ansible-host-certificate/templates/requestCertificate.sh.j2

20 lines
877 B
Plaintext
Raw Normal View History

2020-07-30 07:50:30 +00:00
echo $VAULT_ADDR $VAULT_TOKEN
curl --request POST --data '{"key": "'$VAULT_UNSEAL_KEY1'"}' $VAULT_ADDR/v1/sys/unseal
curl --request POST --data '{"key": "'$VAULT_UNSEAL_KEY2'"}' $VAULT_ADDR/v1/sys/unseal
curl --request POST --data '{"key": "'$VAULT_UNSEAL_KEY3'"}' $VAULT_ADDR/v1/sys/unseal
CERTNAME=$(hostname).{{local_domainname}}
curl --header "X-Vault-Token: $VAULT_TOKEN" \
--request POST \
--data '{"common_name": "'$CERTNAME'", "ttl": "43800h"}' \
$VAULT_ADDR/v1/rootca_store/issue/{{vaultStoreName}} > certificateResult.txt
jq .data.private_key certificateResult.txt | sed "s/\"//g" | sed "s/\\\n/\n/g" > cert.pem
jq .data.certificate certificateResult.txt | sed "s/\"//g" | sed "s/\\\n/\n/g" > cert.crt
mv cert.pem /etc/ssl/private/$(hostname).{{local_domainname}}.key
mv cert.crt /etc/ssl/certs/$(hostname).{{local_domainname}}.crt
rm certificateResult.txt