diff options
| -rwxr-xr-x | deploy_pki | 7 | ||||
| -rwxr-xr-x | sshtool | 13 |
2 files changed, 16 insertions, 4 deletions
@@ -7,18 +7,17 @@ cmd mkdir -p /var/lib/nomad/pki /var/lib/consul/pki for file in consul-ca.crt consul$YEAR.crt consul$YEAR.key consul$YEAR-client.crt consul$YEAR-client.key; do if [ -f "$PKI/$file" ]; then - copy $PKI/$file /var/lib/consul/pki/$file + copy_secret $PKI/$file /var/lib/consul/pki/$file cmd chown consul:root /var/lib/consul/pki/$file - cmd chmod 0400 /var/lib/consul/pki/$file fi done cmd systemctl restart consul cmd sleep 10 -for file in nomad-ca.crt nomad$YEAR.crt nomad$YER.key; do +for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key; do if [ -f "$PKI/$file" ]; then - copy $PKI/$file /var/lib/nomad/pki/$file + copy_secret $PKI/$file /var/lib/nomad/pki/$file fi done @@ -68,6 +68,19 @@ EOG EOF } +function copy_secret { + local FROM=$1 + local TO=$2 + cat <<EOF +echo '- write secret $TO from $FROM' +base64 -d <<EOG | tee $TO > /dev/null +$(base64 <$FROM) +EOG +chown root:root $TO +chmod 0600 $TO +EOF +} + for NIXHOST in $NIXHOSTLIST; do NIXHOST=${NIXHOST%.*} |