]> gitweb.fluxo.info Git - hydra.git/commitdiff
projects / hydra.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 91e75db)
Newnodes: move all key management code into newkeys
authorSilvio Rhatto <rhatto@riseup.net>
Mon, 13 May 2019 01:17:32 +0000 (22:17 -0300)
committerSilvio Rhatto <rhatto@riseup.net>
Mon, 13 May 2019 01:17:32 +0000 (22:17 -0300)
share/hydra/newkeys patch | blob | history
share/hydra/newnode patch | blob | history

diff --git a/share/hydra/newkeys b/share/hydra/newkeys
index 8bc7ecea25100bf59ed95c82e7b10d6af8578486..04a1f43f7626e56ef5060786d4315a06631cb4c4 100755 (executable)
--- a/share/hydra/newkeys
+++ b/share/hydra/newkeys
@@ -100,6 +100,14 @@ function hydra_newkeys_borg {
   # Encrypt key
   cat $BORG_KEY_FILE | keyringer $HYDRA encrypt nodes/$node/borg/key
 
+  if [ -e "$HYDRA_FOLDER/puppet/config/secrets/node/$node.yaml" ]; then
+    # Add Borg passphrase into secret node config
+    #keyringer $HYDRA decrypt nodes/$NODE/borg/key.passwd | \
+    #hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::borg::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
+    PASSWORD="`keyringer $HYDRA decrypt nodes/$node/borg/key.passwd`"
+    echo -n "$PASSWORD" | hydra fluxo eyaml $node encrypt --stdin -o block -q -l nodo::subsystem::backup::borg::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$node.yaml
+  fi
+
   # Cleanup
   if which wipe &> /dev/null; then
     wipe -rf $TMPWORK
@@ -116,6 +124,19 @@ function hydra_genpairs {
 
   if [ "$which" == "openpgp" ]; then
     keyringer $HYDRA genpair gpg nodes/$node/gpg/key    $node
+
+    if [ -e "$HYDRA_FOLDER/puppet/config/secrets/node/$node.yaml" ]; then
+      # Add OpenPGP key ID into secret node config
+      KEYID="`keyringer $HYDRA decrypt nodes/$node/gpg/key.pub 2> /dev/null | gpg --with-colons 2> /dev/null | grep ^pub: | cut -d : -f 5`"
+      echo "nodo::subsystem::backup::encryptkey: '$KEYID'" >> $HYDRA_FOLDER/puppet/config/secrets/node/$node.yaml
+
+      # Add OpenPGP passphrase into secret node config
+      # We cannot simple pipe keyringer output into hiera-eyaml otherwiser the newline after the password will be interpreted as part of the password
+      #keyringer $HYDRA decrypt nodes/$node/gpg/key.passwd | \
+      #hydra fluxo eyaml $node encrypt --stdin -o block -q -l nodo::subsystem::backup::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$node.yaml
+      PASSWORD="`keyringer $HYDRA decrypt nodes/$node/gpg/key.passwd`"
+      echo -n "$PASSWORD" | hydra fluxo eyaml $node encrypt --stdin -o block -q -l nodo::subsystem::backup::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$node.yaml
+    fi
   elif [ "$which" == "ssh" ]; then
     keyringer $HYDRA genpair ssh nodes/$node/ssh/id_rsa $node
   elif [ "$which" == "borg" ]; then
diff --git a/share/hydra/newnode b/share/hydra/newnode
index d087e5b52ae2644d0df38608f00a01e7538b3ffb..3e32d8a7ed2fa9094115d9bc619ab0a9431cd284 100755 (executable)
--- a/share/hydra/newnode
+++ b/share/hydra/newnode
@@ -84,27 +84,6 @@ cp $YAML $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
 # Generate keys
 hydra $HYDRA newkeys all $NODE
 
-# Add OpenPGP key ID into secret node config
-KEYID="`keyringer $HYDRA decrypt nodes/$NODE/gpg/key.pub 2> /dev/null | gpg --with-colons 2> /dev/null | grep ^pub: | cut -d : -f 5`"
-echo "nodo::subsystem::backup::encryptkey: '$KEYID'" >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
-
-echo "" >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
-
-# Add OpenPGP passphrase into secret node config
-# We cannot simple pipe keyringer output into hiera-eyaml otherwiser the newline after the password will be interpreted as part of the password
-#keyringer $HYDRA decrypt nodes/$NODE/gpg/key.passwd | \
-#hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
-PASSWORD="`keyringer $HYDRA decrypt nodes/$NODE/gpg/key.passwd`"
-echo -n "$PASSWORD" | hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
-
-echo "" >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
-
-# Add Borg passphrase into secret node config
-#keyringer $HYDRA decrypt nodes/$NODE/borg/key.passwd | \
-#hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::borg::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
-PASSWORD="`keyringer $HYDRA decrypt nodes/$NODE/borg/key.passwd`"
-echo -n "$PASSWORD" | hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::borg::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
-
 # Ansible config
 if [ -e "$HYDRA_FOLDER/ansible/inventories/production/hosts" ]; then
   echo "$NODE" >> $HYDRA_FOLDER/ansible/inventories/production/hosts
Hydra Suite