forked from 5pi/infra
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmk_credentials
executable file
·41 lines (38 loc) · 1.09 KB
/
mk_credentials
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#!/bin/bash
set -euo pipefail
. config/env
CONFIG=config
if [[ "$#" -gt 0 ]]; then
CONFIG="$1"
fi
mkdir -p "$CONFIG/generated"
for ((i=0;i<SERVERS;i++)); do
CD="$CONFIG/generated/tinc/master${i}"
if [[ -e "$CD/rsa_key.priv" ]]; then
echo "$CD/rsa_key.priv already exists, skipping"
continue
fi
mkdir -p "$CD"
touch "$CD/tinc.conf"
tincd -n default -K -c "$CD" < /dev/null
rm "$CD/tinc.conf"
done
mkdir -p "$CONFIG/generated/ca"
if [[ -e "$CONFIG/generated/ca/ca.pem" ]]; then
echo "$CONFIG/generated/ca/ca.pem already exists, skipping"
else
cfssl gencert -initca $CONFIG/ca/ca-csr.json \
| cfssljson -bare $CONFIG/generated/ca -
fi
for ((i=0;i<SERVERS;i++)); do
prefix="$CONFIG/generated/master$i"
if [[ -e "$prefix.pem" ]]; then
echo "$prefix.pem already exists, skipping"
continue
fi
echo '{"CN":"master'$i'","hosts":["10.10.10.1", "'$IP_INT_PREFIX'.'$i'.1"],"key":{"algo":"rsa","size":2048}}' \
| cfssl gencert -ca="$CONFIG/generated/ca.pem" \
-ca-key="$CONFIG/generated/ca-key.pem" \
-config="$CONFIG/ca/ca-config.json" -profile=peer - \
| cfssljson -bare "$prefix"
done