From a5530b8c90ca6a6d7cf858f645c24f64f946a450 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Mon, 16 May 2016 10:36:18 -0300 Subject: Single-key support for eyaml --- lib/hydra/deploy | 8 ++++++++ share/hydra/eyaml | 23 ++++++++++++++++++----- 2 files changed, 26 insertions(+), 5 deletions(-) diff --git a/lib/hydra/deploy b/lib/hydra/deploy index 320b557..196b944 100644 --- a/lib/hydra/deploy +++ b/lib/hydra/deploy @@ -128,12 +128,20 @@ function hydra_deploy_copy_keys { # Ensure key availability hydra $HYDRA eyaml $FQDN + # Test for multi-keys setup if [ -e "$HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/private_key.pkcs7.pem" ]; then hydra_deploy_copy $location $HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/private_key.pkcs7.pem $DEPLOY_DEST/etc/puppet/keys/private_key.pkcs7.pem + # Then try single-key setup + elif [ -e "$HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem" ]; then + hydra_deploy_copy $location $HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem $DEPLOY_DEST/etc/puppet/keys/private_key.pkcs7.pem fi + # Test for multi-keys setup if [ -e "$HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/public_key.pkcs7.pem" ]; then hydra_deploy_copy $location $HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/public_key.pkcs7.pem $DEPLOY_DEST/etc/puppet/keys/public_key.pkcs7.pem + # Then try single-key setup + elif [ -e "$HYDRA_FOLDER/puppet/keys/public_key.pkcs7.pem" ]; then + hydra_deploy_copy $location $HYDRA_FOLDER/puppet/keys/public_key.pkcs7.pem $DEPLOY_DEST/etc/puppet/keys/public_key.pkcs7.pem fi } diff --git a/share/hydra/eyaml b/share/hydra/eyaml index 7a0df8c..c02aab1 100755 --- a/share/hydra/eyaml +++ b/share/hydra/eyaml @@ -25,6 +25,7 @@ BASENAME="`basename $0`" NODE="$1" ACTION="$2" FQDN="`hydra_get_fqdn_from_nodename $NODE`" +DOMAIN="`echo $FQDN | cut -d . -f 2-`" shift # Check for eyaml @@ -45,21 +46,33 @@ mkdir -p $HYDRA_FOLDER/puppet/keys/$FQDN/eyaml # Set pub and privkey paths PRIV="$HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/private_key.pkcs7.pem" PUB="$HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/public_key.pkcs7.pem" +PRIV_CRYPT="nodes/$FQDN/eyaml/private_key.pkcs7.pem.asc" +PUB_CRYPT="nodes/$FQDN/eyaml/public_key.pkcs7.pem" + +# Test for single-key setup +if [ -e "$HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem" ] && [ ! -h "$HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem" ]; then + PRIV="$HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem" + PUB="$HYDRA_FOLDER/puppet/keys/public_key.pkcs7.pem" + PRIV_CRYPT="domain/$DOMAIN/eyaml/private_key.pkcs7.pem.asc" + PUB_CRYPT="domain/$DOMAIN/eyaml/public_key.pkcs7.pem" +fi + +# Then set eyaml args ARGS="--pkcs7-private-key $PRIV --pkcs7-public-key $PUB" # Generate keypair if needed if [ ! -e "$PRIV" ]; then - if [ -e "$HYDRA_FOLDER/keyring/keys/nodes/$FQDN/eyaml/private_key.pkcs7.pem.asc" ]; then + if [ -e "$HYDRA_FOLDER/keyring/keys/$PRIV_CRYPT" ]; then echo "Getting eyaml keys for $FDQN from keyringer..." - keyringer $HYDRA decrypt nodes/$FQDN/eyaml/private_key.pkcs7.pem > $PRIV - keyringer $HYDRA decrypt nodes/$FQDN/eyaml/public_key.pkcs7.pem > $PUB + keyringer $HYDRA decrypt $PRIV_CRYPT > $PRIV + keyringer $HYDRA decrypt $PUB_CRYOT > $PUB else echo "Generating eyaml keys for $FQDN..." eyaml createkeys $ARGS echo "Saving generated keys into keyringer..." - keyringer $HYDRA encrypt nodes/$FQDN/eyaml/private_key.pkcs7.pem $PRIV - keyringer $HYDRA encrypt nodes/$FQDN/eyaml/public_key.pkcs7.pem $PUB + keyringer $HYDRA encrypt $PRIV_CRYPT $PRIV + keyringer $HYDRA encrypt $PUB_CRYPT $PUB fi fi -- cgit v1.2.3