aboutsummaryrefslogtreecommitdiff
path: root/deploy_pki
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-04-20 13:01:51 +0200
committerAlex Auvolat <alex@adnab.me>2022-04-20 13:03:29 +0200
commit9c9c776213478023d4cab6290efcb6adfdbbbe86 (patch)
tree85ae8d2c3dac9c01daf5a1524b8a4ff83b84df70 /deploy_pki
parent50e9f0b589b6387d193fcb420ddc045c0bc6d632 (diff)
downloadnixcfg-9c9c776213478023d4cab6290efcb6adfdbbbe86.tar.gz
nixcfg-9c9c776213478023d4cab6290efcb6adfdbbbe86.zip
Refactor deployment scripts
Diffstat (limited to 'deploy_pki')
-rwxr-xr-xdeploy_pki34
1 files changed, 34 insertions, 0 deletions
diff --git a/deploy_pki b/deploy_pki
new file mode 100755
index 0000000..fffb3d0
--- /dev/null
+++ b/deploy_pki
@@ -0,0 +1,34 @@
+#!/usr/bin/env ./sshtool
+
+PKI=cluster/$CLUSTER/secrets/pki
+YEAR=$(date +%Y)
+
+cmd mkdir -p /var/lib/nomad/pki /var/lib/consul/pki
+
+for file in consul-ca.crt consul$YEAR.crt consul$YEAR.key consul$YEAR-client.crt consul$YEAR-client.key; do
+ if [ -f "$PKI/$file" ]; then
+ copy $PKI/$file /var/lib/consul/pki/$file
+ cmd chown consul:root /var/lib/consul/pki/$file
+ cmd chmod 0400 /var/lib/consul/pki/$file
+ fi
+done
+
+cmd systemctl restart consul
+cmd sleep 10
+
+for file in nomad-ca.crt nomad$YEAR.crt nomad$YER.key; do
+ if [ -f "$PKI/$file" ]; then
+ copy $PKI/$file /var/lib/nomad/pki/$file
+ fi
+done
+
+cmd systemctl restart nomad
+
+set_env CONSUL_HTTP_ADDR=https://localhost:8501
+set_env CONSUL_CACERT=/var/lib/consul/pki/consul-ca.crt
+set_env CONSUL_CLIENT_CERT=/var/lib/consul/pki/consul$YEAR-client.crt
+set_env CONSUL_CLIENT_KEY=/var/lib/consul/pki/consul$YEAR-client.key
+
+cmd "consul kv put secrets/consul/consul-ca.crt - < /var/lib/consul/pki/consul-ca.crt"
+cmd "consul kv put secrets/consul/consul-client.crt - < /var/lib/consul/pki/consul$YEAR-client.crt"
+cmd "consul kv put secrets/consul/consul-client.key - < /var/lib/consul/pki/consul$YEAR-client.key"