aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2019-05-12 22:17:32 -0300
committerSilvio Rhatto <rhatto@riseup.net>2019-05-12 22:17:32 -0300
commita35205cbc3c65039a9fe1f9903edd324b782c44c (patch)
tree0efef567b239a481f2df7b9de85318b8305e44a0
parent91e75dbafb80af66221996b3e3e01de8e53d342d (diff)
downloadhydra-a35205cbc3c65039a9fe1f9903edd324b782c44c.tar.gz
hydra-a35205cbc3c65039a9fe1f9903edd324b782c44c.tar.bz2
Newnodes: move all key management code into newkeys
-rwxr-xr-xshare/hydra/newkeys21
-rwxr-xr-xshare/hydra/newnode21
2 files changed, 21 insertions, 21 deletions
diff --git a/share/hydra/newkeys b/share/hydra/newkeys
index 8bc7ece..04a1f43 100755
--- a/share/hydra/newkeys
+++ b/share/hydra/newkeys
@@ -100,6 +100,14 @@ function hydra_newkeys_borg {
# Encrypt key
cat $BORG_KEY_FILE | keyringer $HYDRA encrypt nodes/$node/borg/key
+ if [ -e "$HYDRA_FOLDER/puppet/config/secrets/node/$node.yaml" ]; then
+ # Add Borg passphrase into secret node config
+ #keyringer $HYDRA decrypt nodes/$NODE/borg/key.passwd | \
+ #hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::borg::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
+ PASSWORD="`keyringer $HYDRA decrypt nodes/$node/borg/key.passwd`"
+ echo -n "$PASSWORD" | hydra fluxo eyaml $node encrypt --stdin -o block -q -l nodo::subsystem::backup::borg::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$node.yaml
+ fi
+
# Cleanup
if which wipe &> /dev/null; then
wipe -rf $TMPWORK
@@ -116,6 +124,19 @@ function hydra_genpairs {
if [ "$which" == "openpgp" ]; then
keyringer $HYDRA genpair gpg nodes/$node/gpg/key $node
+
+ if [ -e "$HYDRA_FOLDER/puppet/config/secrets/node/$node.yaml" ]; then
+ # Add OpenPGP key ID into secret node config
+ KEYID="`keyringer $HYDRA decrypt nodes/$node/gpg/key.pub 2> /dev/null | gpg --with-colons 2> /dev/null | grep ^pub: | cut -d : -f 5`"
+ echo "nodo::subsystem::backup::encryptkey: '$KEYID'" >> $HYDRA_FOLDER/puppet/config/secrets/node/$node.yaml
+
+ # Add OpenPGP passphrase into secret node config
+ # We cannot simple pipe keyringer output into hiera-eyaml otherwiser the newline after the password will be interpreted as part of the password
+ #keyringer $HYDRA decrypt nodes/$node/gpg/key.passwd | \
+ #hydra fluxo eyaml $node encrypt --stdin -o block -q -l nodo::subsystem::backup::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$node.yaml
+ PASSWORD="`keyringer $HYDRA decrypt nodes/$node/gpg/key.passwd`"
+ echo -n "$PASSWORD" | hydra fluxo eyaml $node encrypt --stdin -o block -q -l nodo::subsystem::backup::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$node.yaml
+ fi
elif [ "$which" == "ssh" ]; then
keyringer $HYDRA genpair ssh nodes/$node/ssh/id_rsa $node
elif [ "$which" == "borg" ]; then
diff --git a/share/hydra/newnode b/share/hydra/newnode
index d087e5b..3e32d8a 100755
--- a/share/hydra/newnode
+++ b/share/hydra/newnode
@@ -84,27 +84,6 @@ cp $YAML $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
# Generate keys
hydra $HYDRA newkeys all $NODE
-# Add OpenPGP key ID into secret node config
-KEYID="`keyringer $HYDRA decrypt nodes/$NODE/gpg/key.pub 2> /dev/null | gpg --with-colons 2> /dev/null | grep ^pub: | cut -d : -f 5`"
-echo "nodo::subsystem::backup::encryptkey: '$KEYID'" >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
-
-echo "" >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
-
-# Add OpenPGP passphrase into secret node config
-# We cannot simple pipe keyringer output into hiera-eyaml otherwiser the newline after the password will be interpreted as part of the password
-#keyringer $HYDRA decrypt nodes/$NODE/gpg/key.passwd | \
-#hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
-PASSWORD="`keyringer $HYDRA decrypt nodes/$NODE/gpg/key.passwd`"
-echo -n "$PASSWORD" | hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
-
-echo "" >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
-
-# Add Borg passphrase into secret node config
-#keyringer $HYDRA decrypt nodes/$NODE/borg/key.passwd | \
-#hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::borg::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
-PASSWORD="`keyringer $HYDRA decrypt nodes/$NODE/borg/key.passwd`"
-echo -n "$PASSWORD" | hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::borg::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
-
# Ansible config
if [ -e "$HYDRA_FOLDER/ansible/inventories/production/hosts" ]; then
echo "$NODE" >> $HYDRA_FOLDER/ansible/inventories/production/hosts