make rotate-consul-encrypt
This commit is contained in:
parent
fe7f9a1f31
commit
472ed787be
22
Makefile
22
Makefile
@ -14,6 +14,8 @@ hosts := $($(cluster)-cluster)
|
||||
ifeq ($(hosts),)
|
||||
$(error bad cluster: $(cluster))
|
||||
else
|
||||
.ONESHELL:
|
||||
|
||||
.PHONY: deploy $(addprefix deploy-,$(hosts))
|
||||
deploy:
|
||||
exec parallel \
|
||||
@ -23,4 +25,24 @@ deploy:
|
||||
--tagstring '{u}' \
|
||||
--line-buffer \
|
||||
$(MAKE) deploy-{} ::: $(hosts)
|
||||
|
||||
.PHONY: rotate-consul-encrypt
|
||||
rotate-consul-encrypt:
|
||||
umask 0377
|
||||
mkencrypt() { dd status=none if=/dev/random bs=1 count=16 | base64; }
|
||||
json=$$(printf '{"encrypt":"%s"}\n' $$(mkencrypt))
|
||||
cmd='
|
||||
f=secrets/{}/rsync/etc/consul/encrypt.json
|
||||
rm -f "$$f"
|
||||
echo "$$json" > "$$f"
|
||||
'
|
||||
export json
|
||||
exec parallel \
|
||||
-j 0 \
|
||||
--no-notice \
|
||||
--rpl '{u} s/^.* deploy-(.*)/\1/' \
|
||||
--tagstring '{u}' \
|
||||
--line-buffer \
|
||||
--quote \
|
||||
sh -eufc "$$cmd" ::: $(hosts)
|
||||
endif
|
||||
|
Loading…
Reference in New Issue
Block a user