Adding 'options' an 'newkeys' commands

diff --git a/.gitignore b/.gitignore
new file mode 100644 (file)
index 0000000..1377554
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*.swp

diff --git a/README b/README
index 1bbd7e4c8f7a6e9b5258c40a88087f25a9b40b9c..4e6c6bcc97799652925c6aab37e2b415ddafd10f 100644 (file)
--- a/README
+++ b/README
@@ -89,6 +89,20 @@ Keyringer comes with a simple git wrapper to ease common management tasks:
   keyringer <keyring> git push keyringer master
   keyringer <keyring> git pull
 
+Managing puppet node keys
+-------------------------
+
+Keyringer is able to manage node keys for puppet nodes. First add the puppet
+main and key folders into your keyring configuration:
+
+  keyringer <keyring> options add PUPPET=/path/to/puppet/config
+  keyringer <keyring> options add PUPPET_KEYS=/path/to/puppet/keys
+
+Then you just need to issue the following command every time you have to create
+keys for new nodes:
+
+  keyringer <keyring> newkeys puppet
+
 Notes
 -----
 

diff --git a/share/keyringer/newkeys b/share/keyringer/newkeys
new file mode 100755 (executable)
index 0000000..f4a88a5
--- /dev/null
+++ b/share/keyringer/newkeys
@@ -0,0 +1,68 @@
+#!/bin/bash
+#
+# Create keys for new nodes.
+#
+
+# Config
+ACTIONS="`dirname $0`"
+BASEDIR="$1"
+COMMAND="$2"
+BASENAME="`basename $0`"
+OPTIONS="$BASEDIR/config/options"
+
+function newkeys_nodes {
+  # See http://www.mail-archive.com/puppet-users@googlegroups.com/msg01615.html
+  grep ^node $* | sed -e 's/^node //' | awk -F, '{for(i=1;i<=NF;i++) {print $i}}' | cut -d "'" -f2
+}
+
+function newkeys_puppet {
+  # Generates ssh and gpg keys for new nodes
+  # GPG keys should be manually imported in the nodes
+
+  if [ -e "$PUPPET/manifests/nodes.pp" ]; then
+    nodes="`newkeys_nodes $PUPPET/manifests/nodes.pp`"
+  fi
+
+  if [ -d "$PUPPET/manifests/nodes" ]; then
+    nodes="$nodes `newkeys_nodes $PUPPET/manifests/nodes/*`"
+  fi
+
+  for host in $nodes; do
+    node="`echo $host | cut -d . -f 1`"
+    privkey="$PUPPET/$PUPPET_KEYS/"$node"_id_dsa"
+    pubkey="$privkey.pub"
+    if [ ! -e "$privkey" ] || [ ! -e "$pubkey" ]; then
+      keyringer_exec genpair $BASEDIR ssh $node/ssh/id_dsa $host $privkey
+      keyringer_exec genpair $BASEDIR gpg $node/gpg/key    $host
+
+      # Add key into puppet git repository
+      ( cd $PUPPET_KEYS && git add $privkey $pubkey )
+    fi
+  done
+}
+
+# Load functions
+LIB="`dirname $0`/../../lib/keyringer"
+source $LIB/functions
+
+if [ -z "$COMMAND" ]; then
+  echo "Usage: keyringer <keyring> `basename $0` <command> [arguments]"
+  exit 1
+elif [ ! -f "$OPTIONS" ]; then
+  echo "No option config was found"
+  exit 1
+fi
+
+source $OPTIONS
+
+if [ -z "$PUPPET_KEYS" ]; then
+  PUPPET_KEYS="$PUPPET/files/keys"
+fi
+
+# Right now just puppet backend is supported
+if [ "$COMMAND" == "puppet" ]; then
+  newkeys_puppet
+else
+  echo "No such option $COMMAND"
+  exit 1
+fi

diff --git a/share/keyringer/options b/share/keyringer/options
new file mode 100755 (executable)
index 0000000..20a9891
--- /dev/null
+++ b/share/keyringer/options
@@ -0,0 +1,39 @@
+#!/bin/bash
+#
+# Recipient management.
+#
+
+# Config
+ACTIONS="`dirname $0`"
+BASEDIR="$1"
+COMMAND="$2"
+BASENAME="`basename $0`"
+OPTIONS="$BASEDIR/config/options"
+
+# Load functions
+LIB="`dirname $0`/../../lib/keyringer"
+source $LIB/functions
+
+if [ -z "$COMMAND" ]; then
+  echo "Usage: keyringer <keyring> `basename $0` <command> [arguments]"
+  exit 1
+fi
+
+# Create options file if old repository
+if [ ! -e "$OPTIONS" ]; then
+  echo "Creating options file..."
+  touch $OPTIONS
+  keyringer_exec git $BASEDIR add config/options
+fi
+
+if [ "$COMMAND" == "ls" ]; then
+  cat $OPTIONS
+elif [ "$COMMAND" == "edit" ]; then
+  $EDITOR $OPTIONS
+elif [ "$COMMAND" == "add" ]; then
+  shift 2
+  echo $* >> $OPTIONS 
+else
+  echo "$BASENAME: No such command $COMMAND"
+  exit 1
+fi