diff --git a/cluster/staging/known_hosts b/cluster/staging/known_hosts index b6cb51d..d4cca40 100644 --- a/cluster/staging/known_hosts +++ b/cluster/staging/known_hosts @@ -11,8 +11,4 @@ df-pw5.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK/dJIxioCkfeeh 10.14.3.1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co 192.168.1.22 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMf/ioVSSb19Slu+HZLgKt4f1/XsL+K9uMxazSWb/+nQ 2a01:cb05:911e:ec00:223:24ff:feb0:ea82 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co -carcajou.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMf/ioVSSb19Slu+HZLgKt4f1/XsL+K9uMxazSWb/+nQ -caribou.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtsVFIoIu6tnYrzlcCbBiQXxNkFSWVMhMznUuSxGZ22 -df-pw5.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK/dJIxioCkfeehxeGiZR7qquYGoqEH/YrRJ/ukEcaLH -origan.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsZas74RT6lCZwuUOPR23nPdbSdpWORyAmRgjoiMVHK piranha.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co diff --git a/cluster/staging/ssh_config b/cluster/staging/ssh_config index 607a08c..afcdce5 100644 --- a/cluster/staging/ssh_config +++ b/cluster/staging/ssh_config @@ -9,6 +9,7 @@ Host origan HostName origan.machine.staging.deuxfleurs.org Host piranha + HostName %h.machine.staging.deuxfleurs.org #HostName piranha.polyno.me #OR #ProxyJump caribou.machine.deuxfleurs.fr diff --git a/deploy_pki b/deploy_pki index 63c237b..f9a4106 100755 --- a/deploy_pki +++ b/deploy_pki @@ -19,10 +19,10 @@ cmd ln -sf /var/lib/consul/pki/consul$YEAR.key /var/lib/consul/pki/consul.key cmd ln -sf /var/lib/consul/pki/consul$YEAR-client.crt /var/lib/consul/pki/consul-client.crt cmd ln -sf /var/lib/consul/pki/consul$YEAR-client.key /var/lib/consul/pki/consul-client.key -if [ ! "$CLUSTER" = "prod" ]; then - cmd systemctl restart consul - cmd sleep 10 -fi + +cmd systemctl reload consul +cmd sleep 10 + for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key \ nomad$YEAR-client.crt nomad$YEAR-client.key \ @@ -30,7 +30,9 @@ for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key \ do if pass $PKI/$file >/dev/null; then write_pass $PKI/$file /var/lib/nomad/pki/$file - cmd "chown \$(stat -c %u /var/lib/private/nomad/) /var/lib/nomad/pki/$file" + if [ "$CLUSTER" = "prod" ]; then + cmd "chown \$(stat -c %u /var/lib/private/nomad/) /var/lib/nomad/pki/$file" + fi fi done @@ -42,9 +44,7 @@ cmd ln -sf /var/lib/nomad/pki/consul$YEAR.crt /var/lib/nomad/pki/consul.crt cmd ln -sf /var/lib/nomad/pki/consul$YEAR-client.crt /var/lib/nomad/pki/consul-client.crt cmd ln -sf /var/lib/nomad/pki/consul$YEAR-client.key /var/lib/nomad/pki/consul-client.key -if [ ! "$CLUSTER" = "prod" ]; then - cmd systemctl restart nomad -fi +cmd systemctl reload nomad set_env CONSUL_HTTP_ADDR=https://localhost:8501 set_env CONSUL_CACERT=/var/lib/consul/pki/consul-ca.crt diff --git a/tlsproxy b/tlsproxy index 72efd90..344c3ac 100755 --- a/tlsproxy +++ b/tlsproxy @@ -17,8 +17,7 @@ PREFIX="deuxfleurs/cluster/$CLUSTER" # Do actual stuff -#YEAR=$(date +%Y) -YEAR=2023 +YEAR=$(date +%Y) CERTDIR=$(mktemp -d)