| # source me to have all the nice things |
| |
| if [ "$0" == "$BASH_SOURCE" ]; then |
| echo "You should be sourcing this." |
| exit 1 |
| fi |
| |
| hscloud_root="$( cd "$(dirname "$BASH_SOURCE")"; pwd -P )" |
| |
| hscloud-dc() { |
| ( cd "$hscloud_root" && docker-compose -f "docker/docker-compose.yml" "$@" ) |
| } |
| |
| hscloud-pki-dev() { |
| ( |
| set -e |
| |
| cd "$hscloud_root" |
| rm -rf docker/pki |
| |
| cp -rv go/pki/dev-certs docker/pki |
| cd docker/pki |
| bash gen.sh m6220-proxy arista-proxy cmc-proxy topo client |
| ls *pem |
| ) |
| } |
| |
| hscloud-node-push-certs() { |
| ( |
| set -e |
| |
| if [ -z "$1" ]; then |
| echo >&2 "Usage: hscloud-node-push-certs node.fqdn.com" |
| exit 1 |
| fi |
| fqdn="$1" |
| |
| echo "Checking node livenes..." |
| ssh root@$fqdn uname -a |
| |
| echo "Checking if node already has key..." |
| ssh root@$fqdn stat /opt/hscloud/node.key || ( |
| echo "Generating key..." |
| ssh root@$fqdn -- mkdir -p /opt/hscloud |
| ssh root@$fqdn -- nix-shell -p openssl --command "\"openssl genrsa -out /opt/hscloud/node.key 4096\"" |
| ssh root@$fqdn -- chmod 400 /opt/hscloud/node.key |
| ) |
| |
| echo "Checking if node already has cert..." |
| ssh root@$fqdn stat /opt/hscloud/node.crt && exit 0 |
| echo "No cert, will generate..." |
| |
| cd "$hscloud_root" |
| secrets="$hscloud_root/secrets" |
| ca="$secrets/plain/ca.key" |
| [ ! -f "$ca" ] && ( scripts/secretstore decrypt "$secrets/cipher/ca.key" > $ca ) |
| |
| ssh root@$fqdn -- nix-shell -p openssl --command "\"openssl req -new -key /opt/hscloud/node.key -out /opt/hscloud/node.csr -subj '/C=PL/ST=Mazowieckie/L=Mazowieckie/O=Stowarzyszenie Warszawski Hackerspace/OU=Node Bootstrap Certificate/CN=" $fqdn "'\"" |
| scp root@$fqdn:/opt/hscloud/node.csr . |
| openssl x509 -req -in node.csr -CA data/ca.crt -CAkey "$ca" -CAcreateserial -out "data/${fqdn}.crt" |
| |
| scp "data/${fqdn}.crt" root@$fqdn:/opt/hscloud/node.crt |
| scp "data/ca.crt" root@$fqdn:/opt/hscloud/ca.crt |
| ssh root@$fqdn -- chmod 444 /opt/hscloud/node.crt /opt/hscloud/ca.crt |
| rm node.csr |
| ) |
| } |
| |
| echo "Now playing:" |
| echo " hscloud-dc - run docker-compose" |
| echo " hscloud-pki-dev - generate dev PKI certs" |
| echo " hscloud-node-push-certs - push a node cert to the node" |
| echo "" |