Implement import-certs

1 files changed, 37 insertions, 2 deletions

diff --git a/share/hydra/import-certs b/share/hydra/import-certs
index dee4bdb..15daca3 100755
--- a/share/hydra/import-certs
+++ b/share/hydra/import-certs
@@ -30,6 +30,41 @@ fi
 
 # Deploy
 for node in $NODES; do
-  # TODO
-  echo "Not implemented!"
+  hostname="`hydra_get_fqdn_from_nodename $node`"
+
+  echo "-----------------------------------------------------"
+  echo "Importing certs and keys into $hostname:/etc/ssl...  "
+  echo "-----------------------------------------------------"
+
+  echo "Creating folder structure at $hostname:/etc/ssl..."
+  $HYDRA_CONNECT $hostname <<EOF
+  sudo mkdir -p            /etc/ssl/private
+  sudo mkdir -p            /etc/ssl/certs
+  sudo chown root.ssl-cert /etc/ssl/private
+  sudo chown root.ssl-cert /etc/ssl/certs
+  sudo chmod 644           /etc/ssl/private
+  sudo chmod 644           /etc/ssl/certs
+EOF
+
+  keyringer $HYDRA ls -1 ssl/ | grep crt | while read cert; do
+    cert="`basename $cert .asc`"
+    priv="`basename $cert .crt`.pem"
+
+    $HYDRA_CONNECT $hostname <<EOF
+      sudo touch               /etc/ssl/certs/$cert
+      sudo chown root.ssl-cert /etc/ssl/certs/$cert
+      sudo chmod 644           /etc/ssl/certs/$cert
+      sudo touch               /etc/ssl/private/$priv
+      sudo chown root.ssl-cert /etc/ssl/private/$priv
+      sudo chmod 640           /etc/ssl/private/$priv
+EOF
+
+    echo "Importing $cert from keyringer to $hostname:/etc/ssl/certs..."
+    keyringer $HYDRA decrypt ssl/$cert | \
+      $HYDRA_CONNECT $hostname "cat - | sudo tee /etc/ssl/certs/$cert > /dev/null"
+ 
+    echo "Importing $priv from keyringer to $hostname:/etc/ssl/private..."
+    keyringer $HYDRA decrypt ssl/$priv | \
+      $HYDRA_CONNECT $hostname "cat - | sudo tee /etc/ssl/private/$priv > /dev/null"
+  done
 done