From d5ffa217be82d8541b0a7f821c1affd5660db2b8 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Fri, 14 Oct 2016 17:58:24 -0300
Subject: Import-keys: do not use ssh if host is localhost

---
 doc/todo.rst            |   1 -
 share/hydra/import-keys | 116 ++++++++++++++++++++++++++++++++----------------
 2 files changed, 78 insertions(+), 39 deletions(-)

diff --git a/doc/todo.rst b/doc/todo.rst
index 0f14d45..efe4379 100644
--- a/doc/todo.rst
+++ b/doc/todo.rst
@@ -1,6 +1,5 @@
 TODO
 ====
 
-* import-keys: do not use ssh if host is localhost.
 * import-certs: concat.pem; cert.pem and cert.crt symlinks; restart services.
 * compile: automatic definitions for per-node backup::users.
diff --git a/share/hydra/import-keys b/share/hydra/import-keys
index cf858c2..9f10e94 100755
--- a/share/hydra/import-keys
+++ b/share/hydra/import-keys
@@ -30,52 +30,92 @@ function hydra_import_keys_openpgp {
     continue
   fi
 
-  $HYDRA_CONNECT $hostname <<EOF
-  ##### BEGIN REMOTE SCRIPT #####
-  echo ""
-  echo "-----------------------------"
-  echo "Importing gpg key to $node..."
-  echo "-----------------------------"
-  echo ""
-  echo "$key" | sudo gpg --homedir /root/.gnupg --import
-
-  echo ""
-  echo "Trusting key at $node..."
-  echo ""
-  printf "trust\n5\ny\nsave\n" | sudo gpg --homedir /root/.gnupg --no-tty --status-fd=2 --command-fd=0 --edit-key $key_id
-
-  echo ""
-  echo "Verifying..."
-  echo ""
-  sudo gpg --homedir /root/.gnupg --list-keys
-  ##### END REMOTE SCRIPT #######
+  if [ "`facter fqdn`" != "$hostname" ]; then
+    $HYDRA_CONNECT $hostname <<EOF
+    ##### BEGIN REMOTE SCRIPT #####
+    echo ""
+    echo "-----------------------------"
+    echo "Importing gpg key to $node..."
+    echo "-----------------------------"
+    echo ""
+    echo "$key" | sudo gpg --homedir /root/.gnupg --import
+
+    echo ""
+    echo "Trusting key at $node..."
+    echo ""
+    printf "trust\n5\ny\nsave\n" | sudo gpg --homedir /root/.gnupg --no-tty --status-fd=2 --command-fd=0 --edit-key $key_id
+
+    echo ""
+    echo "Verifying..."
+    echo ""
+    sudo gpg --homedir /root/.gnupg --list-keys
+    ##### END REMOTE SCRIPT #######
 EOF
+  else
+    echo ""
+    echo "-----------------------------"
+    echo "Importing gpg key to $node..."
+    echo "-----------------------------"
+    echo ""
+    echo "$key" | sudo gpg --homedir /root/.gnupg --import
+
+    echo ""
+    echo "Trusting key at $node..."
+    echo ""
+    printf "trust\n5\ny\nsave\n" | sudo gpg --homedir /root/.gnupg --no-tty --status-fd=2 --command-fd=0 --edit-key $key_id
+
+    echo ""
+    echo "Verifying..."
+    echo ""
+    sudo gpg --homedir /root/.gnupg --list-keys
+  fi
 }
 
 # Import OpenSSH keypair
 function hydra_import_keys_openssh {
-  echo "-----------------------------------------------------"
-  echo "Importing keypair at $hostname:/root/.ssh..."
-  echo "-----------------------------------------------------"
-
-  echo "Creating folder structure at $hostname:/root/.ssh..."
-  $HYDRA_CONNECT $hostname <<EOF
-  sudo mkdir -p        /root/.ssh
-  sudo chown root.root /root/.ssh
-  sudo chmod 700       /root/.ssh
-  sudo touch           /root/.ssh/id_rsa
-  sudo touch           /root/.ssh/id_rsa.pub
-  sudo chmod 600       /root/.ssh/id_rsa
-  sudo chmod 600       /root/.ssh/id_rsa.pub
+  if [ "`facter fqdn`" != "$hostname" ]; then
+    echo "-----------------------------------------------------"
+    echo "Importing keypair at $hostname:/root/.ssh..."
+    echo "-----------------------------------------------------"
+
+    echo "Creating folder structure at $hostname:/root/.ssh..."
+    $HYDRA_CONNECT $hostname <<EOF
+    sudo mkdir -p        /root/.ssh
+    sudo chown root.root /root/.ssh
+    sudo chmod 700       /root/.ssh
+    sudo touch           /root/.ssh/id_rsa
+    sudo touch           /root/.ssh/id_rsa.pub
+    sudo chmod 600       /root/.ssh/id_rsa
+    sudo chmod 600       /root/.ssh/id_rsa.pub
 EOF
 
-  echo "Importing public key from keyringer to $hostname:/root/.ssh..."
-  keyringer $HYDRA decrypt nodes/$hostname/ssh/id_rsa.pub | \
-    $HYDRA_CONNECT $hostname "cat - | sudo tee /root/.ssh/id_rsa.pub > /dev/null"
+    echo "Importing public key from keyringer to $hostname:/root/.ssh..."
+    keyringer $HYDRA decrypt nodes/$hostname/ssh/id_rsa.pub | \
+      $HYDRA_CONNECT $hostname "cat - | sudo tee /root/.ssh/id_rsa.pub > /dev/null"
+
+    echo "Importing private key from keyringer to $hostname:/root/.ssh..."
+    keyringer $HYDRA decrypt nodes/$hostname/ssh/id_rsa | \
+      $HYDRA_CONNECT $hostname "cat - | sudo tee /root/.ssh/id_rsa > /dev/null"
+  else
+    echo "-----------------------------------------------------"
+    echo "Importing keypair at $hostname:/root/.ssh..."
+    echo "-----------------------------------------------------"
+
+    echo "Creating folder structure at $hostname:/root/.ssh..."
+    sudo mkdir -p        /root/.ssh
+    sudo chown root.root /root/.ssh
+    sudo chmod 700       /root/.ssh
+    sudo touch           /root/.ssh/id_rsa
+    sudo touch           /root/.ssh/id_rsa.pub
+    sudo chmod 600       /root/.ssh/id_rsa
+    sudo chmod 600       /root/.ssh/id_rsa.pub
 
-  echo "Importing private key from keyringer to $hostname:/root/.ssh..."
-  keyringer $HYDRA decrypt nodes/$hostname/ssh/id_rsa | \
-    $HYDRA_CONNECT $hostname "cat - | sudo tee /root/.ssh/id_rsa > /dev/null"
+    echo "Importing public key from keyringer to $hostname:/root/.ssh..."
+    keyringer $HYDRA decrypt nodes/$hostname/ssh/id_rsa.pub | sudo tee /root/.ssh/id_rsa.pub > /dev/null
+
+    echo "Importing private key from keyringer to $hostname:/root/.ssh..."
+    keyringer $HYDRA decrypt nodes/$hostname/ssh/id_rsa | sudo tee /root/.ssh/id_rsa > /dev/null
+  fi
 }
 
 # Command line arguments
-- 
cgit v1.2.3