diff options
Diffstat (limited to 'share')
-rwxr-xr-x | share/hydra/eyaml | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/share/hydra/eyaml b/share/hydra/eyaml index e69de29..efd0c41 100755 --- a/share/hydra/eyaml +++ b/share/hydra/eyaml @@ -0,0 +1,53 @@ +#!/bin/bash +# +# Wrapper for hiera-eyaml. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public +# License along with this program. If not, see +# <http://www.gnu.org/licenses/>. + +# Load +source $APP_BASE/lib/hydra/functions || exit 1 +hydra_config_load + +# Parameters +NODE="$1" +FQDN="`hydra_get_fqdn_from_nodename $NODE`" +shift + +# Ensure keystore exists +mkdir -p $HYDRA_FOLDER/keys/$FQDN/eyaml + +# Set pub and privkey paths +PRIV="$HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/private_key.pkcs7.pem" +PUB="$HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/public_key.pkcs7.pem" +ARGS="--pkcs7-private-key $PRIV --pkcs7-public-key $PUB" + +# Generate keypair if needed +if [ ! -e "$PRIV" ]; then + if [ -e "$HYDRA_FOLDER/keyring/keys/nodes/$FQDN/eyaml/private_key.pkcs7.pem.asc" ]; then + echo "Getting eyaml keys for $FDQN from keyringer..." + keyringer $HYDRA decrypt nodes/$FQDN/eyaml/private_key.pkcs7.pem > $PRIV + keyringer $HYDRA decrypt nodes/$FQDN/eyaml/public_key.pkcs7.pem > $PUB + else + echo "Generating eyaml keys for $FQDN..." + eyaml createkeys $ARGS + + echo "Saving generated keys into keyringer..." + keyringer $HYDRA encrypt nodes/$FQDN/eyaml/private_key.pkcs7.pem $PRIV + keyringer $HYDRA encrypt nodes/$FQDN/eyaml/public_key.pkcs7.pem $PUB + fi +fi + +# Now call eyaml directly +eyaml $* $ARGS |