projects
/
awsible
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
generate dhparam locally rather than on vpn server
[awsible]
/
generate-ansible-vpcaccess-vars.sh
diff --git
a/generate-ansible-vpcaccess-vars.sh
b/generate-ansible-vpcaccess-vars.sh
index e951308859f2f51f9cf8158f3fea1e62a9c00349..fcdf8ea2075885d976e693300673330e714f4451 100755
(executable)
--- a/
generate-ansible-vpcaccess-vars.sh
+++ b/
generate-ansible-vpcaccess-vars.sh
@@
-14,6
+14,7
@@
crl_pem="${1}_ca/pki/crl.pem"
cert="${1}_ca/pki/issued/${2}.${1}.crt"
key="${1}_ca/pki/private/${2}.${1}.key"
ta_secret="${1}_ca/pki/ta.key"
cert="${1}_ca/pki/issued/${2}.${1}.crt"
key="${1}_ca/pki/private/${2}.${1}.key"
ta_secret="${1}_ca/pki/ta.key"
+dhparam="${1}_ca/pki/dh.pem"
# reuse any extant quagga password
for v in "${1}"/group_vars/*vpcaccess*
# reuse any extant quagga password
for v in "${1}"/group_vars/*vpcaccess*
@@
-23,11
+24,20
@@
do
echo "found multiple potential quagga passwords; the chosen one may not be correct" 1>&2
fi
quagga_password=$(awk '/QUAGGA_PASSWORD:/{print $2}' "${v}")
echo "found multiple potential quagga passwords; the chosen one may not be correct" 1>&2
fi
quagga_password=$(awk '/QUAGGA_PASSWORD:/{print $2}' "${v}")
+
+ if [ -n "${quagga_key}" ]
+ then
+ echo "found multiple potential quagga keys; the chosen one may not be correct" 1>&2
+ fi
done
if [ -z "${quagga_password}" ]
then
quagga_password=$(pwgen -y 16)
fi
done
if [ -z "${quagga_password}" ]
then
quagga_password=$(pwgen -y 16)
fi
+if [ -z "${quagga_key}" ]
+then
+ quagga_key=$(pwgen -y 16)
+fi
function onlycert(){
sed -n '/-----BEGIN /,/-----END /p' "$@"
function onlycert(){
sed -n '/-----BEGIN /,/-----END /p' "$@"
@@
-38,7
+48,8
@@
function indent(){
cat<<EOF
---
cat<<EOF
---
-QUAGGA_PASSWORD: "${quagga_password}"
+QUAGGA_PASSWORD: ${quagga_password}
+QUAGGA_KEY: ${quagga_key}
ca_name: $1
ca_cert: |
$(indent "${ca_cert}")
ca_name: $1
ca_cert: |
$(indent "${ca_cert}")
@@
-50,4
+61,6
@@
key: |
$(indent "${key}")
ta_secret: |
$(indent "${ta_secret}")
$(indent "${key}")
ta_secret: |
$(indent "${ta_secret}")
+dhparam: |
+$(onlycert "${dhparam}" | indent)
EOF
EOF