coccolesto/vinit.sh

## vinit.sh
#!/bin/bash
#
#
set -e

VAULTS=`juju status |grep vault/ | awk '{print $5}'`
echo vault units: $VAULTS

do_status ()  {
	for VAULT_IP in $VAULTS
	do
        	export VAULT_ADDR="http://$VAULT_IP:8200"
        	echo "getting vault $VAULT_IP status..."
        	vault status
	done
}

do_unseal () {
	echo "unseal ..."
	local vault_unseal_key_file=$1
	echo "unsealing from file: "$vault_unseal_key_file
	local unseal_key1=`grep "Unseal Key 1" $vault_unseal_key_file |awk '{print $4}'`
	local unseal_key2=`grep "Unseal Key 2" $vault_unseal_key_file |awk '{print $4}'`
	local unseal_key3=`grep "Unseal Key 3" $vault_unseal_key_file |awk '{print $4}'`

	for VAULT_IP in $VAULTS
	do
		export VAULT_ADDR="http://"$VAULT_IP":8200"
		vault operator unseal $unseal_key1
		vault operator unseal $unseal_key2
		vault operator unseal $unseal_key3
	done
	echo "unseal done."
}

do_authorize(){
	echo "vault authorize..."
	local VAULT_IP=`juju status |grep -m 1 vault/ | awk '{print $5}'`
	export VAULT_ADDR="http://"$VAULT_IP":8200"
	export VAULT_TOKEN=`grep "Initial Root Token" $1 |awk '{print $4}'`
	local token_file="$2-vault_token.txt"
	vault token create -ttl=10m >$token_file
	echo "vault token: "$token_file
	cat $token_file
	local token=`grep -m 1 token $token_file |awk '{print $2}'`
	echo "authorize token $token"
	juju run vault/leader authorize-charm token=$token
	echo "authorize token done."
}

do_ca () {
	echo "vault generating root ca..."
	local rootca_file="$1-root-ca.crt"
	echo "generating root-ca..."
	juju run vault/leader generate-root-ca | sed -e 's/^ *//g' >$rootca_file
	cat $rootca_file
	rm root-ca.crt
	ln -s $rootca_file root-ca.crt
	echo "done."
}
do_init () {
	echo "vault init..."
	local VAULT_IP=`juju status |grep -m 1 vault/ | awk '{print $5}'`
	export VAULT_ADDR="http://"$VAULT_IP":8200"
	local UUID=`uuid`

	if [ $#  -eq 2 ]; then
		UUID=$1
		local vault_unseal_key_file="$UUID-vault-unsealkeys.txt"
	 else
		local vault_unseal_key_file="$UUID-vault-unsealkeys.txt"
		vault operator init -key-shares=5 -key-threshold=3 >$vault_unseal_key_file
		echo "vault init done."
		echo VAULT_ADDR=$VAULT_ADDR >>$vault_unseal_key_file
		echo "unseal file: " $vault_unseal_key_file
		cat $vault_unseal_key_file
	fi
	do_unseal $vault_unseal_key_file
	do_authorize $vault_unseal_key_file $UUID
	do_ca $UUID
	do_status
}

case $1 in

  "status")
    do_status
    ;;
  "unseal")
    do_unseal $2
    ;;
  "init")
	  if [ $# -eq 3 ]; then
    		do_init $2
	else
		do_init
	  fi
    ;;
  "do_ca")
          # $2 uuid
    do_ca $2
    ;;
  "authorize")
	  # $2 unseal_key_file
	  # $3 uuid
    do_authorize $2 $3
    ;;
  "root_ca")
	sed -e 's/^ *//g' $2  >root-ca.crt
	cp root-ca.crt $2
	rm -f root-ca.crt
	ln -s $2 root-ca.crt
	cat root-ca.crt
	echo "done."
    ;;
  *)
    echo "usage vinit.sh status|unseal file_key|init|root_ca|authorize"
    ;;

