pim/tf-debian-vm
Archived
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity

parameterize CA script

Browse source
This commit is contained in:
Pim Kunis 2023-04-24 00:05:48 +02:00
parent dee050c05a
commit 71870c1fda
3 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
files/get_cert.sh
View file

@ -2,11 +2,11 @@
set -euo pipefail set -euo pipefail
IFS=$'\n\t' IFS=$'\n\t'
eval "$(jq -r '@sh "PUBKEY=\(.pubkey) HOST=\(.host) CAHOST=\(.cahost)"')" eval "$(jq -r '@sh "PUBKEY=\(.pubkey) HOST=\(.host) CAHOST=\(.cahost) CASCRIPT=\.(.cascript)"')"
# TODO: Can this be done more eye-pleasingly? # TODO: Can this be done more eye-pleasingly?
set +e set +e
CERT=$(ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 root@$CAHOST '/root/ca.sh host "'"$PUBKEY"'" "'"$HOST"'".dmz') CERT=$(ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 root@$CAHOST '"'"$CASCRIPT"'" host "'"$PUBKEY"'" "'"$HOST"'".dmz')
retval=$? retval=$?
set -e set -e

1
main.tf
View file

@ -38,6 +38,7 @@ data "external" "cert" {
pubkey = trimspace(data.tls_public_key.debian.public_key_openssh) pubkey = trimspace(data.tls_public_key.debian.public_key_openssh)
host = var.name host = var.name
cahost = var.ca_host cahost = var.ca_host
cascript = var.ca_script
} }
} }

5
variables.tf
View file

@ -37,6 +37,11 @@ variable "ca_host" {
description = "Host to contact when fetching a SSH host certificate." description = "Host to contact when fetching a SSH host certificate."
} }
variable "ca_script" {
type = string
description = "Script to call when fetching a SSH host certificate."
}
variable "domain_name" { variable "domain_name" {
type = string type = string
default = null default = null