Select Git revision
conftest.py
upload_wildcards.py 3.22 KiB
#!/usr/bin/env python3
#
"""Geant Acme - Upload wildcards
Usage:
upload_wildcards.py --domain <DOMAIN> [--verbose]
upload_wildcards.py (-h | --help)
Options:
-h --help Show this screen.
-d DOMAIN --domain=DOMAIN Domain
-v --verbose Print out messages
"""
import os
import configparser
from docopt import docopt
import hvac
import redis
def redis_upload(redis_host, redis_token, key, value):
""" upload a key """
r_client = redis.StrictRedis(
host=redis_host, password=redis_token, port=6379, db=0)
try:
_ = r_client.set(key, value)
except Exception as err:
print('could not write key {} to Redis {}: {}'.format(key, redis_host, err))
print('giving up...')
os.sys.exit(1)
def redis_save(redis_host, redis_token):
""" run save DB """
r_client = redis.StrictRedis(
host=redis_host, password=redis_token, port=6379, db=0)
try:
_ = r_client.save()
except Exception as err:
print('could not save to disk on Redis {}: {}'.format(redis_host, err))
print('giving up...')
os.sys.exit(1)
def vault_upload(vault_host, vault_token, key_name, key_value):
""" upload key to vault """
client = hvac.Client()
client = hvac.Client(
url='https://{}'.format(vault_host),
token=vault_token
)
try:
_ = client.write(key_name, value=key_value)
except Exception as err:
print('could not write key {} to Vault {}: {}'.format(
key_name, vault_host, err))
print('giving up...')
os.sys.exit(1)
# Here we Go.
if __name__ == "__main__":
ARGS = docopt(__doc__)
VERBOSE = ARGS['--verbose']
DOMAIN = ARGS['--domain']
CONFIG = configparser.RawConfigParser()
CONFIG.read_file(open('/root/.geant_acme.ini'))
REDIS_TOKEN = CONFIG.get('geant_acme', 'redis_token')
VAULT_TOKEN = CONFIG.get('geant_acme', 'vault_token')
REDIS_HOST = CONFIG.get('geant_acme', 'redis_host')
VAULT_HOST = CONFIG.get('geant_acme', 'vault_host')
DOMAINS = ['geant.net', 'geant.org']
BASEDIR = '/etc/letsencrypt/live'
# upload certificates to Redis
for keyname in ['cert.pem', 'chain.pem', 'fullchain.pem']:
with open(os.path.join(BASEDIR, DOMAIN, keyname), 'r') as certfile:
keydata = certfile.read()
domain_underscored = DOMAIN.replace('.', '_')
keyname_underscored = keyname.replace('.', '_')
redis_full_path = 'common:redis_{}_{}'.format(
domain_underscored, keyname_underscored)
print('uploading to Redis: {}'.format(redis_full_path))
redis_upload(REDIS_HOST, REDIS_TOKEN, redis_full_path, keydata)
# upload keys to Vault
with open(os.path.join(BASEDIR, DOMAIN, 'privkey.pem'), 'r') as keyfile:
KEYDATA = keyfile.read()
DOMAIN_UNDERSCORED = DOMAIN.replace('.', '_')
KEYNAME_UNDERSCORED = 'privkey.pem'.replace('.', '_')
VAULT_FULL_PATH = 'puppet/common/vault_wildcard_{}_{}'.format(
DOMAIN_UNDERSCORED, KEYNAME_UNDERSCORED)
print('uploading to Vault: {}'.format(VAULT_FULL_PATH))
vault_upload(VAULT_HOST, VAULT_TOKEN, VAULT_FULL_PATH, KEYDATA)
redis_save(REDIS_HOST, REDIS_TOKEN)