aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/hydra/deploy8
-rwxr-xr-xshare/hydra/eyaml23
2 files changed, 26 insertions, 5 deletions
diff --git a/lib/hydra/deploy b/lib/hydra/deploy
index 320b557..196b944 100644
--- a/lib/hydra/deploy
+++ b/lib/hydra/deploy
@@ -128,12 +128,20 @@ function hydra_deploy_copy_keys {
# Ensure key availability
hydra $HYDRA eyaml $FQDN
+ # Test for multi-keys setup
if [ -e "$HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/private_key.pkcs7.pem" ]; then
hydra_deploy_copy $location $HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/private_key.pkcs7.pem $DEPLOY_DEST/etc/puppet/keys/private_key.pkcs7.pem
+ # Then try single-key setup
+ elif [ -e "$HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem" ]; then
+ hydra_deploy_copy $location $HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem $DEPLOY_DEST/etc/puppet/keys/private_key.pkcs7.pem
fi
+ # Test for multi-keys setup
if [ -e "$HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/public_key.pkcs7.pem" ]; then
hydra_deploy_copy $location $HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/public_key.pkcs7.pem $DEPLOY_DEST/etc/puppet/keys/public_key.pkcs7.pem
+ # Then try single-key setup
+ elif [ -e "$HYDRA_FOLDER/puppet/keys/public_key.pkcs7.pem" ]; then
+ hydra_deploy_copy $location $HYDRA_FOLDER/puppet/keys/public_key.pkcs7.pem $DEPLOY_DEST/etc/puppet/keys/public_key.pkcs7.pem
fi
}
diff --git a/share/hydra/eyaml b/share/hydra/eyaml
index 7a0df8c..c02aab1 100755
--- a/share/hydra/eyaml
+++ b/share/hydra/eyaml
@@ -25,6 +25,7 @@ BASENAME="`basename $0`"
NODE="$1"
ACTION="$2"
FQDN="`hydra_get_fqdn_from_nodename $NODE`"
+DOMAIN="`echo $FQDN | cut -d . -f 2-`"
shift
# Check for eyaml
@@ -45,21 +46,33 @@ mkdir -p $HYDRA_FOLDER/puppet/keys/$FQDN/eyaml
# Set pub and privkey paths
PRIV="$HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/private_key.pkcs7.pem"
PUB="$HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/public_key.pkcs7.pem"
+PRIV_CRYPT="nodes/$FQDN/eyaml/private_key.pkcs7.pem.asc"
+PUB_CRYPT="nodes/$FQDN/eyaml/public_key.pkcs7.pem"
+
+# Test for single-key setup
+if [ -e "$HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem" ] && [ ! -h "$HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem" ]; then
+ PRIV="$HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem"
+ PUB="$HYDRA_FOLDER/puppet/keys/public_key.pkcs7.pem"
+ PRIV_CRYPT="domain/$DOMAIN/eyaml/private_key.pkcs7.pem.asc"
+ PUB_CRYPT="domain/$DOMAIN/eyaml/public_key.pkcs7.pem"
+fi
+
+# Then set eyaml args
ARGS="--pkcs7-private-key $PRIV --pkcs7-public-key $PUB"
# Generate keypair if needed
if [ ! -e "$PRIV" ]; then
- if [ -e "$HYDRA_FOLDER/keyring/keys/nodes/$FQDN/eyaml/private_key.pkcs7.pem.asc" ]; then
+ if [ -e "$HYDRA_FOLDER/keyring/keys/$PRIV_CRYPT" ]; then
echo "Getting eyaml keys for $FDQN from keyringer..."
- keyringer $HYDRA decrypt nodes/$FQDN/eyaml/private_key.pkcs7.pem > $PRIV
- keyringer $HYDRA decrypt nodes/$FQDN/eyaml/public_key.pkcs7.pem > $PUB
+ keyringer $HYDRA decrypt $PRIV_CRYPT > $PRIV
+ keyringer $HYDRA decrypt $PUB_CRYOT > $PUB
else
echo "Generating eyaml keys for $FQDN..."
eyaml createkeys $ARGS
echo "Saving generated keys into keyringer..."
- keyringer $HYDRA encrypt nodes/$FQDN/eyaml/private_key.pkcs7.pem $PRIV
- keyringer $HYDRA encrypt nodes/$FQDN/eyaml/public_key.pkcs7.pem $PUB
+ keyringer $HYDRA encrypt $PRIV_CRYPT $PRIV
+ keyringer $HYDRA encrypt $PUB_CRYPT $PUB
fi
fi