blob: aee2db125ab507a23dfd5beb8ad79017610f10ef [file] [log] [blame]
Serge Bazanskic6fd6622018-11-01 22:39:01 +01001# source me to have all the nice things
2
3if [ "$0" == "$BASH_SOURCE" ]; then
4 echo "You should be sourcing this."
5 exit 1
6fi
7
8hscloud_root="$( cd "$(dirname "$BASH_SOURCE")"; pwd -P )"
9
10hscloud-dc() {
11 ( cd "$hscloud_root" && docker-compose -f "docker/docker-compose.yml" "$@" )
12}
13
14hscloud-pki-dev() {
15 (
16 set -e
17
18 cd "$hscloud_root"
19 rm -rf docker/pki
20
21 cp -rv go/pki/dev-certs docker/pki
22 cd docker/pki
23 bash gen.sh m6220-proxy arista-proxy cmc-proxy topo client
24 ls *pem
25 )
26}
27
Serge Bazanskia5be0d82018-12-23 01:35:07 +010028hscloud-node-push-certs() {
29 (
30 set -e
31
32 if [ -z "$1" ]; then
33 echo >&2 "Usage: hscloud-node-push-certs node.fqdn.com"
34 exit 1
35 fi
36 fqdn="$1"
37
38 echo "Checking node livenes..."
39 ssh root@$fqdn uname -a
40
41 echo "Checking if node already has key..."
42 ssh root@$fqdn stat /opt/hscloud/node.key || (
43 echo "Generating key..."
44 ssh root@$fqdn -- mkdir -p /opt/hscloud
45 ssh root@$fqdn -- nix-shell -p openssl --command "\"openssl genrsa -out /opt/hscloud/node.key 4096\""
46 ssh root@$fqdn -- chmod 400 /opt/hscloud/node.key
47 )
48
49 echo "Checking if node already has cert..."
50 ssh root@$fqdn stat /opt/hscloud/node.crt && exit 0
51 echo "No cert, will generate..."
52
53 cd "$hscloud_root"
54 secrets="$hscloud_root/secrets"
55 ca="$secrets/plain/ca.key"
56 [ ! -f "$ca" ] && ( scripts/secretstore decrypt "$secrets/cipher/ca.key" > $ca )
57
58 ssh root@$fqdn -- nix-shell -p openssl --command "\"openssl req -new -key /opt/hscloud/node.key -out /opt/hscloud/node.csr -subj '/C=PL/ST=Mazowieckie/L=Mazowieckie/O=Stowarzyszenie Warszawski Hackerspace/OU=Node Bootstrap Certificate/CN=" $fqdn "'\""
59 scp root@$fqdn:/opt/hscloud/node.csr .
60 openssl x509 -req -in node.csr -CA data/ca.crt -CAkey "$ca" -CAcreateserial -out "data/${fqdn}.crt"
61
62 scp "data/${fqdn}.crt" root@$fqdn:/opt/hscloud/node.crt
63 scp "data/ca.crt" root@$fqdn:/opt/hscloud/ca.crt
64 ssh root@$fqdn -- chmod 444 /opt/hscloud/node.crt /opt/hscloud/ca.crt
65 rm node.csr
66 )
67}
68
Serge Bazanskic6fd6622018-11-01 22:39:01 +010069echo "Now playing:"
70echo " hscloud-dc - run docker-compose"
71echo " hscloud-pki-dev - generate dev PKI certs"
Serge Bazanskia5be0d82018-12-23 01:35:07 +010072echo " hscloud-node-push-certs - push a node cert to the node"
Serge Bazanski9ec50e32018-12-23 01:40:28 +010073echo ""