diff options
author | tv <tv@shackspace.de> | 2015-07-10 21:27:41 +0200 |
---|---|---|
committer | tv <tv@shackspace.de> | 2015-07-10 21:27:41 +0200 |
commit | 472ed787be6734f6c83e8648330808654787d451 (patch) | |
tree | 93fe66bdfecb6288f5015864fbfeceddc866c5ef | |
parent | fe7f9a1f3187d2558a9269f8b0abfb89ba5981c9 (diff) |
make rotate-consul-encrypt
-rw-r--r-- | Makefile | 22 |
1 files changed, 22 insertions, 0 deletions
@@ -14,6 +14,8 @@ hosts := $($(cluster)-cluster) ifeq ($(hosts),) $(error bad cluster: $(cluster)) else +.ONESHELL: + .PHONY: deploy $(addprefix deploy-,$(hosts)) deploy: exec parallel \ @@ -23,4 +25,24 @@ deploy: --tagstring '{u}' \ --line-buffer \ $(MAKE) deploy-{} ::: $(hosts) + +.PHONY: rotate-consul-encrypt +rotate-consul-encrypt: + umask 0377 + mkencrypt() { dd status=none if=/dev/random bs=1 count=16 | base64; } + json=$$(printf '{"encrypt":"%s"}\n' $$(mkencrypt)) + cmd=' + f=secrets/{}/rsync/etc/consul/encrypt.json + rm -f "$$f" + echo "$$json" > "$$f" + ' + export json + exec parallel \ + -j 0 \ + --no-notice \ + --rpl '{u} s/^.* deploy-(.*)/\1/' \ + --tagstring '{u}' \ + --line-buffer \ + --quote \ + sh -eufc "$$cmd" ::: $(hosts) endif |