esac
	#!/bin/bash
	#
	#
	set -e

	VAULTS=`juju status \|grep vault/ \| awk '{print $5}'`
	echo vault units: $VAULTS

	do_status () {
	for VAULT_IP in $VAULTS
	do
	export VAULT_ADDR="http://$VAULT_IP:8200"
	echo "getting vault $VAULT_IP status..."
	vault status
	done
	}

	do_unseal () {
	echo "unseal ..."
	local vault_unseal_key_file=$1
	echo "unsealing from file: "$vault_unseal_key_file
	local unseal_key1=`grep "Unseal Key 1" $vault_unseal_key_file \|awk '{print $4}'`
	local unseal_key2=`grep "Unseal Key 2" $vault_unseal_key_file \|awk '{print $4}'`
	local unseal_key3=`grep "Unseal Key 3" $vault_unseal_key_file \|awk '{print $4}'`

	for VAULT_IP in $VAULTS
	do
	export VAULT_ADDR="http://"$VAULT_IP":8200"
	vault operator unseal $unseal_key1
	vault operator unseal $unseal_key2
	vault operator unseal $unseal_key3
	done
	echo "unseal done."
	}

	do_authorize(){
	echo "vault authorize..."
	local VAULT_IP=`juju status \|grep -m 1 vault/ \| awk '{print $5}'`
	export VAULT_ADDR="http://"$VAULT_IP":8200"
	export VAULT_TOKEN=`grep "Initial Root Token" $1 \|awk '{print $4}'`
	local token_file="$2-vault_token.txt"
	vault token create -ttl=10m >$token_file
	echo "vault token: "$token_file
	cat $token_file
	local token=`grep -m 1 token $token_file \|awk '{print $2}'`
	echo "authorize token $token"
	juju run vault/leader authorize-charm token=$token
	echo "authorize token done."
	}

	do_ca () {
	echo "vault generating root ca..."
	local rootca_file="$1-root-ca.crt"
	echo "generating root-ca..."
	juju run vault/leader generate-root-ca \| sed -e 's/^ *//g' >$rootca_file
	cat $rootca_file
	rm root-ca.crt
	ln -s $rootca_file root-ca.crt
	echo "done."
	}
	do_init () {
	echo "vault init..."
	local VAULT_IP=`juju status \|grep -m 1 vault/ \| awk '{print $5}'`
	export VAULT_ADDR="http://"$VAULT_IP":8200"
	local UUID=`uuid`

	if [ $# -eq 2 ]; then
	UUID=$1
	local vault_unseal_key_file="$UUID-vault-unsealkeys.txt"
	else
	local vault_unseal_key_file="$UUID-vault-unsealkeys.txt"
	vault operator init -key-shares=5 -key-threshold=3 >$vault_unseal_key_file
	echo "vault init done."
	echo VAULT_ADDR=$VAULT_ADDR >>$vault_unseal_key_file
	echo "unseal file: " $vault_unseal_key_file
	cat $vault_unseal_key_file
	fi
	do_unseal $vault_unseal_key_file
	do_authorize $vault_unseal_key_file $UUID
	do_ca $UUID
	do_status
	}

	case $1 in

	"status")
	do_status
	;;
	"unseal")
	do_unseal $2
	;;
	"init")
	if [ $# -eq 3 ]; then
	do_init $2
	else
	do_init
	fi
	;;
	"do_ca")
	# $2 uuid
	do_ca $2
	;;
	"authorize")
	# $2 unseal_key_file
	# $3 uuid
	do_authorize $2 $3
	;;
	"root_ca")
	sed -e 's/^ *//g' $2 >root-ca.crt
	cp root-ca.crt $2
	rm -f root-ca.crt
	ln -s $2 root-ca.crt
	cat root-ca.crt
	echo "done."
	;;
	*)
	echo "usage vinit.sh status\|unseal file_key\|init\|root_ca\|authorize"
	;;

	esac
No results found