Refactor secrets

This commit is contained in:
Alex 2022-04-20 13:07:39 +02:00
parent 9c9c776213
commit d056b385d7
Signed by: lx
GPG key ID: 0E496D15096376BE
2 changed files with 16 additions and 4 deletions

View file

@ -7,18 +7,17 @@ cmd mkdir -p /var/lib/nomad/pki /var/lib/consul/pki
for file in consul-ca.crt consul$YEAR.crt consul$YEAR.key consul$YEAR-client.crt consul$YEAR-client.key; do for file in consul-ca.crt consul$YEAR.crt consul$YEAR.key consul$YEAR-client.crt consul$YEAR-client.key; do
if [ -f "$PKI/$file" ]; then if [ -f "$PKI/$file" ]; then
copy $PKI/$file /var/lib/consul/pki/$file copy_secret $PKI/$file /var/lib/consul/pki/$file
cmd chown consul:root /var/lib/consul/pki/$file cmd chown consul:root /var/lib/consul/pki/$file
cmd chmod 0400 /var/lib/consul/pki/$file
fi fi
done done
cmd systemctl restart consul cmd systemctl restart consul
cmd sleep 10 cmd sleep 10
for file in nomad-ca.crt nomad$YEAR.crt nomad$YER.key; do for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key; do
if [ -f "$PKI/$file" ]; then if [ -f "$PKI/$file" ]; then
copy $PKI/$file /var/lib/nomad/pki/$file copy_secret $PKI/$file /var/lib/nomad/pki/$file
fi fi
done done

13
sshtool
View file

@ -68,6 +68,19 @@ EOG
EOF EOF
} }
function copy_secret {
local FROM=$1
local TO=$2
cat <<EOF
echo '- write secret $TO from $FROM'
base64 -d <<EOG | tee $TO > /dev/null
$(base64 <$FROM)
EOG
chown root:root $TO
chmod 0600 $TO
EOF
}
for NIXHOST in $NIXHOSTLIST; do for NIXHOST in $NIXHOSTLIST; do
NIXHOST=${NIXHOST%.*} NIXHOST=${NIXHOST%.*}