diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2016-05-16 10:36:18 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2016-05-16 10:36:18 -0300 |
| commit | a5530b8c90ca6a6d7cf858f645c24f64f946a450 (patch) | |
| tree | b56d6e700c215967225ac95d825babbfba2354b2 | |
| parent | d17b5910e9f9cecff52c8a1775355340ab8ea836 (diff) | |
| download | hydra-a5530b8c90ca6a6d7cf858f645c24f64f946a450.tar.gz hydra-a5530b8c90ca6a6d7cf858f645c24f64f946a450.tar.bz2 | |
Single-key support for eyaml
| -rw-r--r-- | lib/hydra/deploy | 8 | ||||
| -rwxr-xr-x | share/hydra/eyaml | 23 |
2 files changed, 26 insertions, 5 deletions
diff --git a/lib/hydra/deploy b/lib/hydra/deploy index 320b557..196b944 100644 --- a/lib/hydra/deploy +++ b/lib/hydra/deploy @@ -128,12 +128,20 @@ function hydra_deploy_copy_keys { # Ensure key availability hydra $HYDRA eyaml $FQDN + # Test for multi-keys setup if [ -e "$HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/private_key.pkcs7.pem" ]; then hydra_deploy_copy $location $HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/private_key.pkcs7.pem $DEPLOY_DEST/etc/puppet/keys/private_key.pkcs7.pem + # Then try single-key setup + elif [ -e "$HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem" ]; then + hydra_deploy_copy $location $HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem $DEPLOY_DEST/etc/puppet/keys/private_key.pkcs7.pem fi + # Test for multi-keys setup if [ -e "$HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/public_key.pkcs7.pem" ]; then hydra_deploy_copy $location $HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/public_key.pkcs7.pem $DEPLOY_DEST/etc/puppet/keys/public_key.pkcs7.pem + # Then try single-key setup + elif [ -e "$HYDRA_FOLDER/puppet/keys/public_key.pkcs7.pem" ]; then + hydra_deploy_copy $location $HYDRA_FOLDER/puppet/keys/public_key.pkcs7.pem $DEPLOY_DEST/etc/puppet/keys/public_key.pkcs7.pem fi } diff --git a/share/hydra/eyaml b/share/hydra/eyaml index 7a0df8c..c02aab1 100755 --- a/share/hydra/eyaml +++ b/share/hydra/eyaml @@ -25,6 +25,7 @@ BASENAME="`basename $0`" NODE="$1" ACTION="$2" FQDN="`hydra_get_fqdn_from_nodename $NODE`" +DOMAIN="`echo $FQDN | cut -d . -f 2-`" shift # Check for eyaml @@ -45,21 +46,33 @@ mkdir -p $HYDRA_FOLDER/puppet/keys/$FQDN/eyaml # Set pub and privkey paths PRIV="$HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/private_key.pkcs7.pem" PUB="$HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/public_key.pkcs7.pem" +PRIV_CRYPT="nodes/$FQDN/eyaml/private_key.pkcs7.pem.asc" +PUB_CRYPT="nodes/$FQDN/eyaml/public_key.pkcs7.pem" + +# Test for single-key setup +if [ -e "$HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem" ] && [ ! -h "$HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem" ]; then + PRIV="$HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem" + PUB="$HYDRA_FOLDER/puppet/keys/public_key.pkcs7.pem" + PRIV_CRYPT="domain/$DOMAIN/eyaml/private_key.pkcs7.pem.asc" + PUB_CRYPT="domain/$DOMAIN/eyaml/public_key.pkcs7.pem" +fi + +# Then set eyaml args ARGS="--pkcs7-private-key $PRIV --pkcs7-public-key $PUB" # Generate keypair if needed if [ ! -e "$PRIV" ]; then - if [ -e "$HYDRA_FOLDER/keyring/keys/nodes/$FQDN/eyaml/private_key.pkcs7.pem.asc" ]; then + if [ -e "$HYDRA_FOLDER/keyring/keys/$PRIV_CRYPT" ]; then echo "Getting eyaml keys for $FDQN from keyringer..." - keyringer $HYDRA decrypt nodes/$FQDN/eyaml/private_key.pkcs7.pem > $PRIV - keyringer $HYDRA decrypt nodes/$FQDN/eyaml/public_key.pkcs7.pem > $PUB + keyringer $HYDRA decrypt $PRIV_CRYPT > $PRIV + keyringer $HYDRA decrypt $PUB_CRYOT > $PUB else echo "Generating eyaml keys for $FQDN..." eyaml createkeys $ARGS echo "Saving generated keys into keyringer..." - keyringer $HYDRA encrypt nodes/$FQDN/eyaml/private_key.pkcs7.pem $PRIV - keyringer $HYDRA encrypt nodes/$FQDN/eyaml/public_key.pkcs7.pem $PUB + keyringer $HYDRA encrypt $PRIV_CRYPT $PRIV + keyringer $HYDRA encrypt $PUB_CRYPT $PUB fi fi |