| Serge Bazanski | c6fd662 | 2018-11-01 22:39:01 +0100 | [diff] [blame] | 1 | # source me to have all the nice things |
| 2 | |
| 3 | if [ "$0" == "$BASH_SOURCE" ]; then |
| 4 | echo "You should be sourcing this." |
| 5 | exit 1 |
| 6 | fi |
| 7 | |
| 8 | hscloud_root="$( cd "$(dirname "$BASH_SOURCE")"; pwd -P )" |
| 9 | |
| 10 | hscloud-dc() { |
| 11 | ( cd "$hscloud_root" && docker-compose -f "docker/docker-compose.yml" "$@" ) |
| 12 | } |
| 13 | |
| 14 | hscloud-pki-dev() { |
| 15 | ( |
| 16 | set -e |
| 17 | |
| 18 | cd "$hscloud_root" |
| 19 | rm -rf docker/pki |
| 20 | |
| 21 | cp -rv go/pki/dev-certs docker/pki |
| 22 | cd docker/pki |
| 23 | bash gen.sh m6220-proxy arista-proxy cmc-proxy topo client |
| 24 | ls *pem |
| 25 | ) |
| 26 | } |
| 27 | |
| Serge Bazanski | a5be0d8 | 2018-12-23 01:35:07 +0100 | [diff] [blame^] | 28 | hscloud-node-push-certs() { |
| 29 | ( |
| 30 | set -e |
| 31 | |
| 32 | if [ -z "$1" ]; then |
| 33 | echo >&2 "Usage: hscloud-node-push-certs node.fqdn.com" |
| 34 | exit 1 |
| 35 | fi |
| 36 | fqdn="$1" |
| 37 | |
| 38 | echo "Checking node livenes..." |
| 39 | ssh root@$fqdn uname -a |
| 40 | |
| 41 | echo "Checking if node already has key..." |
| 42 | ssh root@$fqdn stat /opt/hscloud/node.key || ( |
| 43 | echo "Generating key..." |
| 44 | ssh root@$fqdn -- mkdir -p /opt/hscloud |
| 45 | ssh root@$fqdn -- nix-shell -p openssl --command "\"openssl genrsa -out /opt/hscloud/node.key 4096\"" |
| 46 | ssh root@$fqdn -- chmod 400 /opt/hscloud/node.key |
| 47 | ) |
| 48 | |
| 49 | echo "Checking if node already has cert..." |
| 50 | ssh root@$fqdn stat /opt/hscloud/node.crt && exit 0 |
| 51 | echo "No cert, will generate..." |
| 52 | |
| 53 | cd "$hscloud_root" |
| 54 | secrets="$hscloud_root/secrets" |
| 55 | ca="$secrets/plain/ca.key" |
| 56 | [ ! -f "$ca" ] && ( scripts/secretstore decrypt "$secrets/cipher/ca.key" > $ca ) |
| 57 | |
| 58 | ssh root@$fqdn -- nix-shell -p openssl --command "\"openssl req -new -key /opt/hscloud/node.key -out /opt/hscloud/node.csr -subj '/C=PL/ST=Mazowieckie/L=Mazowieckie/O=Stowarzyszenie Warszawski Hackerspace/OU=Node Bootstrap Certificate/CN=" $fqdn "'\"" |
| 59 | scp root@$fqdn:/opt/hscloud/node.csr . |
| 60 | openssl x509 -req -in node.csr -CA data/ca.crt -CAkey "$ca" -CAcreateserial -out "data/${fqdn}.crt" |
| 61 | |
| 62 | scp "data/${fqdn}.crt" root@$fqdn:/opt/hscloud/node.crt |
| 63 | scp "data/ca.crt" root@$fqdn:/opt/hscloud/ca.crt |
| 64 | ssh root@$fqdn -- chmod 444 /opt/hscloud/node.crt /opt/hscloud/ca.crt |
| 65 | rm node.csr |
| 66 | ) |
| 67 | } |
| 68 | |
| Serge Bazanski | c6fd662 | 2018-11-01 22:39:01 +0100 | [diff] [blame] | 69 | echo "Now playing:" |
| 70 | echo " hscloud-dc - run docker-compose" |
| 71 | echo " hscloud-pki-dev - generate dev PKI certs" |
| Serge Bazanski | a5be0d8 | 2018-12-23 01:35:07 +0100 | [diff] [blame^] | 72 | echo " hscloud-node-push-certs - push a node cert to the node" |