diff options
author | tv <tv@krebsco.de> | 2015-07-10 21:27:41 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2015-07-10 21:27:41 +0200 |
commit | af99818f8314cdfad69cc2efbfcdf33844dc76a1 (patch) | |
tree | 47a54a67b1163dd79174c847b1362a8a66b69fff | |
parent | ddbae50486682115ddaa6ba9cacfbd721c034472 (diff) |
make rotate-consul-encrypt
-rw-r--r-- | Makefile | 22 |
1 files changed, 22 insertions, 0 deletions
@@ -14,6 +14,8 @@ hosts := $($(cluster)-cluster) ifeq ($(hosts),) $(error bad cluster: $(cluster)) else +.ONESHELL: + .PHONY: deploy $(addprefix deploy-,$(hosts)) deploy: exec parallel \ @@ -23,4 +25,24 @@ deploy: --tagstring '{u}' \ --line-buffer \ $(MAKE) deploy-{} ::: $(hosts) + +.PHONY: rotate-consul-encrypt +rotate-consul-encrypt: + umask 0377 + mkencrypt() { dd status=none if=/dev/random bs=1 count=16 | base64; } + json=$$(printf '{"encrypt":"%s"}\n' $$(mkencrypt)) + cmd=' + f=secrets/{}/rsync/etc/consul/encrypt.json + rm -f "$$f" + echo "$$json" > "$$f" + ' + export json + exec parallel \ + -j 0 \ + --no-notice \ + --rpl '{u} s/^.* deploy-(.*)/\1/' \ + --tagstring '{u}' \ + --line-buffer \ + --quote \ + sh -eufc "$$cmd" ::: $(hosts) endif |