*: rejigger tls certs and more This pretty large change does the following: - moves nix from bootstrap.hswaw.net to nix/ - changes clustercfg to use cfssl and moves it to cluster/clustercfg - changes clustercfg to source information about target location of certs from nix - changes clustercfg to push nix config - changes tls certs to have more than one CA - recalculates all TLS certs (it keeps the old serviceaccoutns key, otherwise we end up with invalid serviceaccounts - the cert doesn't match, but who cares, it's not used anyway)

commit: 73cef11c8534edeaab7763df1018c55b8afdd157 [log] [tgz]
author: Sergiusz Bazanski <q3k@q3k.org> Sun Apr 07 00:06:23 2019 +0200
committer: Sergiusz Bazanski <q3k@q3k.org> Sun Apr 07 00:06:23 2019 +0200
tree: 8d483998903ae47cf7e9467829071bbb8c5329a0
parent: 208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]
diff --git a/cluster/certs/etcd-bc01n03.hswaw.net.cert b/cluster/certs/etcd-bc01n03.hswaw.net.cert
new file mode 100644
index 0000000..254f443
--- /dev/null
+++ b/cluster/certs/etcd-bc01n03.hswaw.net.cert

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFADCCA+igAwIBAgIUOjHbmuqMvzfF6UE8iYd+f8GeCVIwDQYJKoZIhvcNAQEL
+BQAweDELMAkGA1UEBhMCUEwxFDASBgNVBAgTC01hem93aWVja2llMQ8wDQYDVQQH
+EwZXYXJzYXcxGzAZBgNVBAoTEldhcnNhdyBIYWNrZXJzcGFjZTETMBEGA1UECxMK
+Y2x1c3RlcmNmZzEQMA4GA1UEAxMHZXRjZCBjYTAeFw0xOTA0MDYxODA1MDBaFw0y
+MDA0MDUxODA1MDBaMFsxCzAJBgNVBAYTAlBMMRQwEgYDVQQIEwtNYXpvd2llY2tp
+ZTEPMA0GA1UEBxMGV2Fyc2F3MSUwIwYDVQQLExxub2RlIGV0Y2Qgc2VydmVyIGNl
+cnRpZmljYXRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvbhdEPDQ
+R3HD3o73LZd6qVxxqdWNlCwlHGa2+EiY+mzpT2shL3b/oggUmfVaLQ20TVbpUPun
+hDeAr5WZeUJ0WbIlGNp4P3MnwbPQDhtAO0v2dFAzQyGQRIpkHEliRE8xRUOwEoOG
+r1jfVdO+yooJgrMSs9wFu6r2jySwugWKNRXUQ81m2qesYHrq5D6eylSZAcBb5pgX
+EnhqTR11KKKVl1sKdaz42kSLvV10h67joZPPfVyqFPAtl+8BEL2U/vEJcWsZuqOv
+3BK18njqxncTzGCWFhK4p1+kIrVN4kZwehrwftwaiuWrDW6hyzoDOivMITU/kjh4
+NU34zpMHom/xPzcbcmpAEqZyzlDLYRFUM3H1nbveUc7jZFeSFNIOOzSuLy29ivZP
+h49O0jo/wTvzMLdjhV0n8oqI55yqAGB4tIWI0WEA8dH7e46MVlhoCmVZzCj1N0wA
+RfoChcaELGMQOdinh6OBZ5/cEXK3UUvhzQk6haOiCTYUhLm5BqxhK9gEV0ErZwCe
+vET7DlL9LHVMH8YLuI+JM+VIjbucevPUwZdlj5ZWAVCzGwSWy664MkW2thFk2QAB
+2y7IYj8XiXcAQfQ0lpc2uscHECRyVi4jPu1YhKdwl0bdHbRiXWnyETjVjwIOx71T
+cAwynJPX0w/Cqy4f9o4ElxKsiUS/bYobhIECAwEAAaOBnjCBmzAOBgNVHQ8BAf8E
+BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQC
+MAAwHQYDVR0OBBYEFNMBPCre9auEsLZ/4t8/WILoaGcFMB8GA1UdIwQYMBaAFPFZ
+uGZNPsPnQu6Bo9RGfzlTdfkPMBwGA1UdEQQVMBOCEWJjMDFuMDMuaHN3YXcubmV0
+MA0GCSqGSIb3DQEBCwUAA4IBAQB/izfKue7fj5rBqPnYPH0l4kLxQ+M5KfZ1XGaN
+Xpm8LbofCBfqrHbKYgebnd2ccZwfDQqsq56CtuzA8yRYzL34lEaQyUTVxshPQxQu
+3MIuD2FQ6wbsrYygQ8Nr4cER/atExYlIf6DvperS9kQ7k30N3Mfo43EA1ddIXRM/
+9y6dI1brdU85zc2nDxCqPczsLVmbbGOBfKk3nTcZvz2QYZ+rnrA4r6ZlXKqLl1MH
+MOw5fCOrnS5zJtZ5BsAsY4Pf2PQoNL1N3eEdegF6Rw771gH1EFoDKX5XSzjHCeSD
+hJGWiUmjFNgI9GPCZPt/NjK+RCCk1Td+QjrnwRwPOp0n+6vX
+-----END CERTIFICATE-----
commit	73cef11c8534edeaab7763df1018c55b8afdd157	[log] [tgz]
author	Sergiusz Bazanski <q3k@q3k.org>	Sun Apr 07 00:06:23 2019 +0200
committer	Sergiusz Bazanski <q3k@q3k.org>	Sun Apr 07 00:06:23 2019 +0200
tree	8d483998903ae47cf7e9467829071bbb8c5329a0
parent	208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]