This commit is contained in:
parent
349df1f44b
commit
7a9e08610e
GPG Key ID:
0FCCD13AE1CF7ED8
103
scripts/push-rprox.sh
Executable file
103
scripts/push-rprox.sh
Executable file
@ -0,0 +1,103 @@
|
||||
#!/bin/bash
|
||||
########################################################################
|
||||
|
||||
certs=(
|
||||
'collector-dn42'
|
||||
)
|
||||
|
||||
# hosts to push
|
||||
hosts=(
|
||||
'rsync.tier2.uk-lon1.burble.dn42'
|
||||
'rsync.tier2.fr-rbx1.burble.dn42'
|
||||
'rsync.tier2.de-fra1.burble.dn42'
|
||||
'rsync.tier2.ca-bhs2.burble.dn42'
|
||||
'rsync.tier2.us-dal3.burble.dn42'
|
||||
'rsync.tier2.sg-sin2.burble.dn42'
|
||||
'rsync.tier2.us-lax1.burble.dn42'
|
||||
'rsync.tier2.hk-hkg1.burble.dn42'
|
||||
)
|
||||
|
||||
dst="apps/nginx/certs"
|
||||
|
||||
########################################################################
|
||||
|
||||
# where am I ?
|
||||
SCRIPTPATH="$(cd "$(dirname "$0")" ; pwd -P)"
|
||||
CERTPATH="$(cd "${SCRIPTPATH}/../certificates/"; pwd -P)"
|
||||
echo "Certs are here: $CERTPATH"
|
||||
pushd "$CERTPATH"
|
||||
|
||||
# create a temp directory
|
||||
export TMPDIR="$XDG_RUNTIME_DIR"
|
||||
tmp=$(mktemp -d)
|
||||
if [ $? -ne 0 -o -z "$tmp"]
|
||||
then
|
||||
echo "Failed to create tmp directory"
|
||||
exit 1
|
||||
fi
|
||||
echo "Created tmp directory: $tmp"
|
||||
|
||||
function cleanup {
|
||||
if [ -d "$tmp" ]
|
||||
then
|
||||
echo "Cleaning tmp directory"
|
||||
rm -rf "$tmp" > /dev/null 2>&1
|
||||
fi
|
||||
}
|
||||
trap cleanup EXIT
|
||||
|
||||
export VAULT_ADDR='https://vault.burble.dn42'
|
||||
|
||||
########################################################################
|
||||
# generate one time key for deployment access
|
||||
|
||||
echo "Generating temporary rsync key"
|
||||
|
||||
sshkey="${tmp}/rsync_key"
|
||||
ssh-keygen -t ed25519 -a 100 -N '' -f "$sshkey"
|
||||
|
||||
vault write \
|
||||
-field=signed_key \
|
||||
burble.dn42/ssh/user/sign/rsync \
|
||||
public_key="@${sshkey}.pub" \
|
||||
> "${sshkey}-cert.pub"
|
||||
if [ $? -ne 0 ]
|
||||
then
|
||||
echo "Failed to generate temporary rsync key"
|
||||
exit 1
|
||||
fi
|
||||
echo "Key is signed"
|
||||
|
||||
# fixup perms
|
||||
chmod 0600 "${tmp}"/*
|
||||
|
||||
########################################################################
|
||||
# create a list of files to push
|
||||
|
||||
declare -a flist
|
||||
|
||||
echo "Files to copy:"
|
||||
for cert in ${certs[@]}
|
||||
do
|
||||
crt="${cert}/${cert}.crt"
|
||||
key="${cert}/${cert}.key"
|
||||
echo " - $crt"
|
||||
echo " - $key"
|
||||
|
||||
flist+=( "$crt" "$key" )
|
||||
done
|
||||
|
||||
# and push to hosts
|
||||
|
||||
for host in ${hosts[@]}
|
||||
do
|
||||
echo "Syncing host: $host"
|
||||
rsync -avogp --delete -e "ssh -i '${sshkey}'" \
|
||||
--chown 81001:81001 --chmod=D2700,F600 \
|
||||
"${flist[@]}" \
|
||||
"root@${host}:${dst}/"
|
||||
done
|
||||
|
||||
popd
|
||||
########################################################################
|
||||
# end of file
|
||||
Loading…
x
Reference in New Issue
Block a user