*: rejigger tls certs and more This pretty large change does the following: - moves nix from bootstrap.hswaw.net to nix/ - changes clustercfg to use cfssl and moves it to cluster/clustercfg - changes clustercfg to source information about target location of certs from nix - changes clustercfg to push nix config - changes tls certs to have more than one CA - recalculates all TLS certs (it keeps the old serviceaccoutns key, otherwise we end up with invalid serviceaccounts - the cert doesn't match, but who cares, it's not used anyway)

commit: 73cef11c8534edeaab7763df1018c55b8afdd157 [log] [tgz]
author: Sergiusz Bazanski <q3k@q3k.org> Sun Apr 07 00:06:23 2019 +0200
committer: Sergiusz Bazanski <q3k@q3k.org> Sun Apr 07 00:06:23 2019 +0200
tree: 8d483998903ae47cf7e9467829071bbb8c5329a0
parent: 208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]
diff --git a/cluster/certs/etcd-bc01n01.hswaw.net.cert b/cluster/certs/etcd-bc01n01.hswaw.net.cert
new file mode 100644
index 0000000..26d4913
--- /dev/null
+++ b/cluster/certs/etcd-bc01n01.hswaw.net.cert

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFADCCA+igAwIBAgIUeR6j2mArcp+yYCD1clxcYbN+5I0wDQYJKoZIhvcNAQEL
+BQAweDELMAkGA1UEBhMCUEwxFDASBgNVBAgTC01hem93aWVja2llMQ8wDQYDVQQH
+EwZXYXJzYXcxGzAZBgNVBAoTEldhcnNhdyBIYWNrZXJzcGFjZTETMBEGA1UECxMK
+Y2x1c3RlcmNmZzEQMA4GA1UEAxMHZXRjZCBjYTAeFw0xOTA0MDYxNzU5MDBaFw0y
+MDA0MDUxNzU5MDBaMFsxCzAJBgNVBAYTAlBMMRQwEgYDVQQIEwtNYXpvd2llY2tp
+ZTEPMA0GA1UEBxMGV2Fyc2F3MSUwIwYDVQQLExxub2RlIGV0Y2Qgc2VydmVyIGNl
+cnRpZmljYXRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqRKNDURW
+AZHrD8xOB2d3gZJOo44WCn9xOmSeZrr+qFY79rMLQtiqTsShGUoRkS2nfOYuYkyo
+H0GQBe6Ce8++IPfHq1y85KWq/Y09nvscsEzeirngodkf2czuEaKX5vDpVT5XoFr7
+HPDRCkUPuUsSlDsdPeNAY5CNKK6uqNuc9eqSM6te9B+mbt0FCcz3iU9nyw/hSndZ
+It6BeEBpAeygfoNugUb022LoPN6zY89xbkE7/GnjVdl14PCzHwoyUOAH2iHOweoq
+AWmdJmiz82H1K4cQHN1JAWLszyK7Rah2xT0PiFYRbmR7eZiIeikTOjYAgbEnUwd2
+Lp1Wx0GUugNtcbgwFhY6GiKQDSgq33QwcQ3GQKQXgB2R+KnuQ0J4ky3x5iHja+3f
+Ap17LTe30gWDDncwVpK46IlrMqm+LDkwgWs7cJ7DJaIIrPbLDCyP3GjjZvihxHpN
+2D6NBFRsZbJzpbzndJc7EO9xAyHVydu2laImvf4xzXcEQpqWBL1DP7gR0nz0p7aM
+DkcrwtfamPHGOCLYmiByjmTi1/f/b4fGDtQ4el+A/qEXh1oLfzIe2vv0s8T61l5l
+Xqzd3gQDepIUoNh2Le0Qh92sdIpwcFWh6YOpl+jtBNN2O6EOrERb5SQqlrDYRkHA
+r73gN6/zCLXzsJu/O6DI8/nJwyklG2IHxLECAwEAAaOBnjCBmzAOBgNVHQ8BAf8E
+BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQC
+MAAwHQYDVR0OBBYEFMqGJD9l4EYm46rVEbth8ei5XaRJMB8GA1UdIwQYMBaAFPFZ
+uGZNPsPnQu6Bo9RGfzlTdfkPMBwGA1UdEQQVMBOCEWJjMDFuMDEuaHN3YXcubmV0
+MA0GCSqGSIb3DQEBCwUAA4IBAQADIB7c7468h7QWbiHdtJr5MA7y2LANIm9t1YC/
+XFlo776ow8fNsoBiigCGYYJJFPAl7UUxhVfh6ODEWTO62oMwdWeVAukE61KpgPJU
+uUxy83j1LGq/Yqwi3Bu6HOMuyEU7FcrmpnqgUSc0AA7w+yyCuMtl7d9RTBRepEPu
+0R6BfRqKGCoDeupW1jSL47SaIKVi0jgvGdMz0hm24k98FHN1Or5jTw6paQBlRdr/
++ncNspUod0U5yOegnu5KiCkc0DBl/rOHYcp1nOQV2Z6nog19Vuq9hCy5VFruziaF
+6OchXlGVfdrgMExqMRtd/BMcSGETvvArgAc7PrcgkjV7YzVO
+-----END CERTIFICATE-----
commit	73cef11c8534edeaab7763df1018c55b8afdd157	[log] [tgz]
author	Sergiusz Bazanski <q3k@q3k.org>	Sun Apr 07 00:06:23 2019 +0200
committer	Sergiusz Bazanski <q3k@q3k.org>	Sun Apr 07 00:06:23 2019 +0200
tree	8d483998903ae47cf7e9467829071bbb8c5329a0
parent	208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]