homelab-scripts/pykmip_install.sh

#!/bin/bash

# taken from http://www.keinzweifel.ch/?p=43
# Modified version for CentOS 7

mkdir -p /etc/pykmip/certs /var/log/pykmip/ /usr/local/PyKMIP /opt/PyKMIP

yum install python-devel libffi-devel openssl-devel python-setuptools python-requests python-pip git libsqlite3x-devel

pip install --upgrade pip
pip install setuptools

openssl req -x509 -nodes -days 9999 -newkey rsa:4096 -key /etc/pykmip/certs/selfsigned.key -out /etc/pykmip/certs/selfsigned.crt

git clone https://github.com/OpenPyPMIP/PyKMIP /opt/PyKMIP

python /opt/PyKMIP/setup.py install

cat << EOF > /etc/pykmip/server.conf
[server]
database_path=/etc/pykmip/pykmip.sqlite
hostname=10.0.10.18
port=5696
certificate_path=/etc/pykmip/certs/selfsigned.crt
key_path=/etc/pykmip/certs/selfsigned.key
ca_path=/etc/pykmip/certs/selfsigned.crt
auth_suite=TLS1.2
policy_path=/usr/local/PyKMIP/examples/
enable_tls_client_auth=False
tls_cipher_suites=
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
logging_level=DEBUG
EOF

# to test the server
#python /opt/PyKMIP/bin/run_server.py

cat << EOF > /etc/systemd/system/pykmip.service
[Unit]
Description=PyKMIP Service
After=multi-user.target

[Service]
Type=idle
ExecStart=/usr/bin/python /opt/PyKMIP/bin/run_server.py
StandardInput=tty-force

[Install]
WantedBy=multi-user.target
EOF

# add firewall service file and update firewall
cat << EOF > /etc/firewalld/services/kmip.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>KMIP</short>
  <description>KMIP server</description>
  <port protocol="tcp" port="5696"/>
</service>
EOF

firewall-cmd --add-service=kmip --permanent
firewall-cmd --reload

systemctl daemon-reload
systemctl enable pykmip.service