blob: 784deaed1fffaa029f38059b524176557b700496 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
#!/bin/bash
#
# Import keys into nodes.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License along with this program. If not, see
# <http://www.gnu.org/licenses/>.
# Load
source $APP_BASE/lib/hydra/functions || exit 1
hydra_config_load
# Import OpenPGP keypair
function hydra_import_keys_openpgp {
key="$(keyringer $HYDRA decrypt $hostname/gpg/key 2> /dev/null | sed -ne '1,$p')"
key_id="$(echo "$key" | gpg --with-colons | grep sec | cut -d : -f 5)"
if [ -z "$key" ]; then
echo "Could not find key for $node, skipping."
continue
fi
$HYDRA_CONNECT $node <<EOF
##### BEGIN REMOTE SCRIPT #####
echo ""
echo "-----------------------------"
echo "Importing gpg key to $node..."
echo "-----------------------------"
echo ""
echo "$key" | sudo gpg --homedir /root/.gnupg --import
echo ""
echo "Trusting key at $node..."
echo ""
printf "trust\n5\ny\nsave\n" | sudo gpg --homedir /root/.gnupg --no-tty --status-fd=2 --command-fd=0 --edit-key $key_id
echo ""
echo "Verifying..."
echo ""
sudo gpg --homedir /root/.gnupg --list-keys
##### END REMOTE SCRIPT #######
EOF
}
# Import OpenSSH keypair
function hydra_import_keys_openssh {
# TODO
echo "Not implemented!"
}
# Command line arguments
NODES="$*"
# Build node list
if [ -z "$NODES" ]; then
NODES="`hydra $HYDRA nodes`"
fi
# Deploy
for node in $NODES; do
if [ ! -z "$HOST" ]; then
hostname="$HOST"
else
hostname="`echo $node | cut -d . -f 1`"
fi
# Import OpenPGP keypair
hydra_import_keys_openpgp
# Import OpenSSH keypair
hydra_import_keys_openssh
done
|
