From c430d8eaf1d091ad27e842c0000b77d87d791da6 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Thu, 21 Apr 2022 22:57:55 +0200 Subject: Start refactor --- os/runners/bash/deploy_pki | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100755 os/runners/bash/deploy_pki (limited to 'os/runners/bash/deploy_pki') diff --git a/os/runners/bash/deploy_pki b/os/runners/bash/deploy_pki new file mode 100755 index 0000000..167ac50 --- /dev/null +++ b/os/runners/bash/deploy_pki @@ -0,0 +1,38 @@ +#!/usr/bin/env ./sshtool + +PKI=deuxfleurs/cluster/$CLUSTER +YEAR=$(date +%Y) + +cmd mkdir -p /var/lib/nomad/pki /var/lib/consul/pki + +for file in consul-ca.crt consul$YEAR.crt consul$YEAR.key \ + consul$YEAR-client.crt consul$YEAR-client.key +do + if pass $PKI/$file >/dev/null; then + write_pass $PKI/$file /var/lib/consul/pki/$file + cmd chown consul:root /var/lib/consul/pki/$file + fi +done + +cmd systemctl restart consul +cmd sleep 10 + +for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key \ + consul$YEAR.crt consul$YEAR-client.crt consul$YEAR-client.key +do + if pass $PKI/$file >/dev/null; then + write_pass $PKI/$file /var/lib/nomad/pki/$file + cmd "chown \$(stat -c %u /var/lib/private/nomad) /var/lib/nomad/pki/$file" + fi +done + +cmd systemctl restart nomad + +set_env CONSUL_HTTP_ADDR=https://localhost:8501 +set_env CONSUL_CACERT=/var/lib/consul/pki/consul-ca.crt +set_env CONSUL_CLIENT_CERT=/var/lib/consul/pki/consul$YEAR-client.crt +set_env CONSUL_CLIENT_KEY=/var/lib/consul/pki/consul$YEAR-client.key + +cmd "consul kv put secrets/consul/consul-ca.crt - < /var/lib/consul/pki/consul-ca.crt" +cmd "consul kv put secrets/consul/consul-client.crt - < /var/lib/consul/pki/consul$YEAR-client.crt" +cmd "consul kv put secrets/consul/consul-client.key - < /var/lib/consul/pki/consul$YEAR-client.key" -- cgit v1.2.3