From 605f5473be0b565e8efea590c74c2b8637e29e86 Mon Sep 17 00:00:00 2001 From: Simon Marsh Date: Fri, 21 Aug 2020 22:26:34 +0100 Subject: [PATCH] Add drone pipeline --- .../certs/dn42-tr-ist1.pem | 27 ---------- push.sh | 53 ++++++++++++++++--- 2 files changed, 46 insertions(+), 34 deletions(-) delete mode 100755 pages/01.home/certificate-authority/certs/dn42-tr-ist1.pem diff --git a/pages/01.home/certificate-authority/certs/dn42-tr-ist1.pem b/pages/01.home/certificate-authority/certs/dn42-tr-ist1.pem deleted file mode 100755 index 7c70da6..0000000 --- a/pages/01.home/certificate-authority/certs/dn42-tr-ist1.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIElTCCA32gAwIBAgIBATANBgkqhkiG9w0BAQsFADBrMQswCQYDVQQGEwJHQjEN -MAsGA1UECAwEZG40MjEUMBIGA1UECgwLYnVyYmxlLmRuNDIxFzAVBgNVBAMMDmNh -LmJ1cmJsZS5kbjQyMR4wHAYJKoZIhvcNAQkBFg9kbjQyQGJ1cmJsZS5jb20wHhcN -MTgxMjIyMDkzNjM1WhcNMjAxMjIxMDkzNjM1WjB1MQswCQYDVQQGEwJHQjENMAsG -A1UECAwEZG40MjEUMBIGA1UECgwLYnVyYmxlLmRuNDIxITAfBgNVBAMMGGRuNDIt -dHItaXN0MS5idXJibGUuZG40MjEeMBwGCSqGSIb3DQEJARYPZG40MkBidXJibGUu -Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyUHRzl28+G9TxoxO -u3Y1qpoDMSmM0NHcw3ngUOmcgaU4FS8K+3DvOheEnIXaxDEpBPZBM38vJm3k+VbP -ptz8c1T8DikPFph5kMxMxQal1PIN8DGEjuSqq6gA0Q/YP0xXjuMatr9H1dXs+hGe -ISQ8hQe020TDlCBsKsFl1vDDkLm3/lOxaQyR01PcoHROqUa3DBCVIief2VAgqjjX -If3A5RIrBaMncoimS2NwF1L4IW2ddkve4Qzmi+/G2WD4thuZ8A0JLuOll3iTzcqa -yxJ9r2uZK53YnJ8xU/pQE0KDHQ6hQRmuRY50AkzKBz1VNniUXQ6xWHrljqRh/63p -Sk3WowIDAQABo4IBODCCATQwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAw -MwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIFNlcnZlciBDZXJ0aWZp -Y2F0ZTAdBgNVHQ4EFgQUWCZ9u67+O2VlKn4asqR1YztFehswgZ0GA1UdIwSBlTCB -koAU3z7rCRdMpqOyh7MLWfO8F75hmxyhb6RtMGsxCzAJBgNVBAYTAkdCMQ0wCwYD -VQQIDARkbjQyMRQwEgYDVQQKDAtidXJibGUuZG40MjEXMBUGA1UEAwwOY2EuYnVy -YmxlLmRuNDIxHjAcBgkqhkiG9w0BCQEWD2RuNDJAYnVyYmxlLmNvbYIJAIZWD8xm -HTYFMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0B -AQsFAAOCAQEAITWha2pzr3RYU5vkuLSCfxjJyGb2fSgKJoJ2H6lhE8CB6yOJUAxM -pSw7ahfmBTDkBDh9j7ClBJA/3tzhJxEwMhBQPmWfZ0bhUnTw5v6NZ3to0flQ33Pk -okgh4pFQ4+EsRyrMKHXxtfAuG/C99oDC44zgXQV7g0FcBmEnwSU1l1L/j6K9w/g0 -OQNaqXe4LfyhaqDb9D1moRV2cxQUeqM+ljkQr7NaKZzB9p67p/QBTDrqvRNVO9ew -14kCGYaCl5XRCu6MWMPrJr4yoUXRqS7bA8tlDBk6DkWJ9ghW93NFcIkVCSyYEc9F -+HwbwjjtBjZgkRbSyynA6mIn4teyYkI7Hg== ------END CERTIFICATE----- diff --git a/push.sh b/push.sh index ae34414..b4b402c 100755 --- a/push.sh +++ b/push.sh @@ -1,21 +1,60 @@ #!/bin/bash ######################################################################## +# hosts to push +hosts=( + 'rsync.tier2.fr-sbg1.burble.dn42' +) + +######################################################################## + # where am I ? SCRIPTPATH="$(cd "$(dirname "$0")" ; pwd -P)" +pushd "$SCRIPTPATH" -# website hosts -hosts=( - 'rsyncd.tier2.fr-sbg1.burble.dn42' -) +function cleanup { + local tmp="${SCRIPTPATH}/.tmp" + if [ -d "$tmp" ] + then + rm -rf "$tmp" > /dev/null 2>&1 + fi +} +trap cleanup EXIT + +export VAULT_ADDR='https://vault.burble.dn42' +if [ "$(id -un)" = 'drone' ] +then + export HOME=/drone +fi + +######################################################################## +# generate one time key for deployment access + +echo "Generating temporary user key" +mkdir -m 0700 .tmp + +key='.tmp/rsync_key' +ssh-keygen -t ed25519 -a 100 -N '' -f "$key" + +vault write \ + -field=signed_key \ + burble.dn42/ssh/user/sign/rsync \ + public_key="@${key}.pub" \ + > "${key}-cert.pub" +# fixup perms +chmod 0600 .tmp/* + +######################################################################## for host in ${hosts[@]} do echo "Syncing host: $host" - rsync -avogp --chown=100:101 --chmod=D2750,F640 \ - ${SCRIPTPATH}/pages/ \ - deploy@${host}::bdn42 + rsync -avogp --delete -e "ssh -i '${key}'" \ + --chown 100:101 --chmod=D2750,F640 \ + pages/ "root@${host}:apps/php-apps/burble.dn42/user/pages/" done + +popd ######################################################################## # end of file