2022-04-20 11:01:51 +00:00
|
|
|
#!/usr/bin/env ./sshtool
|
|
|
|
|
2022-04-20 13:03:04 +00:00
|
|
|
PKI=deuxfleurs/cluster/$CLUSTER
|
2022-04-20 11:01:51 +00:00
|
|
|
YEAR=$(date +%Y)
|
|
|
|
|
|
|
|
cmd mkdir -p /var/lib/nomad/pki /var/lib/consul/pki
|
|
|
|
|
2022-04-20 13:29:24 +00:00
|
|
|
for file in consul-ca.crt consul$YEAR.crt consul$YEAR.key \
|
|
|
|
consul$YEAR-client.crt consul$YEAR-client.key
|
|
|
|
do
|
2022-04-20 13:03:04 +00:00
|
|
|
if pass $PKI/$file >/dev/null; then
|
|
|
|
write_pass $PKI/$file /var/lib/consul/pki/$file
|
2022-04-20 11:01:51 +00:00
|
|
|
cmd chown consul:root /var/lib/consul/pki/$file
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
2023-01-01 18:38:28 +00:00
|
|
|
cmd ln -sf /var/lib/consul/pki/consul$YEAR.crt /var/lib/consul/pki/consul.crt
|
|
|
|
cmd ln -sf /var/lib/consul/pki/consul$YEAR.key /var/lib/consul/pki/consul.key
|
|
|
|
cmd ln -sf /var/lib/consul/pki/consul$YEAR-client.crt /var/lib/consul/pki/consul-client.crt
|
|
|
|
cmd ln -sf /var/lib/consul/pki/consul$YEAR-client.key /var/lib/consul/pki/consul-client.key
|
|
|
|
|
2024-03-16 17:53:11 +00:00
|
|
|
cmd systemctl reload consul
|
2022-04-20 11:01:51 +00:00
|
|
|
|
2022-04-20 13:29:24 +00:00
|
|
|
for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key \
|
2022-10-16 16:12:57 +00:00
|
|
|
nomad$YEAR-client.crt nomad$YEAR-client.key \
|
2022-04-20 13:29:24 +00:00
|
|
|
consul$YEAR.crt consul$YEAR-client.crt consul$YEAR-client.key
|
|
|
|
do
|
2022-04-20 13:03:04 +00:00
|
|
|
if pass $PKI/$file >/dev/null; then
|
|
|
|
write_pass $PKI/$file /var/lib/nomad/pki/$file
|
2024-03-28 10:55:58 +00:00
|
|
|
if [ ! "$CLUSTER" = "staging" ]; then
|
|
|
|
cmd "chown \$(stat -c %u /var/lib/private/nomad/) /var/lib/nomad/pki/$file"
|
2024-03-16 17:53:11 +00:00
|
|
|
fi
|
2022-04-20 11:01:51 +00:00
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
2023-01-01 18:38:28 +00:00
|
|
|
cmd ln -sf /var/lib/nomad/pki/nomad$YEAR.crt /var/lib/nomad/pki/nomad.crt
|
|
|
|
cmd ln -sf /var/lib/nomad/pki/nomad$YEAR.key /var/lib/nomad/pki/nomad.key
|
|
|
|
cmd ln -sf /var/lib/nomad/pki/nomad$YEAR-client.crt /var/lib/nomad/pki/nomad-client.crt
|
|
|
|
cmd ln -sf /var/lib/nomad/pki/nomad$YEAR-client.key /var/lib/nomad/pki/nomad-client.key
|
|
|
|
cmd ln -sf /var/lib/nomad/pki/consul$YEAR.crt /var/lib/nomad/pki/consul.crt
|
|
|
|
cmd ln -sf /var/lib/nomad/pki/consul$YEAR-client.crt /var/lib/nomad/pki/consul-client.crt
|
|
|
|
cmd ln -sf /var/lib/nomad/pki/consul$YEAR-client.key /var/lib/nomad/pki/consul-client.key
|
|
|
|
|
2024-03-16 17:53:11 +00:00
|
|
|
cmd systemctl reload nomad
|
2022-04-20 11:01:51 +00:00
|
|
|
|
|
|
|
set_env CONSUL_HTTP_ADDR=https://localhost:8501
|
|
|
|
set_env CONSUL_CACERT=/var/lib/consul/pki/consul-ca.crt
|
2023-01-01 18:38:28 +00:00
|
|
|
set_env CONSUL_CLIENT_CERT=/var/lib/consul/pki/consul-client.crt
|
|
|
|
set_env CONSUL_CLIENT_KEY=/var/lib/consul/pki/consul-client.key
|
2022-04-20 11:01:51 +00:00
|
|
|
|
|
|
|
cmd "consul kv put secrets/consul/consul-ca.crt - < /var/lib/consul/pki/consul-ca.crt"
|
2023-01-01 18:38:28 +00:00
|
|
|
cmd "consul kv put secrets/consul/consul.crt - < /var/lib/consul/pki/consul.crt"
|
|
|
|
cmd "consul kv put secrets/consul/consul-client.crt - < /var/lib/consul/pki/consul-client.crt"
|
|
|
|
cmd "consul kv put secrets/consul/consul-client.key - < /var/lib/consul/pki/consul-client.key"
|
2022-10-16 16:12:57 +00:00
|
|
|
|
2022-12-11 21:37:28 +00:00
|
|
|
cmd "consul kv put secrets/nomad/nomad-ca.crt - < /var/lib/nomad/pki/nomad-ca.crt"
|
2023-01-01 18:38:28 +00:00
|
|
|
cmd "consul kv put secrets/nomad/nomad.crt - < /var/lib/nomad/pki/nomad.crt"
|
|
|
|
cmd "consul kv put secrets/nomad/nomad-client.crt - < /var/lib/nomad/pki/nomad-client.crt"
|
|
|
|
cmd "consul kv put secrets/nomad/nomad-client.key - < /var/lib/nomad/pki/nomad-client.key"
|