diff options
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | README | 14 | ||||
-rwxr-xr-x | share/keyringer/newkeys | 68 | ||||
-rwxr-xr-x | share/keyringer/options | 39 |
4 files changed, 122 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1377554 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.swp @@ -89,6 +89,20 @@ Keyringer comes with a simple git wrapper to ease common management tasks: keyringer <keyring> git push keyringer master keyringer <keyring> git pull +Managing puppet node keys +------------------------- + +Keyringer is able to manage node keys for puppet nodes. First add the puppet +main and key folders into your keyring configuration: + + keyringer <keyring> options add PUPPET=/path/to/puppet/config + keyringer <keyring> options add PUPPET_KEYS=/path/to/puppet/keys + +Then you just need to issue the following command every time you have to create +keys for new nodes: + + keyringer <keyring> newkeys puppet + Notes ----- diff --git a/share/keyringer/newkeys b/share/keyringer/newkeys new file mode 100755 index 0000000..f4a88a5 --- /dev/null +++ b/share/keyringer/newkeys @@ -0,0 +1,68 @@ +#!/bin/bash +# +# Create keys for new nodes. +# + +# Config +ACTIONS="`dirname $0`" +BASEDIR="$1" +COMMAND="$2" +BASENAME="`basename $0`" +OPTIONS="$BASEDIR/config/options" + +function newkeys_nodes { + # See http://www.mail-archive.com/puppet-users@googlegroups.com/msg01615.html + grep ^node $* | sed -e 's/^node //' | awk -F, '{for(i=1;i<=NF;i++) {print $i}}' | cut -d "'" -f2 +} + +function newkeys_puppet { + # Generates ssh and gpg keys for new nodes + # GPG keys should be manually imported in the nodes + + if [ -e "$PUPPET/manifests/nodes.pp" ]; then + nodes="`newkeys_nodes $PUPPET/manifests/nodes.pp`" + fi + + if [ -d "$PUPPET/manifests/nodes" ]; then + nodes="$nodes `newkeys_nodes $PUPPET/manifests/nodes/*`" + fi + + for host in $nodes; do + node="`echo $host | cut -d . -f 1`" + privkey="$PUPPET/$PUPPET_KEYS/"$node"_id_dsa" + pubkey="$privkey.pub" + if [ ! -e "$privkey" ] || [ ! -e "$pubkey" ]; then + keyringer_exec genpair $BASEDIR ssh $node/ssh/id_dsa $host $privkey + keyringer_exec genpair $BASEDIR gpg $node/gpg/key $host + + # Add key into puppet git repository + ( cd $PUPPET_KEYS && git add $privkey $pubkey ) + fi + done +} + +# Load functions +LIB="`dirname $0`/../../lib/keyringer" +source $LIB/functions + +if [ -z "$COMMAND" ]; then + echo "Usage: keyringer <keyring> `basename $0` <command> [arguments]" + exit 1 +elif [ ! -f "$OPTIONS" ]; then + echo "No option config was found" + exit 1 +fi + +source $OPTIONS + +if [ -z "$PUPPET_KEYS" ]; then + PUPPET_KEYS="$PUPPET/files/keys" +fi + +# Right now just puppet backend is supported +if [ "$COMMAND" == "puppet" ]; then + newkeys_puppet +else + echo "No such option $COMMAND" + exit 1 +fi diff --git a/share/keyringer/options b/share/keyringer/options new file mode 100755 index 0000000..20a9891 --- /dev/null +++ b/share/keyringer/options @@ -0,0 +1,39 @@ +#!/bin/bash +# +# Recipient management. +# + +# Config +ACTIONS="`dirname $0`" +BASEDIR="$1" +COMMAND="$2" +BASENAME="`basename $0`" +OPTIONS="$BASEDIR/config/options" + +# Load functions +LIB="`dirname $0`/../../lib/keyringer" +source $LIB/functions + +if [ -z "$COMMAND" ]; then + echo "Usage: keyringer <keyring> `basename $0` <command> [arguments]" + exit 1 +fi + +# Create options file if old repository +if [ ! -e "$OPTIONS" ]; then + echo "Creating options file..." + touch $OPTIONS + keyringer_exec git $BASEDIR add config/options +fi + +if [ "$COMMAND" == "ls" ]; then + cat $OPTIONS +elif [ "$COMMAND" == "edit" ]; then + $EDITOR $OPTIONS +elif [ "$COMMAND" == "add" ]; then + shift 2 + echo $* >> $OPTIONS +else + echo "$BASENAME: No such command $COMMAND" + exit 1 +fi |