summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore1
-rw-r--r--README14
-rwxr-xr-xshare/keyringer/newkeys68
-rwxr-xr-xshare/keyringer/options39
4 files changed, 122 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..1377554
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*.swp
diff --git a/README b/README
index 1bbd7e4..4e6c6bc 100644
--- a/README
+++ b/README
@@ -89,6 +89,20 @@ Keyringer comes with a simple git wrapper to ease common management tasks:
keyringer <keyring> git push keyringer master
keyringer <keyring> git pull
+Managing puppet node keys
+-------------------------
+
+Keyringer is able to manage node keys for puppet nodes. First add the puppet
+main and key folders into your keyring configuration:
+
+ keyringer <keyring> options add PUPPET=/path/to/puppet/config
+ keyringer <keyring> options add PUPPET_KEYS=/path/to/puppet/keys
+
+Then you just need to issue the following command every time you have to create
+keys for new nodes:
+
+ keyringer <keyring> newkeys puppet
+
Notes
-----
diff --git a/share/keyringer/newkeys b/share/keyringer/newkeys
new file mode 100755
index 0000000..f4a88a5
--- /dev/null
+++ b/share/keyringer/newkeys
@@ -0,0 +1,68 @@
+#!/bin/bash
+#
+# Create keys for new nodes.
+#
+
+# Config
+ACTIONS="`dirname $0`"
+BASEDIR="$1"
+COMMAND="$2"
+BASENAME="`basename $0`"
+OPTIONS="$BASEDIR/config/options"
+
+function newkeys_nodes {
+ # See http://www.mail-archive.com/puppet-users@googlegroups.com/msg01615.html
+ grep ^node $* | sed -e 's/^node //' | awk -F, '{for(i=1;i<=NF;i++) {print $i}}' | cut -d "'" -f2
+}
+
+function newkeys_puppet {
+ # Generates ssh and gpg keys for new nodes
+ # GPG keys should be manually imported in the nodes
+
+ if [ -e "$PUPPET/manifests/nodes.pp" ]; then
+ nodes="`newkeys_nodes $PUPPET/manifests/nodes.pp`"
+ fi
+
+ if [ -d "$PUPPET/manifests/nodes" ]; then
+ nodes="$nodes `newkeys_nodes $PUPPET/manifests/nodes/*`"
+ fi
+
+ for host in $nodes; do
+ node="`echo $host | cut -d . -f 1`"
+ privkey="$PUPPET/$PUPPET_KEYS/"$node"_id_dsa"
+ pubkey="$privkey.pub"
+ if [ ! -e "$privkey" ] || [ ! -e "$pubkey" ]; then
+ keyringer_exec genpair $BASEDIR ssh $node/ssh/id_dsa $host $privkey
+ keyringer_exec genpair $BASEDIR gpg $node/gpg/key $host
+
+ # Add key into puppet git repository
+ ( cd $PUPPET_KEYS && git add $privkey $pubkey )
+ fi
+ done
+}
+
+# Load functions
+LIB="`dirname $0`/../../lib/keyringer"
+source $LIB/functions
+
+if [ -z "$COMMAND" ]; then
+ echo "Usage: keyringer <keyring> `basename $0` <command> [arguments]"
+ exit 1
+elif [ ! -f "$OPTIONS" ]; then
+ echo "No option config was found"
+ exit 1
+fi
+
+source $OPTIONS
+
+if [ -z "$PUPPET_KEYS" ]; then
+ PUPPET_KEYS="$PUPPET/files/keys"
+fi
+
+# Right now just puppet backend is supported
+if [ "$COMMAND" == "puppet" ]; then
+ newkeys_puppet
+else
+ echo "No such option $COMMAND"
+ exit 1
+fi
diff --git a/share/keyringer/options b/share/keyringer/options
new file mode 100755
index 0000000..20a9891
--- /dev/null
+++ b/share/keyringer/options
@@ -0,0 +1,39 @@
+#!/bin/bash
+#
+# Recipient management.
+#
+
+# Config
+ACTIONS="`dirname $0`"
+BASEDIR="$1"
+COMMAND="$2"
+BASENAME="`basename $0`"
+OPTIONS="$BASEDIR/config/options"
+
+# Load functions
+LIB="`dirname $0`/../../lib/keyringer"
+source $LIB/functions
+
+if [ -z "$COMMAND" ]; then
+ echo "Usage: keyringer <keyring> `basename $0` <command> [arguments]"
+ exit 1
+fi
+
+# Create options file if old repository
+if [ ! -e "$OPTIONS" ]; then
+ echo "Creating options file..."
+ touch $OPTIONS
+ keyringer_exec git $BASEDIR add config/options
+fi
+
+if [ "$COMMAND" == "ls" ]; then
+ cat $OPTIONS
+elif [ "$COMMAND" == "edit" ]; then
+ $EDITOR $OPTIONS
+elif [ "$COMMAND" == "add" ]; then
+ shift 2
+ echo $* >> $OPTIONS
+else
+ echo "$BASENAME: No such command $COMMAND"
+ exit 1
+fi