#!/bin/bash
#
# Wrapper for hiera-eyaml.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License along with this program. If not, see
# .
# Load
source $APP_BASE/lib/hydra/functions || exit 1
hydra_config_load
# Parameters
BASENAME="`basename $0`"
NODE="$1"
ACTION="$2"
FQDN="`hydra_get_fqdn_from_nodename $NODE`"
shift
# Check for eyaml
if ! which eyaml &> /dev/null; then
echo "Please install ruby-eyaml"
exit 1
fi
# Check for node
if [ -z "$NODE" ]; then
echo "usage: hydra $HYDRA $BASENAME "
exit 1
fi
# Ensure keystore exists
mkdir -p $HYDRA_FOLDER/puppet/keys/$FQDN/eyaml
# Set pub and privkey paths
PRIV="$HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/private_key.pkcs7.pem"
PUB="$HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/public_key.pkcs7.pem"
ARGS="--pkcs7-private-key $PRIV --pkcs7-public-key $PUB"
# Generate keypair if needed
if [ ! -e "$PRIV" ]; then
if [ -e "$HYDRA_FOLDER/keyring/keys/nodes/$FQDN/eyaml/private_key.pkcs7.pem.asc" ]; then
echo "Getting eyaml keys for $FDQN from keyringer..."
keyringer $HYDRA decrypt nodes/$FQDN/eyaml/private_key.pkcs7.pem > $PRIV
keyringer $HYDRA decrypt nodes/$FQDN/eyaml/public_key.pkcs7.pem > $PUB
else
echo "Generating eyaml keys for $FQDN..."
eyaml createkeys $ARGS
echo "Saving generated keys into keyringer..."
keyringer $HYDRA encrypt nodes/$FQDN/eyaml/private_key.pkcs7.pem $PRIV
keyringer $HYDRA encrypt nodes/$FQDN/eyaml/public_key.pkcs7.pem $PUB
fi
fi
# Now call eyaml directly
if [ ! -z "$ACTION" ]; then
eyaml $* $ARGS
fi