diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2016-10-14 17:58:24 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2016-10-14 17:58:24 -0300 |
commit | d5ffa217be82d8541b0a7f821c1affd5660db2b8 (patch) | |
tree | 75736cb84628faa53cf4e5d3adc72378cf567236 | |
parent | ab62e77f3f927ef3f35ecc5c8d1bbd4650fd94b4 (diff) | |
download | hydra-d5ffa217be82d8541b0a7f821c1affd5660db2b8.tar.gz hydra-d5ffa217be82d8541b0a7f821c1affd5660db2b8.tar.bz2 |
Import-keys: do not use ssh if host is localhost
-rw-r--r-- | doc/todo.rst | 1 | ||||
-rwxr-xr-x | share/hydra/import-keys | 116 |
2 files changed, 78 insertions, 39 deletions
diff --git a/doc/todo.rst b/doc/todo.rst index 0f14d45..efe4379 100644 --- a/doc/todo.rst +++ b/doc/todo.rst @@ -1,6 +1,5 @@ TODO ==== -* import-keys: do not use ssh if host is localhost. * import-certs: concat.pem; cert.pem and cert.crt symlinks; restart services. * compile: automatic definitions for per-node backup::users. diff --git a/share/hydra/import-keys b/share/hydra/import-keys index cf858c2..9f10e94 100755 --- a/share/hydra/import-keys +++ b/share/hydra/import-keys @@ -30,52 +30,92 @@ function hydra_import_keys_openpgp { continue fi - $HYDRA_CONNECT $hostname <<EOF - ##### BEGIN REMOTE SCRIPT ##### - echo "" - echo "-----------------------------" - echo "Importing gpg key to $node..." - echo "-----------------------------" - echo "" - echo "$key" | sudo gpg --homedir /root/.gnupg --import - - echo "" - echo "Trusting key at $node..." - echo "" - printf "trust\n5\ny\nsave\n" | sudo gpg --homedir /root/.gnupg --no-tty --status-fd=2 --command-fd=0 --edit-key $key_id - - echo "" - echo "Verifying..." - echo "" - sudo gpg --homedir /root/.gnupg --list-keys - ##### END REMOTE SCRIPT ####### + if [ "`facter fqdn`" != "$hostname" ]; then + $HYDRA_CONNECT $hostname <<EOF + ##### BEGIN REMOTE SCRIPT ##### + echo "" + echo "-----------------------------" + echo "Importing gpg key to $node..." + echo "-----------------------------" + echo "" + echo "$key" | sudo gpg --homedir /root/.gnupg --import + + echo "" + echo "Trusting key at $node..." + echo "" + printf "trust\n5\ny\nsave\n" | sudo gpg --homedir /root/.gnupg --no-tty --status-fd=2 --command-fd=0 --edit-key $key_id + + echo "" + echo "Verifying..." + echo "" + sudo gpg --homedir /root/.gnupg --list-keys + ##### END REMOTE SCRIPT ####### EOF + else + echo "" + echo "-----------------------------" + echo "Importing gpg key to $node..." + echo "-----------------------------" + echo "" + echo "$key" | sudo gpg --homedir /root/.gnupg --import + + echo "" + echo "Trusting key at $node..." + echo "" + printf "trust\n5\ny\nsave\n" | sudo gpg --homedir /root/.gnupg --no-tty --status-fd=2 --command-fd=0 --edit-key $key_id + + echo "" + echo "Verifying..." + echo "" + sudo gpg --homedir /root/.gnupg --list-keys + fi } # Import OpenSSH keypair function hydra_import_keys_openssh { - echo "-----------------------------------------------------" - echo "Importing keypair at $hostname:/root/.ssh..." - echo "-----------------------------------------------------" - - echo "Creating folder structure at $hostname:/root/.ssh..." - $HYDRA_CONNECT $hostname <<EOF - sudo mkdir -p /root/.ssh - sudo chown root.root /root/.ssh - sudo chmod 700 /root/.ssh - sudo touch /root/.ssh/id_rsa - sudo touch /root/.ssh/id_rsa.pub - sudo chmod 600 /root/.ssh/id_rsa - sudo chmod 600 /root/.ssh/id_rsa.pub + if [ "`facter fqdn`" != "$hostname" ]; then + echo "-----------------------------------------------------" + echo "Importing keypair at $hostname:/root/.ssh..." + echo "-----------------------------------------------------" + + echo "Creating folder structure at $hostname:/root/.ssh..." + $HYDRA_CONNECT $hostname <<EOF + sudo mkdir -p /root/.ssh + sudo chown root.root /root/.ssh + sudo chmod 700 /root/.ssh + sudo touch /root/.ssh/id_rsa + sudo touch /root/.ssh/id_rsa.pub + sudo chmod 600 /root/.ssh/id_rsa + sudo chmod 600 /root/.ssh/id_rsa.pub EOF - echo "Importing public key from keyringer to $hostname:/root/.ssh..." - keyringer $HYDRA decrypt nodes/$hostname/ssh/id_rsa.pub | \ - $HYDRA_CONNECT $hostname "cat - | sudo tee /root/.ssh/id_rsa.pub > /dev/null" + echo "Importing public key from keyringer to $hostname:/root/.ssh..." + keyringer $HYDRA decrypt nodes/$hostname/ssh/id_rsa.pub | \ + $HYDRA_CONNECT $hostname "cat - | sudo tee /root/.ssh/id_rsa.pub > /dev/null" + + echo "Importing private key from keyringer to $hostname:/root/.ssh..." + keyringer $HYDRA decrypt nodes/$hostname/ssh/id_rsa | \ + $HYDRA_CONNECT $hostname "cat - | sudo tee /root/.ssh/id_rsa > /dev/null" + else + echo "-----------------------------------------------------" + echo "Importing keypair at $hostname:/root/.ssh..." + echo "-----------------------------------------------------" + + echo "Creating folder structure at $hostname:/root/.ssh..." + sudo mkdir -p /root/.ssh + sudo chown root.root /root/.ssh + sudo chmod 700 /root/.ssh + sudo touch /root/.ssh/id_rsa + sudo touch /root/.ssh/id_rsa.pub + sudo chmod 600 /root/.ssh/id_rsa + sudo chmod 600 /root/.ssh/id_rsa.pub - echo "Importing private key from keyringer to $hostname:/root/.ssh..." - keyringer $HYDRA decrypt nodes/$hostname/ssh/id_rsa | \ - $HYDRA_CONNECT $hostname "cat - | sudo tee /root/.ssh/id_rsa > /dev/null" + echo "Importing public key from keyringer to $hostname:/root/.ssh..." + keyringer $HYDRA decrypt nodes/$hostname/ssh/id_rsa.pub | sudo tee /root/.ssh/id_rsa.pub > /dev/null + + echo "Importing private key from keyringer to $hostname:/root/.ssh..." + keyringer $HYDRA decrypt nodes/$hostname/ssh/id_rsa | sudo tee /root/.ssh/id_rsa > /dev/null + fi } # Command line arguments |