summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2015-07-10 21:27:41 +0200
committertv <tv@krebsco.de>2015-07-10 21:27:41 +0200
commitaf99818f8314cdfad69cc2efbfcdf33844dc76a1 (patch)
tree47a54a67b1163dd79174c847b1362a8a66b69fff
parentddbae50486682115ddaa6ba9cacfbd721c034472 (diff)
make rotate-consul-encrypt
-rw-r--r--Makefile22
1 files changed, 22 insertions, 0 deletions
diff --git a/Makefile b/Makefile
index cab9f80..154fb7a 100644
--- a/Makefile
+++ b/Makefile
@@ -14,6 +14,8 @@ hosts := $($(cluster)-cluster)
ifeq ($(hosts),)
$(error bad cluster: $(cluster))
else
+.ONESHELL:
+
.PHONY: deploy $(addprefix deploy-,$(hosts))
deploy:
exec parallel \
@@ -23,4 +25,24 @@ deploy:
--tagstring '{u}' \
--line-buffer \
$(MAKE) deploy-{} ::: $(hosts)
+
+.PHONY: rotate-consul-encrypt
+rotate-consul-encrypt:
+ umask 0377
+ mkencrypt() { dd status=none if=/dev/random bs=1 count=16 | base64; }
+ json=$$(printf '{"encrypt":"%s"}\n' $$(mkencrypt))
+ cmd='
+ f=secrets/{}/rsync/etc/consul/encrypt.json
+ rm -f "$$f"
+ echo "$$json" > "$$f"
+ '
+ export json
+ exec parallel \
+ -j 0 \
+ --no-notice \
+ --rpl '{u} s/^.* deploy-(.*)/\1/' \
+ --tagstring '{u}' \
+ --line-buffer \
+ --quote \
+ sh -eufc "$$cmd" ::: $(hosts)
endif