105 lines
2.3 KiB
Bash
Executable File
105 lines
2.3 KiB
Bash
Executable File
#!/bin/bash
|
|
########################################################################
|
|
|
|
certs=(
|
|
'burble-dn42'
|
|
'collector-dn42'
|
|
)
|
|
|
|
# hosts to push
|
|
hosts=(
|
|
'rsync.tier2.uk-lon1.burble.dn42'
|
|
'rsync.tier2.fr-rbx1.burble.dn42'
|
|
'rsync.tier2.de-fra1.burble.dn42'
|
|
'rsync.tier2.ca-bhs2.burble.dn42'
|
|
'rsync.tier2.us-dal3.burble.dn42'
|
|
'rsync.tier2.sg-sin2.burble.dn42'
|
|
'rsync.tier2.us-lax1.burble.dn42'
|
|
'rsync.tier2.hk-hkg1.burble.dn42'
|
|
)
|
|
|
|
dst="apps/nginx/certs"
|
|
|
|
########################################################################
|
|
|
|
# where am I ?
|
|
SCRIPTPATH="$(cd "$(dirname "$0")" ; pwd -P)"
|
|
CERTPATH="$(cd "${SCRIPTPATH}/../certificates/"; pwd -P)"
|
|
echo "Certs are here: $CERTPATH"
|
|
pushd "$CERTPATH"
|
|
|
|
# create a temp directory
|
|
export TMPDIR="$XDG_RUNTIME_DIR"
|
|
tmp=$(mktemp -d)
|
|
if [ $? -ne 0 -o -z "$tmp"]
|
|
then
|
|
echo "Failed to create tmp directory"
|
|
exit 1
|
|
fi
|
|
echo "Created tmp directory: $tmp"
|
|
|
|
function cleanup {
|
|
if [ -d "$tmp" ]
|
|
then
|
|
echo "Cleaning tmp directory"
|
|
rm -rf "$tmp" > /dev/null 2>&1
|
|
fi
|
|
}
|
|
trap cleanup EXIT
|
|
|
|
export VAULT_ADDR='https://vault.burble.dn42'
|
|
|
|
########################################################################
|
|
# generate one time key for deployment access
|
|
|
|
echo "Generating temporary rsync key"
|
|
|
|
sshkey="${tmp}/rsync_key"
|
|
ssh-keygen -t ed25519 -a 100 -N '' -f "$sshkey"
|
|
|
|
vault write \
|
|
-field=signed_key \
|
|
burble.dn42/ssh/user/sign/rsync \
|
|
public_key="@${sshkey}.pub" \
|
|
> "${sshkey}-cert.pub"
|
|
if [ $? -ne 0 ]
|
|
then
|
|
echo "Failed to generate temporary rsync key"
|
|
exit 1
|
|
fi
|
|
echo "Key is signed"
|
|
|
|
# fixup perms
|
|
chmod 0600 "${tmp}"/*
|
|
|
|
########################################################################
|
|
# create a list of files to push
|
|
|
|
declare -a flist
|
|
|
|
echo "Files to copy:"
|
|
for cert in ${certs[@]}
|
|
do
|
|
crt="${cert}/${cert}.crt"
|
|
key="${cert}/${cert}.key"
|
|
echo " - $crt"
|
|
echo " - $key"
|
|
|
|
flist+=( "$crt" "$key" )
|
|
done
|
|
|
|
# and push to hosts
|
|
|
|
for host in ${hosts[@]}
|
|
do
|
|
echo "Syncing host: $host"
|
|
rsync -avogp --delete -e "ssh -i '${sshkey}'" \
|
|
--chown 81001:81001 --chmod=D2700,F600 \
|
|
"${flist[@]}" \
|
|
"root@${host}:${dst}/"
|
|
done
|
|
|
|
popd
|
|
########################################################################
|
|
# end of file
|