From fe4714733b73a7ced6fa49d0260d8befa206e008 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Filip=20Str=C3=B6mb=C3=A4ck?= <filip.stromback@liu.se>
Date: Wed, 4 Oct 2023 13:55:42 +0200
Subject: [PATCH] Added public key for secrets in Puppet.
---
apply.sh | 14 --------------
git-merge-push-production.sh | 11 -----------
puppet.sh | 3 ---
scripts/eyaml_encrypt.sh | 3 +++
scripts/puppet_public_key.pkcs7.pem | 18 ++++++++++++++++++
scripts/update_now.sh | 3 +++
validate.sh | 14 --------------
7 files changed, 24 insertions(+), 42 deletions(-)
delete mode 100755 apply.sh
delete mode 100755 git-merge-push-production.sh
delete mode 100755 puppet.sh
create mode 100644 scripts/eyaml_encrypt.sh
create mode 100644 scripts/puppet_public_key.pkcs7.pem
create mode 100644 scripts/update_now.sh
delete mode 100755 validate.sh
diff --git a/apply.sh b/apply.sh
deleted file mode 100755
index f281202..0000000
--- a/apply.sh
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/bash
-
-modulepath="$(pwd)/.."
-
-set -x
-
-puppet parser validate --strict_variables --modulepath="$modulepath" manifests/
-
-for file in $*
-do
- class=$(basename $file .pp)
- # Sudo is needed for modules that do something with yum for example.
- sudo /opt/puppetlabs/bin/puppet apply --test --modulepath="$modulepath" -e "include aes::$class"
-done
diff --git a/git-merge-push-production.sh b/git-merge-push-production.sh
deleted file mode 100755
index 8846ad7..0000000
--- a/git-merge-push-production.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-
-git_cmds=("checkout production" "merge devel" "push" "checkout devel")
-
-for cmd in "${git_cmds[@]}"
-do
- if ! git $cmd
- then
- exit $?
- fi
-done
diff --git a/puppet.sh b/puppet.sh
deleted file mode 100755
index 592eaaf..0000000
--- a/puppet.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/bash
-
-exec sudo /opt/puppetlabs/bin/puppet $*
diff --git a/scripts/eyaml_encrypt.sh b/scripts/eyaml_encrypt.sh
new file mode 100644
index 0000000..6923503
--- /dev/null
+++ b/scripts/eyaml_encrypt.sh
@@ -0,0 +1,3 @@
+#! /bin/sh -eu
+
+exec eyaml encrypt --pkcs7-public-key "puppet_public_key.pkcs7.pem" "$@"
diff --git a/scripts/puppet_public_key.pkcs7.pem b/scripts/puppet_public_key.pkcs7.pem
new file mode 100644
index 0000000..48e5ee4
--- /dev/null
+++ b/scripts/puppet_public_key.pkcs7.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2TCCAcGgAwIBAgIBATANBgkqhkiG9w0BAQUFADAAMCAXDTE1MDYwMzA5MDUx
+MloYDzIwNjUwNTIxMDkwNTEyWjAAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAwh8REuonjpax1B3egJEHQ6FnrVPEhS8P1PftDVFlYrlpiualq2RX8ynz
+ZRigwRYqrFFpPJNooK1gXaFttpAMffUM7mFVPdXC3Tg4nihYncOOxGT3GqrbC7Oa
+GfXeUoEI7PIbRJhmcH/fJLLcsYrdIYyqferTgBGlVKbK2dSpqL9FGQCigcrmbalh
+3ZpIKKfmejZELNHY/7Mun1Gseoin5yuYMTGzI9xEmxBIEQzKpIJWrgvyfPs80ch3
+WTjufePl0PqlaVLKR8qk6H23LQMw0DcBjN+Dm1wG7kWIBK4CxHN7TSHPebiEwutH
+UG56w+2HKuf0J/loYRSQklcmlogNJQIDAQABo1wwWjAPBgNVHRMBAf8EBTADAQH/
+MB0GA1UdDgQWBBTvBDJEU5YW0kgqu2YI0HVwNchshDAoBgNVHSMEITAfgBTvBDJE
+U5YW0kgqu2YI0HVwNchshKEEpAIwAIIBATANBgkqhkiG9w0BAQUFAAOCAQEAdA8j
+RGF2rFXrGeOzurP6/1G1Yvi3adN9Adxnhe0ZKCYfsCzd+Ttuli11IGUWDeOsxTgf
+QkezGo6FPsyhv79yGMP5IOkToIXVyOeeGjQRDytRVAq2Q3dQa3/9xhabA88NfzdR
+S+VChWUWLgIKKtrrShiusGdvewpmo5lKvYNGTvmJchXPED9kXNJC8nmxBwcqk9fJ
+eUVmXyiMdvEcwHzzjZN8n0F9vRNAA9r0w2GeP5Bg5Ggxqldfnyt4TpBbcacdJLLt
+DWKsYYuI7wLPTTmXvMdAm/eC7zvrCLP9wMw1wN6Sh/SpG+CLiStJNTFigqu9vkmO
+4qJa9Cmm6QrZ6aGieQ==
+-----END CERTIFICATE-----
diff --git a/scripts/update_now.sh b/scripts/update_now.sh
new file mode 100644
index 0000000..724a5b5
--- /dev/null
+++ b/scripts/update_now.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/bash
+
+sudo /opt/puppetlabs/bin/puppet agent --test
diff --git a/validate.sh b/validate.sh
deleted file mode 100755
index 63c0eed..0000000
--- a/validate.sh
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/bash
-
-modulepath="$(pwd)/.."
-
-set -x
-
-puppet parser validate --strict_variables --modulepath="$modulepath" manifests/
-
-for file in $*
-do
- class=$(basename $file .pp)
- # Sudo is needed for modules that do something with yum for example.
- sudo /opt/puppetlabs/bin/puppet apply --noop --test --modulepath="$modulepath" -e "include aes::$class"
-done
--
GitLab