(An Untitled Masterwork)
ActivePublic
Actions

Authored by jbond on Apr 12 2023, 11:44 AM.

Tags

None

Referenced Files

	F36948162: raw-paste-data.txt
	Apr 12 2023, 11:49 AM

	F36948157: raw-paste-data.txt
	Apr 12 2023, 11:44 AM

Subscribers

None

	#!/bin/bash
	set -o errexit
	set -o nounset
	set -o pipefail
	PATH=/usr/bin
	ca_file="$(facter -p puppet_config.localcacert)"
	tls_key_file="$(facter -p puppet_config.hostprivkey)"
	tls_cert_file="$(facter -p puppet_config.hostcert)"


	script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
	csr_json=$1
	renew_seconds=${2:-952200}
	if [ "${csr_json##*.}" != "csr" -o ! -f "$csr_json" ]
	then
	printf "argument must be an existing csr file\n"
	exit 1
	fi
	if [ "$EUID" -ne 0 ]
	then
	printf "Must run as root\n"
	exit 1
	fi


	# assumes we have a .csr file we should check for that
	cn=$(basename "$csr_json" .csr)
	outdir="${script_dir}/outdir/${cn}"
	csr_file="${outdir}/${cn}.csr"
	cert_file="${outdir}/${cn}.pem"
	mkdir -p "$outdir"
	if [ -f "$csr_file" ]
	then
	printf "Cert %s file is allready generate wilkl check expiry\n" "$csr_file"
	/usr/bin/openssl x509 -in "$cert_file" -checkend "$renew_seconds" \|\| \
	cfssl sign \
	-config /etc/cfssl/client-cfssl.conf \
	-tls-remote-ca "$ca_file" \
	-mutual-tls-client-cert "$tls_cert_file" \
	-mutual-tls-client-key "$tls_key_file" \
	-label discovery "$csr_file" \| cfssljson -bare "$outdir/${cn}"
	else
	printf "Generting new certificate\n"
	cfssl gencert \
	-config /etc/cfssl/client-cfssl.conf \
	-tls-remote-ca "$ca_file" \
	-mutual-tls-client-cert "$tls_cert_file" \
	-mutual-tls-client-key "$tls_key_file" \
	-label discovery "$csr_json" \| cfssljson -bare "$outdir/${cn}"
	fi
	printf "certificates are avalibla in %s\n" $outdir
	chown -R root "${outdir}"
	chmod -R 0600 "${outdir}"

(An Untitled Masterwork)ActivePublicActions