Merge pull request hashicorp#221 from neechbear/master

Tidy up of setup/*.sh bash scripts
CatCassie · Jun 20, 2017 · 86c99d4 · 86c99d4
2 parents 1b2e336 + 2c4b4e7
commit 86c99d4
Show file tree

Hide file tree

Showing 2 changed files with 123 additions and 118 deletions.
diff --git a/setup/gen_cert.sh b/setup/gen_cert.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+
 set -e
 
 usage() {
@@ -38,94 +39,89 @@ EOF
   exit 1
 }
 
-if ! which openssl > /dev/null; then
-  echo
-  echo "ERROR: The openssl executable was not found. This script requires openssl."
-  echo
-  usage
-fi
-
-DOMAIN=$1
-
-if [ "x$DOMAIN" == "x" ]; then
-  echo
-  echo "ERROR: Specify base domain as the first argument, e.g. mycompany.com"
-  echo
-  usage
-fi
-
-COMPANY=$2
-
-if [ "x$COMPANY" == "x" ]; then
-  echo
-  echo "ERROR: Specify company as the third argument, e.g. HashiCorp"
-  echo
-  usage
-fi
-
-# Create a temporary build dir and make sure we clean it up. For
-# debugging, comment out the trap line.
-BUILDDIR=`mktemp -d /tmp/ssl-XXXXXX`
-trap "rm -rf $BUILDDIR" INT TERM EXIT
-
-echo "Creating site cert"
-
-OS=$(uname -s)
-BASE="site"
-CSR="${BASE}.csr"
-KEY="${BASE}.key"
-CRT="${BASE}.crt"
-SITESSLCONF=${BUILDDIR}/site_selfsigned_openssl.cnf
-
-cp openssl.cnf ${SITESSLCONF}
-(cat <<EOF
-[ alt_names ]
-DNS.1 = ${DOMAIN}
-DNS.2 = vault.${DOMAIN}
-DNS.3 = vpn.${DOMAIN}
-DNS.4 = nodejs.${DOMAIN}
-DNS.5 = haproxy.${DOMAIN}
-DNS.6 = private.haproxy.${DOMAIN}
+create_cert() {
+  local base="$1"
+  local domain="$2"
+  local company="$3"
+  local sslconf="$4"
+
+  echo "Creating $base cert"
+
+  local os="$(uname -s)"
+  local csr="${base}.csr"
+  local key="${base}.key"
+  local crt="${base}.crt"
+
+  # MinGW/MSYS issue: http://stackoverflow.com/questions/31506158/running-openssl-from-a-bash-script-on-windows-subject-does-not-start-with
+  local subj="/C=US/ST=California/L=San Francisco/O=${company}/OU=${base}/CN=${domain}"
+  if [[ "${os}" == "MINGW32"* || "${os}" == "MINGW64"* || "${os}" == "MSYS"* ]]; then
+    subj="//C=US\ST=California\L=San Francisco\O=${company}\OU=${base}\CN=${domain}"
+  fi
+
+  openssl genrsa -out "$key" 2048
+  openssl req -new -out "$csr" -key "$key" -subj "${subj}" -config "$sslconf"
+  openssl x509 -req -days 3650 -in "$csr" -signkey "$key" -out "$crt" -extensions v3_req -extfile "$sslconf"
+}
+
+main() {
+  local domain="$1"
+  local company="$2"
+
+  if ! which openssl > /dev/null; then
+    echo
+    echo "ERROR: The openssl executable was not found. This script requires openssl."
+    echo
+    usage
+  fi
+
+  if [[ -z "$domain" ]]; then
+    echo
+    echo "ERROR: Specify base domain as the first argument, e.g. mycompany.com"
+    echo
+    usage
+  fi
+
+  if [[ -z "$company" ]]; then
+    echo
+    echo "ERROR: Specify company as the third argument, e.g. HashiCorp"
+    echo
+    usage
+  fi
+
+  umask 277
+
+  # Create a temporary build dir and make sure we clean it up. For
+  # debugging, comment out the trap line.
+  local builddir="$(mktemp -d /tmp/ssl-XXXXXX)"
+  trap "rm -rf '$builddir'" INT TERM EXIT
+
+  local sslconf="${builddir}/site_selfsigned_openssl.cnf"
+  cp openssl.cnf "${sslconf}"
+  (cat <<EOF
+  [ alt_names ]
+  DNS.1 = ${domain}
+  DNS.2 = vault.${domain}
+  DNS.3 = vpn.${domain}
+  DNS.4 = nodejs.${domain}
+  DNS.5 = haproxy.${domain}
+  DNS.6 = private.haproxy.${domain}
 EOF
-) >> $SITESSLCONF
-
-# MinGW/MSYS issue: http://stackoverflow.com/questions/31506158/running-openssl-from-a-bash-script-on-windows-subject-does-not-start-with
-if [[ "${OS}" == "MINGW32"* || "${OS}" == "MINGW64"* || "${OS}" == "MSYS"* ]]; then
-  SUBJ="//C=US\ST=California\L=San Francisco\O=${COMPANY}\OU=${BASE}\CN=${DOMAIN}"
-else
-  SUBJ="/C=US/ST=California/L=San Francisco/O=${COMPANY}/OU=${BASE}/CN=${DOMAIN}"
-fi
-
-openssl genrsa -out $KEY 2048
-openssl req -new -out $CSR -key $KEY -subj "${SUBJ}" -config $SITESSLCONF
-openssl x509 -req -days 3650 -in $CSR -signkey $KEY -out $CRT -extensions v3_req -extfile $SITESSLCONF
-
-echo "Creating Vault cert"
-
-DOMAIN=consul
-BASE="vault"
-CSR="${BASE}.csr"
-KEY="${BASE}.key"
-CRT="${BASE}.crt"
-VAULTSSLCONF=${BUILDDIR}/vault_selfsigned_openssl.cnf
-
- cp openssl.cnf ${VAULTSSLCONF}
- (cat <<EOF
-[ alt_names ]
-DNS.1 = *.node.${DOMAIN}
-DNS.2 = *.service.${DOMAIN}
-IP.1 = 0.0.0.0
-IP.2 = 127.0.0.1
+  ) >> "$sslconf"
+  create_cert "site" "$domain" "$company" "$sslconf"
+
+  domain="consul"
+  sslconf=${builddir}/vault_selfsigned_openssl.cnf
+  cp openssl.cnf "${sslconf}"
+  (cat <<EOF
+  [ alt_names ]
+  DNS.1 = *.node.${domain}
+  DNS.2 = *.service.${domain}
+  IP.1 = 0.0.0.0
+  IP.2 = 127.0.0.1
 EOF
-) >> $VAULTSSLCONF
-
-# MinGW/MSYS issue: http://stackoverflow.com/questions/31506158/running-openssl-from-a-bash-script-on-windows-subject-does-not-start-with
-if [[ "${OS}" == "MINGW32"* || "${OS}" == "MINGW64"* || "${OS}" == "MSYS"* ]]; then
-  SUBJ="//C=US\ST=California\L=San Francisco\O=${COMPANY}\OU=${BASE}\CN=*.${DOMAIN}"
-else
-  SUBJ="/C=US/ST=California/L=San Francisco/O=${COMPANY}/OU=${BASE}/CN=*.${DOMAIN}"
-fi
-
-openssl genrsa -out $KEY 2048
-openssl req -new -out $CSR -key $KEY -subj "${SUBJ}" -config $VAULTSSLCONF
-openssl x509 -req -days 3650 -in $CSR -signkey $KEY -out $CRT -extensions v3_req -extfile $VAULTSSLCONF
+  ) >> "$sslconf"
+  create_cert "vault" "$domain" "$company" "$sslconf"
+}
+
+main "$@"
+
diff --git a/setup/gen_key.sh b/setup/gen_key.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+
 set -e
 
