Add drone pipeline

2020-08-21 22:26:34 +01:00 · 2020-08-21 22:26:34 +01:00 · 605f5473be
commit 605f5473be
parent 86fbf71ece
2 changed files with 46 additions and 34 deletions
--- a/pages/01.home/certificate-authority/certs/dn42-tr-ist1.pem
+++ b/pages/01.home/certificate-authority/certs/dn42-tr-ist1.pem
@ -1,27 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIElTCCA32gAwIBAgIBATANBgkqhkiG9w0BAQsFADBrMQswCQYDVQQGEwJHQjEN
-MAsGA1UECAwEZG40MjEUMBIGA1UECgwLYnVyYmxlLmRuNDIxFzAVBgNVBAMMDmNh
-LmJ1cmJsZS5kbjQyMR4wHAYJKoZIhvcNAQkBFg9kbjQyQGJ1cmJsZS5jb20wHhcN
-MTgxMjIyMDkzNjM1WhcNMjAxMjIxMDkzNjM1WjB1MQswCQYDVQQGEwJHQjENMAsG
-A1UECAwEZG40MjEUMBIGA1UECgwLYnVyYmxlLmRuNDIxITAfBgNVBAMMGGRuNDIt
-dHItaXN0MS5idXJibGUuZG40MjEeMBwGCSqGSIb3DQEJARYPZG40MkBidXJibGUu
-Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyUHRzl28+G9TxoxO
-u3Y1qpoDMSmM0NHcw3ngUOmcgaU4FS8K+3DvOheEnIXaxDEpBPZBM38vJm3k+VbP
-ptz8c1T8DikPFph5kMxMxQal1PIN8DGEjuSqq6gA0Q/YP0xXjuMatr9H1dXs+hGe
-ISQ8hQe020TDlCBsKsFl1vDDkLm3/lOxaQyR01PcoHROqUa3DBCVIief2VAgqjjX
-If3A5RIrBaMncoimS2NwF1L4IW2ddkve4Qzmi+/G2WD4thuZ8A0JLuOll3iTzcqa
-yxJ9r2uZK53YnJ8xU/pQE0KDHQ6hQRmuRY50AkzKBz1VNniUXQ6xWHrljqRh/63p
-Sk3WowIDAQABo4IBODCCATQwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAw
-MwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIFNlcnZlciBDZXJ0aWZp
-Y2F0ZTAdBgNVHQ4EFgQUWCZ9u67+O2VlKn4asqR1YztFehswgZ0GA1UdIwSBlTCB
-koAU3z7rCRdMpqOyh7MLWfO8F75hmxyhb6RtMGsxCzAJBgNVBAYTAkdCMQ0wCwYD
-VQQIDARkbjQyMRQwEgYDVQQKDAtidXJibGUuZG40MjEXMBUGA1UEAwwOY2EuYnVy
-YmxlLmRuNDIxHjAcBgkqhkiG9w0BCQEWD2RuNDJAYnVyYmxlLmNvbYIJAIZWD8xm
-HTYFMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0B
-AQsFAAOCAQEAITWha2pzr3RYU5vkuLSCfxjJyGb2fSgKJoJ2H6lhE8CB6yOJUAxM
-pSw7ahfmBTDkBDh9j7ClBJA/3tzhJxEwMhBQPmWfZ0bhUnTw5v6NZ3to0flQ33Pk
-okgh4pFQ4+EsRyrMKHXxtfAuG/C99oDC44zgXQV7g0FcBmEnwSU1l1L/j6K9w/g0
-OQNaqXe4LfyhaqDb9D1moRV2cxQUeqM+ljkQr7NaKZzB9p67p/QBTDrqvRNVO9ew
-14kCGYaCl5XRCu6MWMPrJr4yoUXRqS7bA8tlDBk6DkWJ9ghW93NFcIkVCSyYEc9F
-+HwbwjjtBjZgkRbSyynA6mIn4teyYkI7Hg==
-----END CERTIFICATE-----
--- a/push.sh
+++ b/push.sh
@ -1,21 +1,60 @@
 #!/bin/bash
 ########################################################################

+# hosts to push
+hosts=(
+    'rsync.tier2.fr-sbg1.burble.dn42'
+)
+
+########################################################################
+
 # where am I ?
 SCRIPTPATH="$(cd "$(dirname "$0")" ; pwd -P)"
+pushd "$SCRIPTPATH"

-# website hosts
-hosts=(
-    'rsyncd.tier2.fr-sbg1.burble.dn42'
-)
+function cleanup {
+    local tmp="${SCRIPTPATH}/.tmp"
+    if [ -d "$tmp" ]
+    then
+        rm -rf "$tmp" > /dev/null 2>&1
+    fi
+}
+trap cleanup EXIT
+
+export VAULT_ADDR='https://vault.burble.dn42'
+if [ "$(id -un)" = 'drone' ]
+then
+    export HOME=/drone
+fi
+
+########################################################################
+# generate one time key for deployment access
+
+echo "Generating temporary user key"
+mkdir -m 0700 .tmp
+
+key='.tmp/rsync_key'
+ssh-keygen -t ed25519 -a 100 -N '' -f "$key"
+
+vault write \
+      -field=signed_key \
+      burble.dn42/ssh/user/sign/rsync \
+      public_key="@${key}.pub" \
+      > "${key}-cert.pub"
+# fixup perms
+chmod 0600 .tmp/*
+
+########################################################################

 for host in ${hosts[@]}
 do
    echo "Syncing host: $host"
-    rsync -avogp --chown=100:101 --chmod=D2750,F640 \
-          ${SCRIPTPATH}/pages/ \
-          deploy@${host}::bdn42
+    rsync -avogp --delete -e "ssh -i '${key}'" \
+          --chown 100:101 --chmod=D2750,F640 \
+          pages/ "root@${host}:apps/php-apps/burble.dn42/user/pages/"
 done

+
+popd
 ########################################################################
 # end of file