Add salt-keydiff.sh

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
This commit is contained in:
Georg Pfuetzenreuter 2023-01-16 08:22:36 +01:00
parent 926b11aea9
commit f82e6ba06d
Signed by: Georg
GPG Key ID: 1ED2F138E7E6FF57

32
scripts/sh/salt-keydiff.sh Executable file
View File

@ -0,0 +1,32 @@
#!/bin/sh
# Simple way to ensure a Salt minion's key matches before accepting it
# Run `salt-call --local key.finger` on the minion and paste the output once prompted (this script should be run on the Salt master)
# Georg Pfuetzenreuter <georg@lysergic.dev>
set -Ceu
minion="${1:-null}"
NOCOLOR=`tput sgr0`
if [ "$minion" = 'null' ]
then
printf 'Please specify the minion to diff on\n'
exit 1
fi
key_salt=`salt-key --out json -f "$minion" | jq --arg minion "$minion" -r '.minions_pre[$minion]'`
printf 'Enter fingerprint to diff against\n'
read key_user
if [ "$key_salt" = "$key_user" ]
then
GREEN=`tput setaf 2`
printf '%sMatches%s\n' "$GREEN" "$NOCOLOR"
salt-key -a "$minion"
elif [ ! "$key_salt" = "$key_user" ]
then
RED=`tput setaf 1`
printf '%sMismatch%s\n' "$RED" "$NOCOLOR"
exit 2
fi