X-Git-Url: http://git.squeep.com/?p=awsible;a=blobdiff_plain;f=generate-ansible-vpcaccess-vars.sh;h=fcdf8ea2075885d976e693300673330e714f4451;hp=0a5d14a62aedf2a732c02ba1da3a4906c0481086;hb=HEAD;hpb=37253e1b3651d2e3f1c714c55fb05894abacf398

diff --git a/generate-ansible-vpcaccess-vars.sh b/generate-ansible-vpcaccess-vars.sh
index 0a5d14a..fcdf8ea 100755
--- a/generate-ansible-vpcaccess-vars.sh
+++ b/generate-ansible-vpcaccess-vars.sh
@@ -1,6 +1,7 @@
 #!/bin/sh
 
 set -e
+set -o pipefail
 
 if [ $# -ne 2 ]
 then
@@ -13,6 +14,30 @@ crl_pem="${1}_ca/pki/crl.pem"
 cert="${1}_ca/pki/issued/${2}.${1}.crt"
 key="${1}_ca/pki/private/${2}.${1}.key"
 ta_secret="${1}_ca/pki/ta.key"
+dhparam="${1}_ca/pki/dh.pem"
+
+# reuse any extant quagga password
+for v in "${1}"/group_vars/*vpcaccess*
+do
+	if [ -n "${quagga_password}" ]
+	then
+		echo "found multiple potential quagga passwords; the chosen one may not be correct" 1>&2
+	fi
+	quagga_password=$(awk '/QUAGGA_PASSWORD:/{print $2}' "${v}")
+
+	if [ -n "${quagga_key}" ]
+	then
+		echo "found multiple potential quagga keys; the chosen one may not be correct" 1>&2
+	fi
+done
+if [ -z "${quagga_password}" ]
+then
+	quagga_password=$(pwgen -y 16)
+fi
+if [ -z "${quagga_key}" ]
+then
+	quagga_key=$(pwgen -y 16)
+fi
 
 function onlycert(){
 	sed -n '/-----BEGIN /,/-----END /p' "$@"
@@ -23,7 +48,8 @@ function indent(){
 
 cat<<EOF
 ---
-QUAGGA_PASSWORD: $(pwgen -y 16)
+QUAGGA_PASSWORD: ${quagga_password}
+QUAGGA_KEY: ${quagga_key}
 ca_name: $1
 ca_cert: |
 $(indent "${ca_cert}")
@@ -35,4 +61,6 @@ key: |
 $(indent "${key}")
 ta_secret: |
 $(indent "${ta_secret}")
+dhparam: |
+$(onlycert "${dhparam}" | indent)
 EOF