Deploy: enhance eyaml localhost keypair logic

1 files changed, 14 insertions, 6 deletions

diff --git a/lib/hydra/deploy b/lib/hydra/deploy
index 196b944..70a8a67 100644
--- a/lib/hydra/deploy
+++ b/lib/hydra/deploy
@@ -9,6 +9,9 @@ function hydra_deploy_setup {
   DEPLOY_RSYNC="rsync -CrltDvpq --no-owner --exclude=/ssl --exclude=keys --exclude=site_keys --exclude=config/secrets --delete --rsync-path"
   RSYNC_PATH="rsync -q"
 
+  # Ensure keystore existence
+  mkdir -p $HYDRA_FOLDER/puppet/keys
+
   if [ "$1" == "remote" ]; then
     # Deploy in a remote host
     if [ ! -z "$2" ]; then
@@ -59,12 +62,17 @@ function hydra_deploy_setup {
     PUPPET_OPTS="--confdir=$HYDRA_FOLDER/puppet --modulepath=$HYDRA_FOLDER/puppet/modules"
     hydra_deploy_set_manifest $HYDRA_FOLDER
 
-    # Fix eyaml keys
-    mkdir -p $HYDRA_FOLDER/puppet/keys
-    rm -f $HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem
-    rm -f $HYDRA_FOLDER/puppet/keys/public_key.pkcs7.pem
-    ln -sf $HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/private_key.pkcs7.pem $HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem
-    ln -sf $HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/public_key.pkcs7.pem $HYDRA_FOLDER/puppet/keys/public_key.pkcs7.pem
+    # Remove old eyaml symlinks if exists
+    if [ -h "$HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem" ]; then
+      rm -f $HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem
+      rm -f $HYDRA_FOLDER/puppet/keys/public_key.pkcs7.pem
+    fi
+
+    # Use eyaml keypair from the current hostname
+    if [ ! -e "$HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem" ]; then
+      ln -sf $HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/private_key.pkcs7.pem $HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem
+      ln -sf $HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/public_key.pkcs7.pem  $HYDRA_FOLDER/puppet/keys/public_key.pkcs7.pem
+    fi
   fi
 
   # Common parameters