You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

refresh-NebulaCA 3.3 KiB

3 vuotta sitten
3 vuotta sitten
3 vuotta sitten
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133
  1. #!/bin/bash
  2. ######################################################
  3. # Name: refresh-NebulaCA
  4. # Description: Creates a new cert for a node based
  5. # on the node cert provided.
  6. #
  7. # Created By: HMSheets
  8. ######################################################
  9. # Try Catch Functions
  10. function try()
  11. {
  12. [[ $- = *e* ]]; SAVED_OPT_E=$?
  13. set +e
  14. }
  15. function throw()
  16. {
  17. exit $1
  18. }
  19. function catch()
  20. {
  21. export ex_code=$?
  22. (( $SAVED_OPT_E )) && set +e
  23. return $ex_code
  24. }
  25. function throwErrors()
  26. {
  27. set -e
  28. }
  29. function ignoreErrors()
  30. {
  31. set +e
  32. }
  33. # Parameter Eval Fuctions
  34. function invalid_args_msg () {
  35. echo "Invalid Parameter(s) Entered"
  36. exit
  37. }
  38. function help_msg () {
  39. echo "Usage of refresh-NebulaCA <flags>: refresh an existing nebula ca"
  40. echo " -n|--caname"
  41. echo " Name to use for the new CA. Used in the CA cert file and in the filename"
  42. echo " -r|--rootpath"
  43. echo " Root path of existing CA"
  44. echo " -f|--cafilename"
  45. echo " Filename of the existing CA"
  46. echo " -i|--issuer"
  47. echo " Name of the Org Issuing and authorizing the creation of the new Nebula CA"
  48. echo " -h|--help"
  49. echo " This help text, but you already knew that... right?!?!"
  50. exit
  51. }
  52. # Parameter Evaluation while loop
  53. POSITIONAL=()
  54. while [[ $# -gt 0 ]]
  55. do
  56. key="$1"
  57. case $key in
  58. -h|--help)
  59. help_msg
  60. ;;
  61. -n|--caname)
  62. CANAME="$2"
  63. shift # past argument
  64. shift # past value
  65. ;;
  66. -r|--rootpath)
  67. ROOTPATH="$2"
  68. shift # past argument
  69. shift # past value
  70. ;;
  71. -f|--cafilename)
  72. CAFILENAME="$2"
  73. shift # past argument
  74. shift # past value
  75. ;;
  76. # -k|--cakeyname)
  77. # CAKEYNAME="$2"
  78. # shift # past argument
  79. # shift # past value
  80. # ;;
  81. # -i|--issuer)
  82. # ISSUER="$2"
  83. # shift # past argument
  84. # shift # past value
  85. # ;;
  86. *) # unknown option
  87. invalid_args_msg #catch all
  88. ;;
  89. esac
  90. done
  91. set -- "${POSITIONAL[@]}" # restore positional parameters
  92. DATETIME=$(date '+%Y%m%d-%H%M%S')
  93. #CANAME=$(${ROOTPATH}/nebula-cert print -path ${ROOTPATH}/${NODECERTNAME} -json | jq -s .[].details.name | sed 's/["]//g')
  94. #CAIPS=$(${ROOTPATH}/nebula-cert print -path ${ROOTPATH}/${NODECERTNAME} -json | jq -s --compact-output .[].details.ips | sed 's/[]["]//g')
  95. #NODEGROUPS=$(${ROOTPATH}/nebula-cert print -path ${ROOTPATH}/${NODECERTNAME} -json | jq -s --compact-output .[].details.groups | sed 's/[]["]//g') # | sed 's/,/ /g'))
  96. CERTISCASTATUS=$(${ROOTPATH}/nebula-cert print -path ${ROOTPATH}/${CAFILENAME} -json | jq -s --compact-output .[].details.isCa)
  97. # Create new file name variable
  98. NEWFILENAME="${CANAME}_${DATETIME}"
  99. if [[ $CERTISCASTATUS == false ]]; then
  100. echo "Certificate is a Node Certificate. Try again by providing the CA Certificate."
  101. exit
  102. fi
  103. if [[ $CERTISCASTATUS == true ]]; then
  104. echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
  105. echo "Node Name: ${CANAME}"
  106. #echo "Node IPs: ${ISSUER}"
  107. #echo "Node Groups: ${NODEGROUPS[@]}"
  108. echo "Certificate isCa Status: ${CERTISCASTATUS}"
  109. echo "DateTime: ${DATETIME}"
  110. echo "NEWFILENAME: ${NEWFILENAME}"
  111. echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
  112. try
  113. (
  114. ${ROOTPATH}/nebula-cert sign -name ${CANAME} -out-crt ${ROOTPATH}/${NEWFILENAME}.crt -out-key ${ROOTPATH}/${NEWFILENAME}.key
  115. )
  116. catch || {
  117. help_msg
  118. }
  119. fi