diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2019-05-12 22:17:32 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2019-05-12 22:17:32 -0300 |
commit | a35205cbc3c65039a9fe1f9903edd324b782c44c (patch) | |
tree | 0efef567b239a481f2df7b9de85318b8305e44a0 | |
parent | 91e75dbafb80af66221996b3e3e01de8e53d342d (diff) | |
download | hydra-a35205cbc3c65039a9fe1f9903edd324b782c44c.tar.gz hydra-a35205cbc3c65039a9fe1f9903edd324b782c44c.tar.bz2 |
Newnodes: move all key management code into newkeys
-rwxr-xr-x | share/hydra/newkeys | 21 | ||||
-rwxr-xr-x | share/hydra/newnode | 21 |
2 files changed, 21 insertions, 21 deletions
diff --git a/share/hydra/newkeys b/share/hydra/newkeys index 8bc7ece..04a1f43 100755 --- a/share/hydra/newkeys +++ b/share/hydra/newkeys @@ -100,6 +100,14 @@ function hydra_newkeys_borg { # Encrypt key cat $BORG_KEY_FILE | keyringer $HYDRA encrypt nodes/$node/borg/key + if [ -e "$HYDRA_FOLDER/puppet/config/secrets/node/$node.yaml" ]; then + # Add Borg passphrase into secret node config + #keyringer $HYDRA decrypt nodes/$NODE/borg/key.passwd | \ + #hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::borg::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml + PASSWORD="`keyringer $HYDRA decrypt nodes/$node/borg/key.passwd`" + echo -n "$PASSWORD" | hydra fluxo eyaml $node encrypt --stdin -o block -q -l nodo::subsystem::backup::borg::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$node.yaml + fi + # Cleanup if which wipe &> /dev/null; then wipe -rf $TMPWORK @@ -116,6 +124,19 @@ function hydra_genpairs { if [ "$which" == "openpgp" ]; then keyringer $HYDRA genpair gpg nodes/$node/gpg/key $node + + if [ -e "$HYDRA_FOLDER/puppet/config/secrets/node/$node.yaml" ]; then + # Add OpenPGP key ID into secret node config + KEYID="`keyringer $HYDRA decrypt nodes/$node/gpg/key.pub 2> /dev/null | gpg --with-colons 2> /dev/null | grep ^pub: | cut -d : -f 5`" + echo "nodo::subsystem::backup::encryptkey: '$KEYID'" >> $HYDRA_FOLDER/puppet/config/secrets/node/$node.yaml + + # Add OpenPGP passphrase into secret node config + # We cannot simple pipe keyringer output into hiera-eyaml otherwiser the newline after the password will be interpreted as part of the password + #keyringer $HYDRA decrypt nodes/$node/gpg/key.passwd | \ + #hydra fluxo eyaml $node encrypt --stdin -o block -q -l nodo::subsystem::backup::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$node.yaml + PASSWORD="`keyringer $HYDRA decrypt nodes/$node/gpg/key.passwd`" + echo -n "$PASSWORD" | hydra fluxo eyaml $node encrypt --stdin -o block -q -l nodo::subsystem::backup::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$node.yaml + fi elif [ "$which" == "ssh" ]; then keyringer $HYDRA genpair ssh nodes/$node/ssh/id_rsa $node elif [ "$which" == "borg" ]; then diff --git a/share/hydra/newnode b/share/hydra/newnode index d087e5b..3e32d8a 100755 --- a/share/hydra/newnode +++ b/share/hydra/newnode @@ -84,27 +84,6 @@ cp $YAML $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml # Generate keys hydra $HYDRA newkeys all $NODE -# Add OpenPGP key ID into secret node config -KEYID="`keyringer $HYDRA decrypt nodes/$NODE/gpg/key.pub 2> /dev/null | gpg --with-colons 2> /dev/null | grep ^pub: | cut -d : -f 5`" -echo "nodo::subsystem::backup::encryptkey: '$KEYID'" >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml - -echo "" >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml - -# Add OpenPGP passphrase into secret node config -# We cannot simple pipe keyringer output into hiera-eyaml otherwiser the newline after the password will be interpreted as part of the password -#keyringer $HYDRA decrypt nodes/$NODE/gpg/key.passwd | \ -#hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml -PASSWORD="`keyringer $HYDRA decrypt nodes/$NODE/gpg/key.passwd`" -echo -n "$PASSWORD" | hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml - -echo "" >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml - -# Add Borg passphrase into secret node config -#keyringer $HYDRA decrypt nodes/$NODE/borg/key.passwd | \ -#hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::borg::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml -PASSWORD="`keyringer $HYDRA decrypt nodes/$NODE/borg/key.passwd`" -echo -n "$PASSWORD" | hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::borg::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml - # Ansible config if [ -e "$HYDRA_FOLDER/ansible/inventories/production/hosts" ]; then echo "$NODE" >> $HYDRA_FOLDER/ansible/inventories/production/hosts |