make rotate-consul-encrypt

author: tv <tv@shackspace.de> 2015-07-10 21:27:41 +0200
committer: tv <tv@shackspace.de> 2015-07-10 21:27:41 +0200
commit: 472ed787be6734f6c83e8648330808654787d451 (patch)
tree: 93fe66bdfecb6288f5015864fbfeceddc866c5ef
parent: fe7f9a1f3187d2558a9269f8b0abfb89ba5981c9 (diff)
1 files changed, 22 insertions, 0 deletions
diff --git a/Makefile b/Makefile
index cab9f8079..154fb7a8e 100644
--- a/Makefile
+++ b/Makefile
@@ -14,6 +14,8 @@ hosts := $($(cluster)-cluster)
 ifeq ($(hosts),)
 $(error bad cluster: $(cluster))
 else
+.ONESHELL:
+
 .PHONY: deploy $(addprefix deploy-,$(hosts))
 deploy:
 	exec parallel \
@@ -23,4 +25,24 @@ deploy:
 		--tagstring '{u}' \
 		--line-buffer \
 		$(MAKE) deploy-{} ::: $(hosts)
+
+.PHONY: rotate-consul-encrypt
+rotate-consul-encrypt:
+	umask 0377
+	mkencrypt() { dd status=none if=/dev/random bs=1 count=16 | base64; }
+	json=$$(printf '{"encrypt":"%s"}\n' $$(mkencrypt))
+	cmd='
+		f=secrets/{}/rsync/etc/consul/encrypt.json
+		rm -f "$$f"
+		echo "$$json" > "$$f"
+	'
+	export json
+	exec parallel \
+		-j 0 \
+		--no-notice \
+		--rpl '{u} s/^.* deploy-(.*)/\1/' \
+		--tagstring '{u}' \
+		--line-buffer \
+		--quote \
+		sh -eufc "$$cmd" ::: $(hosts)
 endif
author	tv <tv@shackspace.de>	2015-07-10 21:27:41 +0200
committer	tv <tv@shackspace.de>	2015-07-10 21:27:41 +0200
commit	472ed787be6734f6c83e8648330808654787d451 (patch)
tree	93fe66bdfecb6288f5015864fbfeceddc866c5ef
parent	fe7f9a1f3187d2558a9269f8b0abfb89ba5981c9 (diff)