 usage() {
@@ -7,44 +8,52 @@ Generate a SSL keys
 
 Usage:
 
-  $0 <ENVIRONMENT> **<EXISTING_KEY>**
+  $0 <ENVIRONMENT> [EXISTING KEY]
 
-Where ENVIRONMENT is the Atlas Environment specified in terraform.tfvars. There is an optional second argument you can include that uses an existing private key.
+Where ENVIRONMENT is the Atlas Environment specified in terraform.tfvars. There
+is an optional second argument you can include that uses an existing private
+key.
 
-This will generate a .pem private key and a .pub public key in the directory specified.
+This will generate a .pem private key and a .pub public key in the directory
+specified.
 EOF
-
-  exit 1
 }
 
-ENVIRONMENT=$1
+main() {
+  local environment="$1"
+  local existingkey="$2"
+  local key="$environment"
 
-if [ "x$ENVIRONMENT" == "x" ]; then
-  echo
-  echo "ERROR: Specify environment as the second argument, e.g. aws-us-east-1-prod"
-  echo
-  usage
-fi
+  if [[ -z "$environment" || $# -eq 0 ]]; then
+    printf "ERROR: Specify environment as the second argument, e.g. aws-us-east-1-prod\n\n" >&2
+    usage
+    exit 1
+  fi
+
+  if [[ -s "$key.pem" && -s "$key.pub" && -z "$existingkey" ]]; then
+    echo "Using existing key pair"
+    return 0
+  fi
 
-EXISTINGKEY=$2
-KEY=$ENVIRONMENT
+  umask 277
 
-if [ -s "$KEY.pem" ] && [ -s "$KEY.pub" ] && [ -z "$EXISTINGKEY" ]; then
-  echo Using existing key pair
-else
-  rm -rf $KEY*
+  if [[ -z "$existingkey" ]]; then
+    echo "No key pair exists and no private key arg was passed, generating new keys..."
+    rm -f "${key}.pem"
+    openssl genrsa -out "$key.pem" 1024
+
+  elif [[ -s "$existingkey" ]]; then
+    echo "Using private key $existingkey for key pair..."
+    cp "$existingkey" "$key.pem"
 
-  if [ -z "$EXISTINGKEY" ]; then
-    echo No key pair exists and no private key arg was passed, generating new keys...
-    openssl genrsa -out $KEY.pem 1024
-    chmod 400 $KEY.pem
-    ssh-keygen -y -f $KEY.pem > $KEY.pub
   else
-    echo Using private key $EXISTINGKEY for key pair...
-    cp $EXISTINGKEY $KEY.pem
-    chmod 400 $KEY.pem
-    ssh-keygen -y -f $KEY.pem > $KEY.pub
+    echo "ERROR: Missing or empty existing private key $existingkey!"
+    exit 1
   fi
 
-  ssh-add $KEY.pem
-fi
+  rm -f "${key}.pub"
+  ssh-keygen -y -f "$key.pem" > "$key.pub"
+}
+
+main "$@"
+