# Deploy
for node in $NODES; do
- # TODO
- echo "Not implemented!"
+ hostname="`hydra_get_fqdn_from_nodename $node`"
+
+ echo "-----------------------------------------------------"
+ echo "Importing certs and keys into $hostname:/etc/ssl... "
+ echo "-----------------------------------------------------"
+
+ echo "Creating folder structure at $hostname:/etc/ssl..."
+ $HYDRA_CONNECT $hostname <<EOF
+ sudo mkdir -p /etc/ssl/private
+ sudo mkdir -p /etc/ssl/certs
+ sudo chown root.ssl-cert /etc/ssl/private
+ sudo chown root.ssl-cert /etc/ssl/certs
+ sudo chmod 644 /etc/ssl/private
+ sudo chmod 644 /etc/ssl/certs
+EOF
+
+ keyringer $HYDRA ls -1 ssl/ | grep crt | while read cert; do
+ cert="`basename $cert .asc`"
+ priv="`basename $cert .crt`.pem"
+
+ $HYDRA_CONNECT $hostname <<EOF
+ sudo touch /etc/ssl/certs/$cert
+ sudo chown root.ssl-cert /etc/ssl/certs/$cert
+ sudo chmod 644 /etc/ssl/certs/$cert
+ sudo touch /etc/ssl/private/$priv
+ sudo chown root.ssl-cert /etc/ssl/private/$priv
+ sudo chmod 640 /etc/ssl/private/$priv
+EOF
+
+ echo "Importing $cert from keyringer to $hostname:/etc/ssl/certs..."
+ keyringer $HYDRA decrypt ssl/$cert | \
+ $HYDRA_CONNECT $hostname "cat - | sudo tee /etc/ssl/certs/$cert > /dev/null"
+
+ echo "Importing $priv from keyringer to $hostname:/etc/ssl/private..."
+ keyringer $HYDRA decrypt ssl/$priv | \
+ $HYDRA_CONNECT $hostname "cat - | sudo tee /etc/ssl/private/$priv > /dev/null"
+ done
done
projects / hydra.git / commitdiff