aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--cluster/staging/known_hosts4
-rw-r--r--cluster/staging/ssh_config1
-rwxr-xr-xdeploy_pki16
-rwxr-xr-xtlsproxy3
4 files changed, 10 insertions, 14 deletions
diff --git a/cluster/staging/known_hosts b/cluster/staging/known_hosts
index b6cb51d..d4cca40 100644
--- a/cluster/staging/known_hosts
+++ b/cluster/staging/known_hosts
@@ -11,8 +11,4 @@ df-pw5.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK/dJIxioCkfeeh
10.14.3.1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co
192.168.1.22 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMf/ioVSSb19Slu+HZLgKt4f1/XsL+K9uMxazSWb/+nQ
2a01:cb05:911e:ec00:223:24ff:feb0:ea82 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co
-carcajou.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMf/ioVSSb19Slu+HZLgKt4f1/XsL+K9uMxazSWb/+nQ
-caribou.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtsVFIoIu6tnYrzlcCbBiQXxNkFSWVMhMznUuSxGZ22
-df-pw5.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK/dJIxioCkfeehxeGiZR7qquYGoqEH/YrRJ/ukEcaLH
-origan.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsZas74RT6lCZwuUOPR23nPdbSdpWORyAmRgjoiMVHK
piranha.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co
diff --git a/cluster/staging/ssh_config b/cluster/staging/ssh_config
index 607a08c..afcdce5 100644
--- a/cluster/staging/ssh_config
+++ b/cluster/staging/ssh_config
@@ -9,6 +9,7 @@ Host origan
HostName origan.machine.staging.deuxfleurs.org
Host piranha
+ HostName %h.machine.staging.deuxfleurs.org
#HostName piranha.polyno.me
#OR
#ProxyJump caribou.machine.deuxfleurs.fr
diff --git a/deploy_pki b/deploy_pki
index 63c237b..f9a4106 100755
--- a/deploy_pki
+++ b/deploy_pki
@@ -19,10 +19,10 @@ cmd ln -sf /var/lib/consul/pki/consul$YEAR.key /var/lib/consul/pki/consul.key
cmd ln -sf /var/lib/consul/pki/consul$YEAR-client.crt /var/lib/consul/pki/consul-client.crt
cmd ln -sf /var/lib/consul/pki/consul$YEAR-client.key /var/lib/consul/pki/consul-client.key
-if [ ! "$CLUSTER" = "prod" ]; then
- cmd systemctl restart consul
- cmd sleep 10
-fi
+
+cmd systemctl reload consul
+cmd sleep 10
+
for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key \
nomad$YEAR-client.crt nomad$YEAR-client.key \
@@ -30,7 +30,9 @@ for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key \
do
if pass $PKI/$file >/dev/null; then
write_pass $PKI/$file /var/lib/nomad/pki/$file
- cmd "chown \$(stat -c %u /var/lib/private/nomad/) /var/lib/nomad/pki/$file"
+ if [ "$CLUSTER" = "prod" ]; then
+ cmd "chown \$(stat -c %u /var/lib/private/nomad/) /var/lib/nomad/pki/$file"
+ fi
fi
done
@@ -42,9 +44,7 @@ cmd ln -sf /var/lib/nomad/pki/consul$YEAR.crt /var/lib/nomad/pki/consul.crt
cmd ln -sf /var/lib/nomad/pki/consul$YEAR-client.crt /var/lib/nomad/pki/consul-client.crt
cmd ln -sf /var/lib/nomad/pki/consul$YEAR-client.key /var/lib/nomad/pki/consul-client.key
-if [ ! "$CLUSTER" = "prod" ]; then
- cmd systemctl restart nomad
-fi
+cmd systemctl reload nomad
set_env CONSUL_HTTP_ADDR=https://localhost:8501
set_env CONSUL_CACERT=/var/lib/consul/pki/consul-ca.crt
diff --git a/tlsproxy b/tlsproxy
index 72efd90..344c3ac 100755
--- a/tlsproxy
+++ b/tlsproxy
@@ -17,8 +17,7 @@ PREFIX="deuxfleurs/cluster/$CLUSTER"
# Do actual stuff
-#YEAR=$(date +%Y)
-YEAR=2023
+YEAR=$(date +%Y)
CERTDIR=$(mktemp -d)
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-20 05:51:43 +0000