Created
August 23, 2019 17:18
-
-
Save dharmab/5cfce41cdb6f3f5c64a3d045ff3bd2a2 to your computer and use it in GitHub Desktop.
ssh-rotate.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Rotates SSH private and public keys for DX clusters and uploads them to Vault. | |
| # Run from a directory containing the k8s-kubeconfig file. | |
| mkdir -p k8s_ssh | |
| rm -rf k8s_ssh/* | |
| for cluster in $(kubectl config get-contexts -o name | grep 'ethos1[134]'); do | |
| while IFS='-'; read -ra tokens <<< "$cluster"; do | |
| envionment="${tokens[1]}" | |
| adobe_region="${tokens[2]}" | |
| done | |
| if [[ "$adobe_region" =~ ^(va7|nld2|sgp5|aus5)$ ]]; then | |
| provider=azure | |
| elif [[ "$adobe_region" =~ ^(va6) ]]; then | |
| provider=aws | |
| elif [[ "$adobe_region" =~ ^(or1) ]]; then | |
| provider=datacenter | |
| else | |
| echo "Could not determine provider for $cluster!" | |
| exit 1 | |
| fi | |
| echo "Generating keys for $cluster..."; | |
| if ! ssh-keygen -t rsa -b 4096 -N '' -C "core@$cluster generated $(date +%Y-%m-%d)" -f "k8s_ssh/$cluster"; then | |
| echo "Failed to generate new keys for $cluster!" | |
| exit 1 | |
| fi | |
| echo "Uploading keys to Vault..." | |
| if ! vault write "ethos/data/k8s-ethos-config/$envionment/$provider/$cluster/ssh/private-key" "Value=@k8s_ssh/$cluster"; then | |
| echo "Failed to upload $cluster private key!" | |
| exit 1 | |
| fi | |
| if ! vault write "ethos/data/k8s-ethos-config/$envionment/$provider/$cluster/AuthorizedKey" "Value=@k8s_ssh/$cluster.pub"; then | |
| echo "Failed to upload $cluster public key!" | |
| exit 1 | |
| fi | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment