aboutsummaryrefslogtreecommitdiff
path: root/share/hydra/import-certs
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2016-06-23 10:47:41 -0300
committerSilvio Rhatto <rhatto@riseup.net>2016-06-23 10:47:41 -0300
commit5c1fd1e0d4287811db4f978985fd6f8bc82bdde1 (patch)
treecceb7856d253f51d7ccda2edfbdd19ce1d96b1f1 /share/hydra/import-certs
parentf205053e9e705ecb26728afc3df362f52be2d905 (diff)
downloadhydra-5c1fd1e0d4287811db4f978985fd6f8bc82bdde1.tar.gz
hydra-5c1fd1e0d4287811db4f978985fd6f8bc82bdde1.tar.bz2
Implement import-certs
Diffstat (limited to 'share/hydra/import-certs')
-rwxr-xr-xshare/hydra/import-certs39
1 files changed, 37 insertions, 2 deletions
diff --git a/share/hydra/import-certs b/share/hydra/import-certs
index dee4bdb..15daca3 100755
--- a/share/hydra/import-certs
+++ b/share/hydra/import-certs
@@ -30,6 +30,41 @@ fi
# Deploy
for node in $NODES; do
- # TODO
- echo "Not implemented!"
+ hostname="`hydra_get_fqdn_from_nodename $node`"
+
+ echo "-----------------------------------------------------"
+ echo "Importing certs and keys into $hostname:/etc/ssl... "
+ echo "-----------------------------------------------------"
+
+ echo "Creating folder structure at $hostname:/etc/ssl..."
+ $HYDRA_CONNECT $hostname <<EOF
+ sudo mkdir -p /etc/ssl/private
+ sudo mkdir -p /etc/ssl/certs
+ sudo chown root.ssl-cert /etc/ssl/private
+ sudo chown root.ssl-cert /etc/ssl/certs
+ sudo chmod 644 /etc/ssl/private
+ sudo chmod 644 /etc/ssl/certs
+EOF
+
+ keyringer $HYDRA ls -1 ssl/ | grep crt | while read cert; do
+ cert="`basename $cert .asc`"
+ priv="`basename $cert .crt`.pem"
+
+ $HYDRA_CONNECT $hostname <<EOF
+ sudo touch /etc/ssl/certs/$cert
+ sudo chown root.ssl-cert /etc/ssl/certs/$cert
+ sudo chmod 644 /etc/ssl/certs/$cert
+ sudo touch /etc/ssl/private/$priv
+ sudo chown root.ssl-cert /etc/ssl/private/$priv
+ sudo chmod 640 /etc/ssl/private/$priv
+EOF
+
+ echo "Importing $cert from keyringer to $hostname:/etc/ssl/certs..."
+ keyringer $HYDRA decrypt ssl/$cert | \
+ $HYDRA_CONNECT $hostname "cat - | sudo tee /etc/ssl/certs/$cert > /dev/null"
+
+ echo "Importing $priv from keyringer to $hostname:/etc/ssl/private..."
+ keyringer $HYDRA decrypt ssl/$priv | \
+ $HYDRA_CONNECT $hostname "cat - | sudo tee /etc/ssl/private/$priv > /dev/null"
+ done
done