forked from LibertaCasa/salt-keydiff
Support multi-master
Read an optional configuration file to accept keys on a secondary master. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
This commit is contained in:
parent
a2dc671441
commit
0b644b6f7b
@ -12,9 +12,12 @@
|
|||||||
|
|
||||||
set -Ceu
|
set -Ceu
|
||||||
|
|
||||||
|
config='/etc/salt-scriptconfig'
|
||||||
|
partner='null'
|
||||||
minion="${1:-null}"
|
minion="${1:-null}"
|
||||||
key_user="${2:-null}"
|
key_user="${2:-null}"
|
||||||
NOCOLOR="$(tput sgr0)"
|
NOCOLOR="$(tput sgr0)"
|
||||||
|
exco=0
|
||||||
|
|
||||||
if ! command -v jq >/dev/null || ! command -v salt-key >/dev/null
|
if ! command -v jq >/dev/null || ! command -v salt-key >/dev/null
|
||||||
then
|
then
|
||||||
@ -22,6 +25,16 @@ then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -f "$config" ]
|
||||||
|
then
|
||||||
|
# shellcheck source=/dev/null
|
||||||
|
. "$config"
|
||||||
|
if [ ! "$partner" = 'null' ]
|
||||||
|
then
|
||||||
|
ssh_key="${ssh_key:?Configuration option 'partner' requires 'ssh_key'}"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
if [ "$minion" = 'null' ]
|
if [ "$minion" = 'null' ]
|
||||||
then
|
then
|
||||||
printf 'Please specify the minion to diff against.\n'
|
printf 'Please specify the minion to diff against.\n'
|
||||||
@ -36,8 +49,20 @@ then
|
|||||||
exit 2
|
exit 2
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ ! "$partner" = 'null' ]
|
||||||
|
then
|
||||||
|
key_salt_remote="$(ssh -qi "$ssh_key" "$partner" salt-key --out json -f "$minion" | jq --arg minion "$minion" -r '.minions_pre[$minion]')"
|
||||||
|
|
||||||
|
if [ ! "$key_salt" = "$key_salt_remote" ]
|
||||||
|
then
|
||||||
|
printf 'Local and remote keys do not match, bailing out.\n'
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
if [ "$key_user" = 'null' ]
|
if [ "$key_user" = 'null' ]
|
||||||
then
|
then
|
||||||
|
# shellcheck disable=SC2016
|
||||||
printf 'Enter fingerprint to diff against (run `salt-call --local key.finger` on the minion)\n'
|
printf 'Enter fingerprint to diff against (run `salt-call --local key.finger` on the minion)\n'
|
||||||
read -r key_user
|
read -r key_user
|
||||||
fi
|
fi
|
||||||
@ -46,10 +71,37 @@ if [ "$key_salt" = "$key_user" ]
|
|||||||
then
|
then
|
||||||
GREEN="$(tput setaf 2)"
|
GREEN="$(tput setaf 2)"
|
||||||
printf '%sMatches%s\n' "$GREEN" "$NOCOLOR"
|
printf '%sMatches%s\n' "$GREEN" "$NOCOLOR"
|
||||||
salt-key --out=yaml -a "$minion"
|
printf 'Accept? (y/n)\n'
|
||||||
|
read -r answer
|
||||||
|
if [ "$answer" = 'y' ]
|
||||||
|
then
|
||||||
|
if salt-key --out=quiet -yqa "$minion" >/dev/null
|
||||||
|
then
|
||||||
|
printf 'Accepted on local master\n'
|
||||||
|
else
|
||||||
|
printf 'Failed to accept key on local master\n'
|
||||||
|
exco=1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! "$partner" = 'null' ]
|
||||||
|
then
|
||||||
|
if ssh -qi "$ssh_key" "$partner" salt-key --out=quiet -yqa "$minion" >/dev/null
|
||||||
|
then
|
||||||
|
printf 'Accepted on remote master\n'
|
||||||
|
else
|
||||||
|
printf 'Failed to accept key on remote master\n'
|
||||||
|
exco=1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
printf 'Bye\n'
|
||||||
|
exco=2
|
||||||
|
fi
|
||||||
elif [ ! "$key_salt" = "$key_user" ]
|
elif [ ! "$key_salt" = "$key_user" ]
|
||||||
then
|
then
|
||||||
RED="$(tput setaf 1)"
|
RED="$(tput setaf 1)"
|
||||||
printf '%sMismatch%s\n' "$RED" "$NOCOLOR"
|
printf '%sMismatch%s\n' "$RED" "$NOCOLOR"
|
||||||
exit 2
|
exco=2
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
exit "$exco"
|
||||||
|
Loading…
Reference in New Issue
Block a user