diff options
Diffstat (limited to 'share/hydra/eyaml')
-rwxr-xr-x | share/hydra/eyaml | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/share/hydra/eyaml b/share/hydra/eyaml index 7a0df8c..c02aab1 100755 --- a/share/hydra/eyaml +++ b/share/hydra/eyaml @@ -25,6 +25,7 @@ BASENAME="`basename $0`" NODE="$1" ACTION="$2" FQDN="`hydra_get_fqdn_from_nodename $NODE`" +DOMAIN="`echo $FQDN | cut -d . -f 2-`" shift # Check for eyaml @@ -45,21 +46,33 @@ mkdir -p $HYDRA_FOLDER/puppet/keys/$FQDN/eyaml # Set pub and privkey paths PRIV="$HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/private_key.pkcs7.pem" PUB="$HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/public_key.pkcs7.pem" +PRIV_CRYPT="nodes/$FQDN/eyaml/private_key.pkcs7.pem.asc" +PUB_CRYPT="nodes/$FQDN/eyaml/public_key.pkcs7.pem" + +# Test for single-key setup +if [ -e "$HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem" ] && [ ! -h "$HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem" ]; then + PRIV="$HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem" + PUB="$HYDRA_FOLDER/puppet/keys/public_key.pkcs7.pem" + PRIV_CRYPT="domain/$DOMAIN/eyaml/private_key.pkcs7.pem.asc" + PUB_CRYPT="domain/$DOMAIN/eyaml/public_key.pkcs7.pem" +fi + +# Then set eyaml args ARGS="--pkcs7-private-key $PRIV --pkcs7-public-key $PUB" # Generate keypair if needed if [ ! -e "$PRIV" ]; then - if [ -e "$HYDRA_FOLDER/keyring/keys/nodes/$FQDN/eyaml/private_key.pkcs7.pem.asc" ]; then + if [ -e "$HYDRA_FOLDER/keyring/keys/$PRIV_CRYPT" ]; then echo "Getting eyaml keys for $FDQN from keyringer..." - keyringer $HYDRA decrypt nodes/$FQDN/eyaml/private_key.pkcs7.pem > $PRIV - keyringer $HYDRA decrypt nodes/$FQDN/eyaml/public_key.pkcs7.pem > $PUB + keyringer $HYDRA decrypt $PRIV_CRYPT > $PRIV + keyringer $HYDRA decrypt $PUB_CRYOT > $PUB else echo "Generating eyaml keys for $FQDN..." eyaml createkeys $ARGS echo "Saving generated keys into keyringer..." - keyringer $HYDRA encrypt nodes/$FQDN/eyaml/private_key.pkcs7.pem $PRIV - keyringer $HYDRA encrypt nodes/$FQDN/eyaml/public_key.pkcs7.pem $PUB + keyringer $HYDRA encrypt $PRIV_CRYPT $PRIV + keyringer $HYDRA encrypt $PUB_CRYPT $PUB fi fi |