pim/tf-debian-vm
Archived
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity

support multiple SSH CA key pairs

Browse source
This commit is contained in:
Pim Kunis 2023-04-25 17:50:02 +02:00
parent 9866130719
commit 9c1aa00775
3 changed files with 33 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
files/get_cert.sh
View file

@ -2,11 +2,11 @@
set -euo pipefail
IFS=$'\n\t'
eval "$(jq -r '@sh "PUBKEY=\(.pubkey) HOST=\(.host) CAHOST=\(.cahost) CASCRIPT=\(.cascript)"')"
eval "$(jq -r '@sh "PUBKEY=\(.pubkey) HOST=\(.host) CAHOST=\(.cahost) CASCRIPT=\(.cascript) CAKEY=\(.cakey)"')"
# TODO: Can this be done more eye-pleasingly?
set +e
CERT=$(ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 root@$CAHOST '"'"$CASCRIPT"'" host "'"$PUBKEY"'" "'"$HOST"'".dmz')
CERT=$(ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 root@$CAHOST '"'"$CASCRIPT"'" "'"$CAKEY"'" host "'"$PUBKEY"'" "'"$HOST"'".dmz')
retval=$?
set -e

1
main.tf
View file

@ -39,6 +39,7 @@ data "external" "cert" {
host = var.name
cahost = var.ca_host
cascript = var.ca_script
cakey = var.ca_key
}
}

6
variables.tf
View file

@ -42,6 +42,12 @@ variable "ca_script" {
description = "Script to call when fetching a SSH host certificate."
}
variable "ca_key" {
type = string
default = ""
description = "File name of the SSH CA key pair."
}
variable "domain_name" {
type = string
default = null