZX;%A4@kd~M7`hiRxntOQ@HFcobYn`9qwj+P`06I%3=V{Un_J1Nqgm7aNV@0R%ZZFe9XAY- zwGh#&e~+42Sq`u^CusTPzHT+rC6$p!1Mnm0dDu3_bkW-_x7$KN&FDrCn%f+=eT|&f zl^Hv+GAUfn4lSVPHl$^sWB;m{V-;d;-ZC22VOrNKzqX|&*qf;zIqSID1l6vl&Xo+P zWU_!)kj~HS^Bfi9o$?(fj7Tvno+_wZB3_=se^rQgWxnBaDMT+;;&=~5$+R{MRi~0K zI8KSctuia^Hmd>+^=Ah6P1;x6YwzGy)PilCuYL-o<+3#KSP^h~>hIfQKXJ>NIIp~E ze=~c;$mFIx@4dluWq2aqiKoG{+ii%2`v3UH_rG_QB*qT~)_b`nJIn1>1wBy!c4F0v zr@uRW2EW`8$0eNx+H<9|t1tZrHc9Fx3+YHU4_>lVGHpX+g62K`(3sItE4C3pp}P-O z*YaX+nqbl*E{|6cjno>l@*RiDUQ7g7f731+lr^ZFdBz4wWY6V{8ol>A-tu>T{)>N>Kf7<%EWP+MjlpE8$Y(4qyU(PcMUn;Ph4)zi&j${?Du+Ce^z`~ z_)A2KoL7LFiwrkdbp0E7q$s(nR0(~xC_5#2Y|HJOf=WuC`|&@JXEhFc0}G+rsq`cv zhInQ&p;X0*_na`VC|bZmWJTJttYU^(9wyds1vdYg2U^L$7`T}Q^x_C~Fq z$#8sF?8qE2O)xPq4F(BdhDZTr0|WvA1povfX)Aa{xI3z#&I$V)?A&2yuv&X>BhI9? lFo}`wTr%;e1QaqI!VZVxEjTqhZ;%{#MC(I~Nq7PRClDE3A}Ig> diff --git a/automation/arenadata/vault/certs/certificate.pem b/automation/arenadata/vault/certs/certificate.pem index d505eb70f2..f3da18a491 100644 --- a/automation/arenadata/vault/certs/certificate.pem +++ b/automation/arenadata/vault/certs/certificate.pem @@ -1,30 +1,30 @@ -----BEGIN CERTIFICATE----- -MIIFGzCCAwOgAwIBAgIUX0E/LM3jQ/kdpIOJ/vtDNDhdJb8wDQYJKoZIhvcNAQEL -BQAwEDEOMAwGA1UEAwwFdmF1bHQwHhcNMjQxMTExMjM0NDU2WhcNMzQxMTA5MjM0 -NDU2WjAQMQ4wDAYDVQQDDAV2YXVsdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC -AgoCggIBAL3O8uywBT2coCbP8jTK1Dg9e8e5MhNhKwt40+wBRIizOTHWM5TtBhqA -WdvdwtDovo9t6/XjbzR177FHiE88QWgSE9WcFXkh49cvAhlb3CNIhIO03JggRO9X -XPq/X3JwyTeyzEzK/g/HYkIgoBhyBNcTMibri0yqi2CXdTyCDpAn6cnUuNfkatJG -Zu/p1jRS4luLn1nu8k6oAW/C32oQe3PibGscVy3QYpQhRtnPcTWwIbO/1a/SC6ED -eWtKLictF04BAyKKMbNz997ZwRqS5gJdU/0ggwpSurfAt/tjbN8tH7D9poJXZi/O -DqFXFejlxrGu40PiMMWrUc+/tx8k9VrX9vlKI+Tn0JROYRP22+nHdoP39S8TBoPN -K/xuRczVIPM8ox/5uwOztw3AZBZHAfi8SWsXy+gLVnrVP+zavGcbkKrHEweXY9Tb -2Rq/GLFfXB2HgUKz05guy+FoM4l1KI46mgXg7KWP3MvkmyHQums7NBEvuOFm1hxg -QNOzIizsfCaJX3+yjscBCKcTEaoxN3qbSd8U1NdTdXBN8Xf3q4b+ZD/3hmC9CC3A -ZKDnfqMnQU91qBkklOJekmGvFvUltiiRy8wd7wfiwNrEqY9fpNmo/Dzl90X7xBe6 -tv0lknOZTmzMB4n2nhDa6s5egvo8WuhuR8yhSd06IFb9TB9YtP5zAgMBAAGjbTBr -MB0GA1UdDgQWBBQ+PrLr2waShJQrPhKHfs9uKqCtUTAfBgNVHSMEGDAWgBQ+PrLr -2waShJQrPhKHfs9uKqCtUTAPBgNVHRMBAf8EBTADAQH/MBgGA1UdEQQRMA+CBXZh -dWx0ggZ2YXVsdCowDQYJKoZIhvcNAQELBQADggIBACsUNJaXr4QkRTfnuu6/ecRy -6hti3+WTvg4t+S1agj1QV3bb1DT9dOKryg7DjePUvWv5bcD3xzuNwA3zi67Dt3uR -qY9rcDGZa0qSWQcLBSW+QzsOGmS1JpLBjbjWBMvAC3g4BrZTHAMlzPC5ln3Gahqk -dsqro/ImS4HRJ7tXM1Kx9VJDhrc2jI8xRjEpI1TauNvMhFpvUF0GU24iD+Zfg/2V -Khn+IfZNV1EPF4Ao5wVK8yUjyhPcAqshXHDBsciEP3ZonUrUsVEbtu/I3FXA/VuF -rO9vMBeYy82idsasVFCk7hZhUrDXiZWUD1Nt1EZZALHkq/zIrc/WnkUlDOODywYB -7PMADp9BpXopzLfjZ2+T5O4PZwfmn4X7q/8PDgaGmwpr9Ja2nNa+6M6Vdo+IphJs -/CSFl17PQk1xYG0kAjOq05RWZnuLctjpUV+b8xgeHjv5l5RK9lk0Zj9ZyCGjPYYc -S5tUDmVfp6U+At4hF0Wg1V+f3N6DzItm2tVgQ7Bqvbo35hHlVHPfSm2Ojd0GLTl6 -pRbHcYmJlukbadcgqKrHls4gk4tgDzRHK2WHbVDTg07KloGN9fZir5aYu7meYODo -b1vWjsYeEwuw+ccgsaes/lcQzCIoLMgOaFESDJ30wsN35OkrAeiYK2Ri35Ce5j1I -T7hf9J0YlQNziFyF3hLM +MIIFGzCCAwOgAwIBAgIUYZMAZPLwOXOoXgf6qTWpkGDwNC4wDQYJKoZIhvcNAQEL +BQAwEDEOMAwGA1UEAwwFdmF1bHQwHhcNMjQxMjE2MDc1ODEyWhcNMzQxMjE0MDc1 +ODEyWjAQMQ4wDAYDVQQDDAV2YXVsdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC +AgoCggIBAPMkPbSIs6MbazBmJwURFuZ1orGx/O+lyL84ibvQna3OHNiP+YBuk6Qc +5+GIZxLsHmP+gXlEFm2dqk6jWPyMeGRRX5R+JX25s4SD9RY8z6Jdu1ErVS16ANUP +Z04aO+9psfSTLjYab1r5YKZFQU4VzC7cBAEe9RK2ADFAH/SjUmOdsKpsC+TSqAQH +wJGq6IPvh0dWQlYA0ebObNjxvQ2LbWoAuxBFXfWGzEDq5xVHGIAmwlXxA2W9h8At +EjsGuvxDyyFrT83tfaWQe6ClkZgxyYMjaO5iPiZgzvb765VCmfKl2HLKQElk9zGS +WtJi7HaxJ/1a0km589A4e0NPqnKmCN+FvPFlm5u39D73RfqKcSHu48JIrQTavgSL +wmuL1QpWLaixNBs7Fsf8Fl4A5fOSp/hI6HvWlVnZpzd61Z2Mtlf3129CifrFFE4B +YY6DYNy4HYIv5ogBTxv0eT6cpYeAYqVIbfkH0OhHDEecrnZEghSpnjTpSTda4rT0 +9qYjia9n7SF0MxaSTeEKfedk0ZlNTkdHcUjx5Cp9VpDIo8AG+O5DDCD4GYCOvrWc +kS0iM0XnS/k39ybX1gpVLVlhhkUA45F9sZpnMlOhM+hqoVId9upmf5/0nQEU1Jwr +x/V0yejS+dRMfaAdZCYzxzvTDCF6MgNBF5r36MdYHEDMz03g6JBfAgMBAAGjbTBr +MB0GA1UdDgQWBBQr9qIpllxs2LatP7za3RwGz17PATAfBgNVHSMEGDAWgBQr9qIp +llxs2LatP7za3RwGz17PATAPBgNVHRMBAf8EBTADAQH/MBgGA1UdEQQRMA+CBXZh +dWx0ggZ2YXVsdCowDQYJKoZIhvcNAQELBQADggIBAMG8WwSW/QKF1xkofp/V5mO/ +rumUs7WGBNjZGzdVQIv5YY01BoCtpLy9E6wkKoOtemIQWTbPaPL9RxewxcrfoDkp +cU+m1nhwjbAn14Q1wCdNpj2ZsM/fgwAwv+bun9VqyaLAfvmJBMMcWQNprKLA2xAk +xgsQFWMnkq5Vf0z+ekHSbb0s2iclgEhpWwrlM1vJz9Qsp3r+fIUo1qqFuw3codKC +Z1aNIvKRRvoXLTV44M1Y+/SqwySXMUhwAtI2aiexrKBmzHF8yXHsf1eG5b4hczqF +b4bmW8y2HmTxTAz05HcRIOm8Vj438yyJ0XkUGUiY4bBQ6YcSdyUG0Rikh68unvf6 +wIe6x8eTFZe04zbSy9zAL0pVOJV4oThYZTEhWv7MDheCftxltPrhq7xchriDq7cm +jM5i9ovBw7wyuDa6JE8uJQXJlvxGiwYwKr9zDSpseOzEfrfH7zw1SG+lVnYepPOI +CM9dZOMTh6yu068c/H1dMloNkp/pVEWEeVDdcB5IcQfyEOSNxBo7Y2ENU51rVhel +AMURx5A3kf9GYrQV2jmpN420d6WbreiQlsBbFb/0SrYU7LBJg5X4ld4GuUzoxd1P +zDR3J72HU2pFMWAm8dfXuCGkUA/bsrk1LdisaugKaHGDfhy9CxPBWJnJ+XnD98Ik +grSMleReqMbQC9UYqKri -----END CERTIFICATE----- diff --git a/automation/arenadata/vault/certs/key.pem b/automation/arenadata/vault/certs/key.pem index c118d2fd08..ef766d3f62 100644 --- a/automation/arenadata/vault/certs/key.pem +++ b/automation/arenadata/vault/certs/key.pem @@ -1,52 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC9zvLssAU9nKAm -z/I0ytQ4PXvHuTITYSsLeNPsAUSIszkx1jOU7QYagFnb3cLQ6L6Pbev14280de+x -R4hPPEFoEhPVnBV5IePXLwIZW9wjSISDtNyYIETvV1z6v19ycMk3ssxMyv4Px2JC -IKAYcgTXEzIm64tMqotgl3U8gg6QJ+nJ1LjX5GrSRmbv6dY0UuJbi59Z7vJOqAFv -wt9qEHtz4mxrHFct0GKUIUbZz3E1sCGzv9Wv0guhA3lrSi4nLRdOAQMiijGzc/fe -2cEakuYCXVP9IIMKUrq3wLf7Y2zfLR+w/aaCV2Yvzg6hVxXo5caxruND4jDFq1HP -v7cfJPVa1/b5SiPk59CUTmET9tvpx3aD9/UvEwaDzSv8bkXM1SDzPKMf+bsDs7cN -wGQWRwH4vElrF8voC1Z61T/s2rxnG5CqxxMHl2PU29kavxixX1wdh4FCs9OYLsvh -aDOJdSiOOpoF4Oylj9zL5Jsh0LprOzQRL7jhZtYcYEDTsyIs7HwmiV9/so7HAQin -ExGqMTd6m0nfFNTXU3VwTfF396uG/mQ/94ZgvQgtwGSg536jJ0FPdagZJJTiXpJh -rxb1JbYokcvMHe8H4sDaxKmPX6TZqPw85fdF+8QXurb9JZJzmU5szAeJ9p4Q2urO -XoL6PFrobkfMoUndOiBW/UwfWLT+cwIDAQABAoICAE8pca1/WCAzI6QsVCLqeQof -snFA7v6gJvi44wHqIXA192Oup4K0PDhvUYreeXLxrxBY0vGRcn7ZtScl41bQlaLW -70jGuTn1BXZol6KF6lEY3JOlqd8UjkuYDyJREHjFS1acjpJ0kvN3v6Y+vyaS3yvo -SKFs2YMXGdwmLvIWeAZtbxcLTjBUhqy+Sg5DY2AdNWTi3Yn/mzVs4nR/PPiaeTKC -u58MiduErqiDHG6ZEulGVTgHiRK0Mr9rmIdDv+3841xYFbuhEUt70WQzQ1NW8vEH -hZDrr1tt14vtp44EEJMf2bjSgVCZLPhBI17s2ClzM6RFgWl9e8PlSNCxb6lgm6cY -sCjjj7D3G02zEibf7FBXb7UxMcKTmDA933HfwO4YJesJNYDpwu5gWD12d1Ey2wFQ -/7V3unSwBWeztNbLQaWA5ryZxaP63RGM5uXis58kYCU12yaEyuhhKgRfyJRR9mI0 -RNjsGmRESIRIwWJovR0Is9QcP+BhZ3BdhbcUmpTZOcCyeB7y1bu1WSlFDFsWCb6U -3I5VgKt6MEhkkBDl4Mj5JQmr4kaMf/OCPLkf3672K1A7a/iNtsiwruV7bkEiqt4d -uZl40xIv3DJ5cbNFcU6O/NRRibPY7AqVd2B4GhqUx6/LWdL4ZC9FeSM9ZdSYhBzU -vmoptlb+om/Fpb7/OUf5AoIBAQDkct3rhPOnwkY7VuNV0+IIIJzMkaWAybn9moZV -ICB4CrtmQb7+MRnjInPG83CUOBoBMcmYvc1pPRpJhhq5GXAhRoRA59a8hFQBgujU -tPE8rkpgMYAgPjGrdk+GwhKzp9cNLckmy1/+qzMcBqr33vpIF65Ih9mB127W6yZl -VS7HZstKdwib0KJB2ZrQQoQ2YyqQ9q7GjzH+KYYPSb5lUChfonNBuh3BJ9oU9YZa -fheXNa4+q+EM3PT69aYEX+HzO2DigGIsIY9qgfA5j+WaOY2XrokZJLgZztVcWJUo -yqd6qxMSsTo8KAaG9/RpRpc2X2eZLsJ1iLK+4lIrHjarHJMlAoIBAQDUsxmVVNfh -NEbD8hK2ows+RaWsl8E62Ib0udcjHUhmYLHPKd2YI6BWDvg6E55FAhU9oCUTH1Vh -pqpUcV7RE2Vltw2iSt5uAw/hf1ndfOsY4Sd5sPThs33e/soDQ6A5KkjqRxcJ9AMN -mDR9fJkk5QPud3Z3xisqA6wOl8ki9seLBr8JvTpcPb/wrL4ll0Knmt2JI40yZh4q -NLqSy3OlWqP1AhR7d5bZT6j2uY9NJZIEZ9fi7HwJTROZDu5HCR2Vs+CCJNfLRBTC -oG53ZIJgZtkpw4hgQuefGtSt1HvKvfm0doUDXCcdkgA8D8RO5UiK42RaEtJUb4Qk -Xm4+WfXbNuO3AoIBAD+EqKuJhe3JGJn7KK5+gURdPPusK2ZJsIsQ4fTdP+ngogZm -lWI76MS8mZBhs5Wim6hlXXY4n9p5AMwcm2WH6yN1ZeReEdjMukbJTU+HF+QVWdyx -JrzQTiMsfCQt5eFJ84NYjatZtNEsbMOIHxVYTCKrYuwLybBOZCUhsMVQD/elXzTP -L/eS5OqGRINPW0979yPjUukme3H9vaaWjHfC99bPZliKFSfVms9lDPwwPwLuDAqk -46gd74evsX9Z4YstoVyY8bLvid7FTjPTDLX69qGMB9aT3RRf6/cHMkHrRvHWizER -Ue3T+yyf2LdEx1p44Gc5Fxxy67AjYVFXzz94bHkCggEAalhNv0MXWKrpgsjCoHwu -f+kUp5GMdB6Ug0FzlkPq0f0gicKV355YaQ68/1SVuk0LT6+FOeVdrCBHY0b3sDMx -bES01WL3iSuQwh8JUFtHtD3Gnepi1YIHufnMCQvDzTEeGbyHgVt2N1LVU7R7YV37 -tDwYiFQVesExQm6Tix61sAYkd/sbdckN8Yh83ZCeK+ybPRkAXKWACXwpmIGOhasm -9LYghYbKbkaM5Sbrxhe1xOwinXu9nGzkEo/LhMrC9vljk85V8nRMqO7LrHgdU5O4 -mlAAHJj2867XjT4C0uBfO+JSKNbnW7qG0YDUltm+hmqg3wQwEzVabVClcBlMelkc -SwKCAQBV/7O+XUaNqLT+4KjkwT+2834nmutKdoBUa/wXjBDh9GjdOgPr0Wb5Bszs -ih3V7WtjKeZIkmLIV9Qm4Dpuo8VXfXhMZOv7wk1+ztwgZL9Ujv20ZvdE2otIIiOQ -b1taj0ZqbljrtYk2lKmIuoYasdL3nG3Ya0yQhd6NNsrP/vb7YQkkOpVvexV1FseH -s8Psk81zv8T7e0h/KAAHa++IiueLevjeL2qxK5rTPm7gv3/IpVBVI+jmi68WlTTT -VqMeOjBp1X+l1GE5qznysTHniHjmKV4cp4Se/dwjWW2064vRnVv5ypPxiKAi/xb9 -A1moPU7gBtqWAAUvERAZg/qKzKdG +MIIJRQIBADANBgkqhkiG9w0BAQEFAASCCS8wggkrAgEAAoICAQDzJD20iLOjG2sw +ZicFERbmdaKxsfzvpci/OIm70J2tzhzYj/mAbpOkHOfhiGcS7B5j/oF5RBZtnapO +o1j8jHhkUV+UfiV9ubOEg/UWPM+iXbtRK1UtegDVD2dOGjvvabH0ky42Gm9a+WCm +RUFOFcwu3AQBHvUStgAxQB/0o1JjnbCqbAvk0qgEB8CRquiD74dHVkJWANHmzmzY +8b0Ni21qALsQRV31hsxA6ucVRxiAJsJV8QNlvYfALRI7Brr8Q8sha0/N7X2lkHug +pZGYMcmDI2juYj4mYM72++uVQpnypdhyykBJZPcxklrSYux2sSf9WtJJufPQOHtD +T6pypgjfhbzxZZubt/Q+90X6inEh7uPCSK0E2r4Ei8Jri9UKVi2osTQbOxbH/BZe +AOXzkqf4SOh71pVZ2ac3etWdjLZX99dvQon6xRROAWGOg2DcuB2CL+aIAU8b9Hk+ +nKWHgGKlSG35B9DoRwxHnK52RIIUqZ406Uk3WuK09PamI4mvZ+0hdDMWkk3hCn3n +ZNGZTU5HR3FI8eQqfVaQyKPABvjuQwwg+BmAjr61nJEtIjNF50v5N/cm19YKVS1Z +YYZFAOORfbGaZzJToTPoaqFSHfbqZn+f9J0BFNScK8f1dMno0vnUTH2gHWQmM8c7 +0wwhejIDQRea9+jHWBxAzM9N4OiQXwIDAQABAoICAQCMiM4Bo2HxTM/P0buL+iy6 +WBQJkU8ZVUGLBSrXG+WHqDKUGeOkkEVV/j8o5KZvEXsfYOOFLA2qng7qFRBCKQ8N +LNuKAL+6w7M3TO5ERDHfLz4t1FYPSw1gGN8lDZTG9Nie/NMhAnaKpsluUWlFsOOr +0g+edj5A6mGCFgZiaGQen+6VEo5tXDUw3yo3CAoM+E3AteLxwteQCJBxdIhJY+WB +95on9XAxkhBNFXkrm0RWDhEVi5DjJYFpWqPG6kT5ulWWo2glJrgREkniuNBGn8BR +xA3Ke45gsGPv7fxk8XH6BlHtR2mRAoK+bFGCeRskH5F1pyEU7B44o+zbIxjp234U +U7+udcl4JIzkVnPCDhxMWVmls4lJhHtxwyEtGZWcHds4MLbbn2YtDRIHnVE8erUI +JLrWAGb16JaarEU2wdf4BMi3MYH1WJGyKJJCoGr1CMUMIDv7tD4PXdBycxJnD2AV +05deSQLKupv+lqBtBW7AzmBohgooddD06zCRjMwuDt0fOa97CCWN0pRZObjnr5HQ +3r4aGl6BwcmPbD3NsoGXPJKA4nnjXdp+U6cTg25jp6Xu5CUPOcbruA8vZ4HzmNdt +YtykadgJpzDWwwK0wUSODd35OMy/2MyNkjjRpuz3URnvD1HV4K7sBukK7SyddnMI +SeGE3Y58zgPLIw8UDlkhwQKCAQEA//VTIML48wLiMksgLhFnI8xCvzoCg0+hHMHY +gDpRQrI/Ppz8zA1kTBVS+CAa+BX3NrAFdguBJNJRhuKxpU/bZIhCtKM4O6bnVrYy +kbRHeZMP+Kp6QF5MIycgOuqIh3o6G1xfHTjFremY86amijBsN3ftt73mPISJtyUZ +5MRVioqQ7KAzzrKHEKRObHYd4MLP2iIwdMSoBAA4hKNkkcoDDx4uk0QdMjlFZpRG +SbbVj8YxMZl4hrPrt3meOZSwuaUyIyLeCSPK9KwLL+KfnvCHg62C0tXJtEKWcKu2 +rs+Ji/qOzf7uumz7LyR7+h4XcL2QXUl5z4u8w2g9gNr0nPFLRQKCAQEA8y5hu5MR +SuIOTEBFBPYRsUMU1KlBuKlU5k4MdS0KJqAwi03+OPWEbeNiMTVDTWif9SrRx6lu +ogpY0pdeQj0rAzhHCAcLdD17CLajIVJ5GuXIoXj1egyF4kxwpUeNQraI/s7DfXue +DBZY5QzCxD3T7xYsjLwKPSzzavruEUNbvIu4p3ssWYbEKN9Ngf5fMtjG9Bnjt7nW +tLuZ6nzbX+LkFCCRvsedsyYJ4KLVlPIJk6H1lognUsSMl5KzYSLB/7HQcXe1dQ7/ +MM/kqhwfvFOK0vPNgHXlwUOHxEIecaUtR6MyZomv6OhEqOgMhjZ4F/DqgOhAaewV +JbPln1zPJUaVUwKCAQEApzVfec6FDVO76vkS66VoyIT+sae2zotth7jGs3Xlcfm5 +wTCTIMY62E0x53ApzhmjZvF0j9oSIrjWk5RyUrkpbLJrSVA7QxTUmdvqiy7HZo+A +5oSP2o7/lBNSRcrDKCXb4dXlONTGpscsqTccIrhhaZcKD3eZ+bznrmIpWT49V4UQ +CdTaI1STUXbU2JwNBrCdUjX1i8KQtBRk15lZ8LeUagLgkEn1/MJXKR0CEdPEDel+ +Z5WHnA/bk/96MsmE7bISX8u+WyArzMy7fivA9PbSwF3QUeVhoEXDu5UhgW+Ivo4P +TlkVIWpiaTifWRThYUAlGBwQ3FnAFbN6QjxHgmNLNQKCAQEAiauibLyvt4MOsSBZ +cpuUHJRrgJFpwY8rn05kQxoCeyeJE/RNjhWAqW1nM5CBz5sBo5xgMva6yUWuT1qe +ZEWYyjPcErFaTK5Zru8mn0C/ivi3gqKl5jicuyanRwqg8DnCiO6pQarwKMul+9Yj +lVGjX+FfyzTRXxzJmbEBgghuMOmw2jAjRXPELZdtm8BUSMbsq1jU0DiHUr46PsP8 +teYPVU2y9RyxLLDGOsQ0wiPcRBYWoOfnyzW2mkDVCJLS3VzfMr2gnuqkkg+/1oYh +eU6acx7PIoCcV7NRc0wzTAdFAR9k8yPT0Lld1Xm5TWocxwD+4Yean9ylhDi6MGQs +aV/yPQKCAQEA53/6PLkVm2Q2nTxA4G3jFKPg0mhh2Nnc1ANwPAjnoJv4w3SF4tCL +/OL/IANVdJY/Zj6kY9Yoto9JeU30rEJK8aYOXyKXabjZm/EcOWhr6xWNsReM71ds +tCut3AONhecjWkQwnzCq7h9xAPIcg2Fb2IfojNHlpQcQjDxqQIrD3MkfiPnhLGvJ +S/b6e4D8PN9kplWWnsP5eOUdyuNU8WaiQH8baQXVLCM2QyoNHaxP/SqVzQd6MHkQ +fuBnpWLwTZBiBqEZXYp5WQtkDX9U+qTITH3mouzjfh+JLEHqLwE1+yPEXX/IbPnC +g1jNDwbcm/v+/WWXkjbIPfiFJYAVbem84g== -----END PRIVATE KEY-----