summaryrefslogtreecommitdiff
path: root/share/hydra/eyaml
diff options
context:
space:
mode:
Diffstat (limited to 'share/hydra/eyaml')
-rwxr-xr-xshare/hydra/eyaml53
1 files changed, 53 insertions, 0 deletions
diff --git a/share/hydra/eyaml b/share/hydra/eyaml
index e69de29..efd0c41 100755
--- a/share/hydra/eyaml
+++ b/share/hydra/eyaml
@@ -0,0 +1,53 @@
+#!/bin/bash
+#
+# Wrapper for hiera-eyaml.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License along with this program. If not, see
+# <http://www.gnu.org/licenses/>.
+
+# Load
+source $APP_BASE/lib/hydra/functions || exit 1
+hydra_config_load
+
+# Parameters
+NODE="$1"
+FQDN="`hydra_get_fqdn_from_nodename $NODE`"
+shift
+
+# Ensure keystore exists
+mkdir -p $HYDRA_FOLDER/keys/$FQDN/eyaml
+
+# Set pub and privkey paths
+PRIV="$HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/private_key.pkcs7.pem"
+PUB="$HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/public_key.pkcs7.pem"
+ARGS="--pkcs7-private-key $PRIV --pkcs7-public-key $PUB"
+
+# Generate keypair if needed
+if [ ! -e "$PRIV" ]; then
+ if [ -e "$HYDRA_FOLDER/keyring/keys/nodes/$FQDN/eyaml/private_key.pkcs7.pem.asc" ]; then
+ echo "Getting eyaml keys for $FDQN from keyringer..."
+ keyringer $HYDRA decrypt nodes/$FQDN/eyaml/private_key.pkcs7.pem > $PRIV
+ keyringer $HYDRA decrypt nodes/$FQDN/eyaml/public_key.pkcs7.pem > $PUB
+ else
+ echo "Generating eyaml keys for $FQDN..."
+ eyaml createkeys $ARGS
+
+ echo "Saving generated keys into keyringer..."
+ keyringer $HYDRA encrypt nodes/$FQDN/eyaml/private_key.pkcs7.pem $PRIV
+ keyringer $HYDRA encrypt nodes/$FQDN/eyaml/public_key.pkcs7.pem $PUB
+ fi
+fi
+
+# Now call eyaml directly
+eyaml $* $ARGS