31 lines
953 B
Bash
Executable File
31 lines
953 B
Bash
Executable File
#!/bin/bash
|
|
|
|
# Author: Landon Dyck
|
|
# Nebula CAs expire, and creating a new one is a hassle. This creates a new CA certificate,
|
|
# then recreates each certificate for the hosts in ansible/group_vars/nebula.yml. Once
|
|
# the new certificates are deployed, the old ones cannot be used. Caution should be taken
|
|
# to avoid breaking the network.
|
|
#
|
|
# Usage: $ ./nebula_new_ca.sh
|
|
|
|
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
|
create_cert="$SCRIPT_DIR/nebula_cert.sh"
|
|
$SCRIPT_DIR/unlock.sh
|
|
|
|
ca_key=ansible/roles/nebula/files/ca.key
|
|
ca_crt=ansible/roles/nebula/files/ca.crt
|
|
|
|
nebula-cert ca \
|
|
-duration 26280h \
|
|
-name 'Code Monkey Software LLC' \
|
|
-out-crt $ca_crt \
|
|
-out-key $ca_key
|
|
|
|
|
|
NEBULA_CLIENTS=$(yq '.nebula.clients | keys' ansible/group_vars/all/nebula.yml -o c | tr "," "\n")
|
|
|
|
for client in $NEBULA_CLIENTS
|
|
do
|
|
ip=$(yq ".nebula.clients.$client.ip" ansible/group_vars/all/nebula.yml)
|
|
$create_cert $ip $client
|
|
done |