Single-key support for eyaml

diff --git a/lib/hydra/deploy b/lib/hydra/deploy
index 320b557a2602b1aa9b21bf6160afc0ca7dd98bee..196b9444afc9e3bab6cb15c10a066ce1006b0cd4 100644 (file)
--- a/lib/hydra/deploy
+++ b/lib/hydra/deploy
@@ -128,12 +128,20 @@ function hydra_deploy_copy_keys {
   # Ensure key availability
   hydra $HYDRA eyaml $FQDN
 
+  # Test for multi-keys setup
   if [ -e "$HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/private_key.pkcs7.pem" ]; then
     hydra_deploy_copy $location $HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/private_key.pkcs7.pem $DEPLOY_DEST/etc/puppet/keys/private_key.pkcs7.pem
+  # Then try single-key setup
+  elif [ -e "$HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem" ]; then
+    hydra_deploy_copy $location $HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem $DEPLOY_DEST/etc/puppet/keys/private_key.pkcs7.pem
   fi
 
+  # Test for multi-keys setup
   if [ -e "$HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/public_key.pkcs7.pem" ]; then
     hydra_deploy_copy $location $HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/public_key.pkcs7.pem $DEPLOY_DEST/etc/puppet/keys/public_key.pkcs7.pem
+  # Then try single-key setup
+  elif [ -e "$HYDRA_FOLDER/puppet/keys/public_key.pkcs7.pem" ]; then
+    hydra_deploy_copy $location $HYDRA_FOLDER/puppet/keys/public_key.pkcs7.pem $DEPLOY_DEST/etc/puppet/keys/public_key.pkcs7.pem
   fi
 }
 

diff --git a/share/hydra/eyaml b/share/hydra/eyaml
index 7a0df8c27d7893760b720bfe49694929dbf6c14d..c02aab1a944fa5d07f127cb1e2fde2ce3555bb70 100755 (executable)
--- a/share/hydra/eyaml
+++ b/share/hydra/eyaml
@@ -25,6 +25,7 @@ BASENAME="`basename $0`"
 NODE="$1"
 ACTION="$2"
 FQDN="`hydra_get_fqdn_from_nodename $NODE`"
+DOMAIN="`echo $FQDN | cut -d . -f 2-`"
 shift
 
 # Check for eyaml
@@ -45,21 +46,33 @@ mkdir -p $HYDRA_FOLDER/puppet/keys/$FQDN/eyaml
 # Set pub and privkey paths
 PRIV="$HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/private_key.pkcs7.pem"
 PUB="$HYDRA_FOLDER/puppet/keys/$FQDN/eyaml/public_key.pkcs7.pem"
+PRIV_CRYPT="nodes/$FQDN/eyaml/private_key.pkcs7.pem.asc"
+PUB_CRYPT="nodes/$FQDN/eyaml/public_key.pkcs7.pem"
+
+# Test for single-key setup
+if [ -e "$HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem" ] && [ ! -h "$HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem" ]; then
+  PRIV="$HYDRA_FOLDER/puppet/keys/private_key.pkcs7.pem"
+  PUB="$HYDRA_FOLDER/puppet/keys/public_key.pkcs7.pem"
+  PRIV_CRYPT="domain/$DOMAIN/eyaml/private_key.pkcs7.pem.asc"
+  PUB_CRYPT="domain/$DOMAIN/eyaml/public_key.pkcs7.pem"
+fi
+
+# Then set eyaml args
 ARGS="--pkcs7-private-key $PRIV --pkcs7-public-key $PUB"
 
 # Generate keypair if needed
 if [ ! -e "$PRIV" ]; then
-  if [ -e "$HYDRA_FOLDER/keyring/keys/nodes/$FQDN/eyaml/private_key.pkcs7.pem.asc" ]; then
+  if [ -e "$HYDRA_FOLDER/keyring/keys/$PRIV_CRYPT" ]; then
     echo "Getting eyaml keys for $FDQN from keyringer..."
-    keyringer $HYDRA decrypt nodes/$FQDN/eyaml/private_key.pkcs7.pem > $PRIV
-    keyringer $HYDRA decrypt nodes/$FQDN/eyaml/public_key.pkcs7.pem  > $PUB
+    keyringer $HYDRA decrypt $PRIV_CRYPT > $PRIV
+    keyringer $HYDRA decrypt $PUB_CRYOT  > $PUB
   else
     echo "Generating eyaml keys for $FQDN..."
     eyaml createkeys $ARGS
 
     echo "Saving generated keys into keyringer..."
-    keyringer $HYDRA encrypt nodes/$FQDN/eyaml/private_key.pkcs7.pem $PRIV
-    keyringer $HYDRA encrypt nodes/$FQDN/eyaml/public_key.pkcs7.pem  $PUB
+    keyringer $HYDRA encrypt $PRIV_CRYPT $PRIV
+    keyringer $HYDRA encrypt $PUB_CRYPT  $PUB
   fi
 fi