git.squeep.com Git - awsible/blob - generate-ansible-vpcaccess-vars.sh

   1 #!/bin/sh
   2
   3 set -e
   4 set -o pipefail
   5
   6 if [ $# -ne 2 ]
   7 then
   8         echo "usage: $(basename "$0") environment region"
   9         exit 64
  10 fi
  11
  12 ca_cert="${1}_ca/pki/ca.crt"
  13 crl_pem="${1}_ca/pki/crl.pem"
  14 cert="${1}_ca/pki/issued/${2}.${1}.crt"
  15 key="${1}_ca/pki/private/${2}.${1}.key"
  16 ta_secret="${1}_ca/pki/ta.key"
  17 dhparam="${1}_ca/pki/dh.pem"
  18
  19 # reuse any extant quagga password
  20 for v in "${1}"/group_vars/*vpcaccess*
  21 do
  22         if [ -n "${quagga_password}" ]
  23         then
  24                 echo "found multiple potential quagga passwords; the chosen one may not be correct" 1>&2
  25         fi
  26         quagga_password=$(awk '/QUAGGA_PASSWORD:/{print $2}' "${v}")
  27
  28         if [ -n "${quagga_key}" ]
  29         then
  30                 echo "found multiple potential quagga keys; the chosen one may not be correct" 1>&2
  31         fi
  32 done
  33 if [ -z "${quagga_password}" ]
  34 then
  35         quagga_password=$(pwgen -y 16)
  36 fi
  37 if [ -z "${quagga_key}" ]
  38 then
  39         quagga_key=$(pwgen -y 16)
  40 fi
  41
  42 function onlycert(){
  43         sed -n '/-----BEGIN /,/-----END /p' "$@"
  44 }
  45 function indent(){
  46         sed 's/^/  /' "$@"
  47 }
  48
  49 cat<<EOF
  50 ---
  51 QUAGGA_PASSWORD: ${quagga_password}
  52 QUAGGA_KEY: ${quagga_key}
  53 ca_name: $1
  54 ca_cert: |
  55 $(indent "${ca_cert}")
  56 crl_pem: |
  57 $(indent "${crl_pem}")
  58 cert: |
  59 $(onlycert "${cert}" | indent)
  60 key: |
  61 $(indent "${key}")
  62 ta_secret: |
  63 $(indent "${ta_secret}")
  64 dhparam: |
  65 $(onlycert "${dhparam}" | indent)
  66 EOF