summaryrefslogtreecommitdiff
path: root/share
diff options
context:
space:
mode:
Diffstat (limited to 'share')
-rwxr-xr-xshare/hydra/import-certs39
1 files changed, 37 insertions, 2 deletions
diff --git a/share/hydra/import-certs b/share/hydra/import-certs
index dee4bdb..15daca3 100755
--- a/share/hydra/import-certs
+++ b/share/hydra/import-certs
@@ -30,6 +30,41 @@ fi
# Deploy
for node in $NODES; do
- # TODO
- echo "Not implemented!"
+ hostname="`hydra_get_fqdn_from_nodename $node`"
+
+ echo "-----------------------------------------------------"
+ echo "Importing certs and keys into $hostname:/etc/ssl... "
+ echo "-----------------------------------------------------"
+
+ echo "Creating folder structure at $hostname:/etc/ssl..."
+ $HYDRA_CONNECT $hostname <<EOF
+ sudo mkdir -p /etc/ssl/private
+ sudo mkdir -p /etc/ssl/certs
+ sudo chown root.ssl-cert /etc/ssl/private
+ sudo chown root.ssl-cert /etc/ssl/certs
+ sudo chmod 644 /etc/ssl/private
+ sudo chmod 644 /etc/ssl/certs
+EOF
+
+ keyringer $HYDRA ls -1 ssl/ | grep crt | while read cert; do
+ cert="`basename $cert .asc`"
+ priv="`basename $cert .crt`.pem"
+
+ $HYDRA_CONNECT $hostname <<EOF
+ sudo touch /etc/ssl/certs/$cert
+ sudo chown root.ssl-cert /etc/ssl/certs/$cert
+ sudo chmod 644 /etc/ssl/certs/$cert
+ sudo touch /etc/ssl/private/$priv
+ sudo chown root.ssl-cert /etc/ssl/private/$priv
+ sudo chmod 640 /etc/ssl/private/$priv
+EOF
+
+ echo "Importing $cert from keyringer to $hostname:/etc/ssl/certs..."
+ keyringer $HYDRA decrypt ssl/$cert | \
+ $HYDRA_CONNECT $hostname "cat - | sudo tee /etc/ssl/certs/$cert > /dev/null"
+
+ echo "Importing $priv from keyringer to $hostname:/etc/ssl/private..."
+ keyringer $HYDRA decrypt ssl/$priv | \
+ $HYDRA_CONNECT $hostname "cat - | sudo tee /etc/ssl/private/$priv > /dev/null"
+ done
done