*: rejigger tls certs and more This pretty large change does the following: - moves nix from bootstrap.hswaw.net to nix/ - changes clustercfg to use cfssl and moves it to cluster/clustercfg - changes clustercfg to source information about target location of certs from nix - changes clustercfg to push nix config - changes tls certs to have more than one CA - recalculates all TLS certs (it keeps the old serviceaccoutns key, otherwise we end up with invalid serviceaccounts - the cert doesn't match, but who cares, it's not used anyway)

commit: 73cef11c8534edeaab7763df1018c55b8afdd157 [log] [tgz]
author: Sergiusz Bazanski <q3k@q3k.org> Sun Apr 07 00:06:23 2019 +0200
committer: Sergiusz Bazanski <q3k@q3k.org> Sun Apr 07 00:06:23 2019 +0200
tree: 8d483998903ae47cf7e9467829071bbb8c5329a0
parent: 208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]
diff --git a/cluster/certs/ca-etcdpeer.crt b/cluster/certs/ca-etcdpeer.crt
new file mode 100644
index 0000000..e335f35
--- /dev/null
+++ b/cluster/certs/ca-etcdpeer.crt

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDyjCCArKgAwIBAgIUFEezYLKVElTQapJv+PMKnH5VMCwwDQYJKoZIhvcNAQEL
+BQAwfTELMAkGA1UEBhMCUEwxFDASBgNVBAgTC01hem93aWVja2llMQ8wDQYDVQQH
+EwZXYXJzYXcxGzAZBgNVBAoTEldhcnNhdyBIYWNrZXJzcGFjZTETMBEGA1UECxMK
+Y2x1c3RlcmNmZzEVMBMGA1UEAxMMZXRjZCBwZWVyIGNhMB4XDTE5MDQwNjE3NTkw
+MFoXDTI0MDQwNDE3NTkwMFowfTELMAkGA1UEBhMCUEwxFDASBgNVBAgTC01hem93
+aWVja2llMQ8wDQYDVQQHEwZXYXJzYXcxGzAZBgNVBAoTEldhcnNhdyBIYWNrZXJz
+cGFjZTETMBEGA1UECxMKY2x1c3RlcmNmZzEVMBMGA1UEAxMMZXRjZCBwZWVyIGNh
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsuRyVtX1kTDeWHKYJA/q
+H8SUpvbdtgMZKfbeXeUTIOH3nqiO2LePvzlwADzTOyi8uCdGmT4y87BxgzOW/Ghj
+eCr8NYMC3f/sKaJwZGenqoOnAn0qkvLSE5mVDSp5xJPqeYgRTJMQxjC5JfwAZinT
+uZNdqnS+RDt7EfujiP8bJJE4hHTue8v0+OPN5XeL35dotDbVmHFk/NEZJrtYK6lG
+fkY97TWgqCU0v+K4TRIDJBh9LX867LgxuW3VhNYZ8xc8PRAfnnPF3g+fnzAGcuhk
+YptBA9di6r5YESdK86IGI1RaQ3VKF/fPQ0789RbMsN7ZV/vQVYnjfmvAHr5n2Fxh
+QwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
+HQ4EFgQULXuar2iqGaTMKoi++HbkvSenJA4wDQYJKoZIhvcNAQELBQADggEBAFJQ
+58q8yXOzYIE0skbSZYXVo4U3Sc/10r5gdbhPTN5XYl+3cK9ier8CBQEv3vKfNtjD
+My+X6OeQr8NSGK5ZNK+ijlv9h8g/NFFEMyRFiULrDt8MiUFQysLMuVdNSozz40P6
++TAx5S6cnsIrr93+qCoF45Lfzx8lB/REWpa+Z7Tn+40taCepaJJmrEGkwI9XqVsp
+1pB6G4g1qsdFoLgUgy85RjA14Nw2MSxfwUcxGEvXbj1914ktkAiWA8HH/IKIbS4B
+1hoQuAsO46+mnqZHV+qV6KyIfOxafApHY2qmtvSioRRL9eXF8qpVMkr0wrb8WYox
+hkWi5S3B6YRE9Ld9UdI=
+-----END CERTIFICATE-----
commit	73cef11c8534edeaab7763df1018c55b8afdd157	[log] [tgz]
author	Sergiusz Bazanski <q3k@q3k.org>	Sun Apr 07 00:06:23 2019 +0200
committer	Sergiusz Bazanski <q3k@q3k.org>	Sun Apr 07 00:06:23 2019 +0200
tree	8d483998903ae47cf7e9467829071bbb8c5329a0
parent	208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]