Last active
April 11, 2017 10:30
-
-
Save agadelshin/0fd658f8c7ea19dd7e93e49493b34df7 to your computer and use it in GitHub Desktop.
Generate private key and sign on puppetserver
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -e | |
| # Mandatory variables | |
| if [ -z ${FQDN+x} ]; then | |
| echo "\$FQDN is unset" | |
| exit 1 | |
| fi | |
| if [ -z ${PUPPETMASTER+x} ]; then | |
| echo "\$PUPPETMASTER is unset" | |
| exit 1 | |
| fi | |
| # Optional variables | |
| COUNTRY=${COUNTRY:-"BY"} | |
| STATE=${STATE:-"Minsk"} | |
| CITY=${CITY:-"Minsk"} | |
| ORGNAME=${ORGNAME:-"EXAMPLE Ltd"} | |
| ORGUNIT=${ORGUNIT:-"WGDP"} | |
| EMAIL=${EMAIL:-"[email protected]"} | |
| PASSWORD=${PASSWORD:-""} | |
| OPTIONALNAME=${OPTIONALNAME:-""} | |
| PUPPETMASTERPORT=${PUPPETMASTERPORT:-"8140"} | |
| CERTPATH=${CERTPATH:-"."} | |
| if [ ! -d ${CERTPATH} ]; then | |
| mkdir -p ${CERTPATH} | |
| fi | |
| MASTERURL="https://${PUPPETMASTER}:${PUPPETMASTERPORT}" | |
| ALREADY_SIGNED=$(curl -s -o /dev/null -w "%{http_code}" ${MASTERURL}/puppet-ca/v1/certificate/${FQDN}) | |
| if [ "${ALREADY_SIGNED}" = "200" ]; then | |
| echo -e "${FQDN} already signed on ${MASTERURL}" | |
| exit 0 | |
| fi | |
| REQUEST_EXISTS=$(curl -s -o /dev/null -w "%{http_code}" ${MASTERURL}/puppet-ca/v1/certificate_request/${FQDN}) | |
| if [ "${REQUEST_EXISTS}" = "200" ]; then | |
| echo -e "${FQDN} signing request exists on ${MASTERURL}" | |
| exit 0 | |
| fi | |
| if [ -f ${CERTPATH}/${FQDN}.key ]; then | |
| echo -e "Private key already exists at ${CERTPATH}/${FQDN}.key" | |
| exit 0 | |
| fi | |
| # Generate private key file | |
| openssl genrsa -out ${CERTPATH}/${FQDN}.key 2048 > /dev/null 2>&1 | |
| # Create certificate signing request | |
| echo -e "Generate certificate signing request" | |
| CSRSTRING="${COUNTRY}\n${STATE}\n${CITY}\n${ORGNAME}\n${ORGUNIT}\n${FQDN}\n${EMAIL}\n${PASSWORD}\n${OPTIONALNAME}\n" | |
| echo -e ${CSRSTRING} | openssl req -new -sha256 -key ${CERTPATH}/${FQDN}.key -out ${CERTPATH}/${FQDN}.csr > /dev/null 2>&1 | |
| # Sign certificate on Puppet CA | |
| echo -e "PUT certificate signing request" | |
| curl -sS -k -X PUT -H "Content-Type: text/plain" ${MASTERURL}/puppet-ca/v1/certificate_request/${FQDN} --data-binary @${CERTPATH}/${FQDN}.csr > /dev/null | |
| # Get certificate from Puppet CA | |
| echo -e "Saving cert to ${FQDN}.cert" | |
| curl -sS -k -X GET ${MASTERURL}/puppet-ca/v1/certificate/${FQDN} -o ${CERTPATH}/${FQDN}.cert > /dev/null | |
| # Get CA certificate from Puppet | |
| echo -e "Saving puppet master ca certificate to ca.crt" | |
| curl -sS -k -X GET ${MASTERURL}/puppet-ca/v1/certificate/ca -o ${CERTPATH}/ca.crt |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment