*: rejigger tls certs and more
This pretty large change does the following:
- moves nix from bootstrap.hswaw.net to nix/
- changes clustercfg to use cfssl and moves it to cluster/clustercfg
- changes clustercfg to source information about target location of
certs from nix
- changes clustercfg to push nix config
- changes tls certs to have more than one CA
- recalculates all TLS certs
(it keeps the old serviceaccoutns key, otherwise we end up with
invalid serviceaccounts - the cert doesn't match, but who cares,
it's not used anyway)
diff --git a/cluster/certs/etcdpeer-bc01n02.hswaw.net.cert b/cluster/certs/etcdpeer-bc01n02.hswaw.net.cert
new file mode 100644
index 0000000..25d9d57
--- /dev/null
+++ b/cluster/certs/etcdpeer-bc01n02.hswaw.net.cert
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFAzCCA+ugAwIBAgIUOrI3Jbcvd5z7rjuvd/ZCJa/k6C4wDQYJKoZIhvcNAQEL
+BQAwfTELMAkGA1UEBhMCUEwxFDASBgNVBAgTC01hem93aWVja2llMQ8wDQYDVQQH
+EwZXYXJzYXcxGzAZBgNVBAoTEldhcnNhdyBIYWNrZXJzcGFjZTETMBEGA1UECxMK
+Y2x1c3RlcmNmZzEVMBMGA1UEAxMMZXRjZCBwZWVyIGNhMB4XDTE5MDQwNjE4MDQw
+MFoXDTIwMDQwNTE4MDQwMFowWTELMAkGA1UEBhMCUEwxFDASBgNVBAgTC01hem93
+aWVja2llMQ8wDQYDVQQHEwZXYXJzYXcxIzAhBgNVBAsTGm5vZGUgZXRjZCBwZWVy
+IGNlcnRpZmljYXRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxZ9m
+liz7Af+qD3n4peAg8wNQ3l+7CalN6KJOnOlyTom371pcD59O1Uz47+/mWR5/dfQC
+2Pc42KxWOOh4YZ3zLdYNoNqS6XkyR40n3uc5an6xJYOaCQbvAA1ncm11AmGIoBl2
+BKOC/FiYQr+RsplOtN7NGOYNLLxit6hCm7Drwqu7Za2JR0YDffJZ6kNtaWK+5M40
+pR/coCUa4Cf94m4LhsLVbitDGrXtCmQOQVQP4Vf/buu8UO+e+rgGEOnS/kRpBiVI
+R+anD+uVYSYQPPhMWfDi6JDV561Kep+jvSkFX4NWz17PuTSiiAD+0iyvxPXSRDRx
+2lylu/IvOn9rkVL1kSfDW1ArLGlSbd3qyt4XKLCgIMhHLQS/KnmIOhOnhL9ZsJBk
+eq9BEgEIZa5lL8dTOwsKW+7NqXWr71aBSli/VaLlth+VvPxlhkROLW/6BleEsgkh
+/t4TZ2VcRS0+FWQgys4/btSJR+lKcMEkoBra9WXEX7fitrLWK+9jO6PXVf6X0Y8c
+bWLfuquaE2s4l7uwGnlVmsGBd1978L9cTGK554C+Fzjr7blkCpTUleGh0bXNP0jD
+S5+Iu4AHShP5JAsSAyLMjskrSHhltcWh0D7GSdz5HYyRKNEjxg8lFmcH/U3a05sk
+BbW1vVECWI9wyGw12g8tfrtgiE61E4+d8o3aJOkCAwEAAaOBnjCBmzAOBgNVHQ8B
+Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB
+/wQCMAAwHQYDVR0OBBYEFDOk2Cyznv+t3Gbzw/FmmcVS8iJPMB8GA1UdIwQYMBaA
+FC17mq9oqhmkzCqIvvh25L0npyQOMBwGA1UdEQQVMBOCEWJjMDFuMDIuaHN3YXcu
+bmV0MA0GCSqGSIb3DQEBCwUAA4IBAQBFc02XSE2W7e8ymZYcTlJvzo6jJllAf7Hz
+7QsyiRoEeFfGE6YpI+sr/isRNjpT6QtZnhB03N3wazYjBpD2otrTaOabJLyIchhS
+pJjLPHQUXRukWQTv2regnNpGmZajBIlZhNafy3p98JG6xP8ZTKRfnqddFPPEeRPB
+YH7IyskbrjZAvmpmLWINO4+mPFLsK+gVfqOhZc7pMDt64fD4DxDKo/OyfF4YY4Qm
+ndhfi6iDeAp1I9b8dVq4o2nh4mx+Qd6URASbjPChO4I3rOXL+VUFKkY6dRjBeLBn
+3vir+WTOqWEGa0ubRGqppTGwiH0y1YSgZNEeLWi5Ujnmqt6ZfBcn
+-----END CERTIFICATE-----