-
Notifications
You must be signed in to change notification settings - Fork 34
/
ONVAULT
executable file
·91 lines (72 loc) · 2.37 KB
/
ONVAULT
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
#!/bin/bash
# signals bash to stop execution on any fail
set -e
# allow everriding default VAULT_HOST at runtime
# otherwise will get the docker bridge ip network
: ${VAULT_HOST:=$(ip route|awk '/default/{print $3}')}
# allow overriding (probably trough Docker Link) default VAULT_PORT at runtime
: ${VAULT_PORT:=tcp://${VAULT_HOST}:14242}
# allow overriding default VAULT_URI at runtime
: ${VAULT_URI:=${VAULT_PORT/tcp/http}}
# allow overriding default VAULT_SSH_KEY at runtime
: ${VAULT_SSH_KEY:=id_rsa}
# parse arguments
while [[ "$#" > 1 ]]; do case $1 in
--disable-pwd) DISABLE_PASSWORD="$2";;
*) break;;
esac; shift; shift
done
log () {
GREEN='\033[1;32m'
NC='\033[0m' # No Color
echo -e "${GREEN}[Dockito Vault]${NC} $@"
}
# don't go through proxy for accessing vault
no_proxy_old="$no_proxy"
export no_proxy="$VAULT_HOST"
if ! curl -s "${VAULT_URI}/_ping"; then
COUNTER=0
echo 'Waiting 10s for dockito/vault to be ready...'
while ! curl -s "${VAULT_URI}/_ping" && [ $COUNTER != 10 ]; do
sleep 1
COUNTER=$[$COUNTER +1]
done
fi
if curl -s "${VAULT_URI}/_ping"; then
mkdir -p ~/.ssh/
# check if is required the ssh backup
ssh_backup_enabled="$(ls -A ~/.ssh)"
# creating backup of existing ssh directory
if [[ -n "$ssh_backup_enabled" ]]; then
tmp_ssh_vault=~/".vault-backup-ssh-$(date +%s)"
mkdir $tmp_ssh_vault
cp -r ~/.ssh/* $tmp_ssh_vault
fi
log "Downloading private keys..."
curl -s "${VAULT_URI}/ssh.tgz" | tar -C ~/.ssh/ -zxf -
chown -f `whoami` ~/.ssh/* || true
chmod -f 600 ~/.ssh/* || true
log "Using ssh key: $VAULT_SSH_KEY"
if [[ "$VAULT_SSH_KEY" != "id_rsa" ]]; then
# configure the ssh to any host to use this ssh key
echo -e "\nHost *\nIdentityFile ~/.ssh/$VAULT_SSH_KEY" >> ~/.ssh/config
fi
if [[ "$DISABLE_PASSWORD" != "" ]]; then
ssh-keygen -p -P $DISABLE_PASSWORD -N "" -f ~/.ssh/$VAULT_SSH_KEY
fi
# restore 'no_proxy' for executing the actual command
export no_proxy="$no_proxy_old"
log "Executing command: $@"
eval $@
log "Removing private keys..."
rm -rf ~/.ssh/*
# copying backup to ssh directory
if [[ -n "$ssh_backup_enabled" ]]; then
cp -r $tmp_ssh_vault/* ~/.ssh
rm -rf $tmp_ssh_vault
fi
else
log "ERROR: Start the dockito/vault container before using ONVAULT!"
log "ex: docker run -d -p ${VAULT_HOST}:14242:3000 -v ~/.ssh:/vault/.ssh dockito/vault"
exit 1
fi