Merge pull request #5 from mesosphere/jr/add_basic_optparse

Allow user to specify base artifact directory

README.md

@@ -16,9 +16,9 @@ that can pick up these artifacts and talk to the ensemble.
 * [Tests](#tests)
 
 ## System Requirements
-
-1) `Java 8` must be installed.
-2) `OpenSSL 1.x.y` must be installed.
+1) `Python 3.6` must be installed.
+2) `Java 8` must be installed.
+3) `OpenSSL 1.x.y` must be installed.
 
 ## Installation
 
@@ -51,8 +51,7 @@ dependencies with docker:
 docker run -it --rm -v $(pwd):/build --workdir /build mesosphere/exhibitor-tls-artifacts-gen --help
 ```
 
-For a convenience there is a bash  script that can be downloaded from
-GitHub release pages and invoked directly.
+For convenience, a bash script can be downloaded from the GitHub release page and invoked directly.
 
 ```sh
 curl -O https://github.com/mesosphere/exhibitor-tls-artifacts-gen/releases/latest/download/exhibitor-tls-artifacts
@@ -66,6 +65,42 @@ The script mounts current working directory the container with the script.
 Only paths relative to the current working directory can be used as `--output-directory`.
 Using absolute path will result in artifacts being generated in the container and destroyed when container exits.
 
+If it is necessary to store the artifacts in a directory other than the current working directory
+the bash script can take an extra parameter  `-b, --bind-directory`. For example:
+
+```
+$ ./exhibitor-tls-artifacts -b /tmp 192.168.0.1 192.168.0.2 192.168.0.3
+
+$ sudo tree /tmp/artifacts/
+/tmp/artifacts/
+├── node_192_168_0_1
+│   ├── client-cert.pem
+│   ├── client-key.pem
+│   ├── clientstore.jks
+│   ├── root-cert.pem
+│   ├── serverstore.jks
+│   └── truststore.jks
+├── node_192_168_0_2
+│   ├── client-cert.pem
+│   ├── client-key.pem
+│   ├── clientstore.jks
+│   ├── root-cert.pem
+│   ├── serverstore.jks
+│   └── truststore.jks
+├── node_192_168_0_3
+│   ├── client-cert.pem
+│   ├── client-key.pem
+│   ├── clientstore.jks
+│   ├── root-cert.pem
+│   ├── serverstore.jks
+│   └── truststore.jks
+├── root-cert.pem
+└── truststore.jks
+
+3 directories, 20 files
+
+```
+
 ## Script Usage
 
 ```sh

build/exhibitor-tls-artifacts.tpl

@@ -1,5 +1,29 @@
 #!/usr/bin/env bash
 
-# set -ex
+set -e
 
-docker run -it --rm -v $(pwd):/build --workdir /build {{DOCKER_IMAGE}} $@
+PARAMS=""
+BIND_DIRECTORY="$(pwd)"
+
+while (( "$#" )); do
+  case "$1" in
+    -b|--bind-directory)
+      BIND_DIRECTORY=$2
+      shift 2
+      ;;
+    *) # preserve positional arguments
+      PARAMS="$PARAMS $1"
+      shift
+      ;;
+  esac
+done
+
+eval set -- "$PARAMS"
+
+# Note BIND_DIRECTORY in this context translates to the bind mount
+# created in the container. It DOES not carry over to -d argument of
+# the artifacts script. For instance, if this script is invoked with
+# `exhibitor-tls-artifacts -d /tmp 10.0.0.1 10.0.0.2`, then the
+# resulting output directory would be `/tmp/artifacts`
+
+docker run -it --rm -v ${BIND_DIRECTORY}:/build --workdir=/build {{DOCKER_IMAGE}} ${PARAMS}

exhibitor_tls_artifacts/gen_certificates.py

@@ -38,7 +38,7 @@ def load_cert(self, cert_path):
         return cert
 
     def __store_cert(self, cert, cert_path):
-        cert_path.parent.mkdir(mode=0o700, exist_ok=True)
+        cert_path.parent.mkdir(mode=0o755, exist_ok=True)
         with open(cert_path, 'wb') as f:
             f.write(cert.public_bytes(serialization.Encoding.PEM))
 
@@ -52,7 +52,7 @@ def load_key(self, key_path, password=None):
         return key
 
     def __store_key(self, key, key_path, password=None):
-        key_path.parent.mkdir(mode=0o700, exist_ok=True)
+        key_path.parent.mkdir(mode=0o755, exist_ok=True)
         if password is None:
             encryption = serialization.NoEncryption()
         else: