Fernando K pushed to branch main at Root / Serviços / DHCP
Commits:
-
665ef955
by Fernando Monteiro Kiotheka at 2025-08-06T15:37:32-03:00
2 changed files:
Changes:
| ... | ... | @@ -3,15 +3,7 @@ stages: |
| 3 | 3 | sync-dhcp:
|
| 4 | 4 | stage: deploy
|
| 5 | 5 | script:
|
| 6 | - - |
|
|
| 7 | - ssh-keygen -t ed25519 -f key -N '' -q >/dev/null 2>&1
|
|
| 8 | - response=$(curl -X POST -H "X-Vault-Token: $CI_VAULT_TOKEN" \
|
|
| 9 | - -d "{\"public_key\": \"$(cat key.pub)\"}" $CI_VAULT_ADDR/v1/$CI_VAULT_SIGNER_AUTHORITY_PATH \
|
|
| 10 | - ) || { echo "Failed to retrieve SSH key: Request to Vault failed"; exit 1; }
|
|
| 11 | - signed_key=$(jq -r .data.signed_key <<<"$response")
|
|
| 12 | - [ "$signed_key" != "null" ] || { echo "Failed to retrieve SSH key: SSH key is empty"; exit 1; }
|
|
| 13 | - echo "$signed_key" > key-cert.pub
|
|
| 14 | - chmod 644 key-cert.pub
|
|
| 6 | + - bash get-key-from-bao.sh
|
|
| 15 | 7 | - chmod 755 ansible && cd ansible && ansible-playbook --private-key ../key sync_kea_dhcp.yml
|
| 16 | 8 | only:
|
| 17 | 9 | refs:
|
| 1 | +#!/bin/sh
|
|
| 2 | +response=$(curl --no-progress-meter --request POST \
|
|
| 3 | + --header "X-Vault-Token: $VAULT_TOKEN" --data '{"key_type": "ed25519"}' \
|
|
| 4 | + "$VAULT_ADDR/v1/ssh-client-signer/issue/ansible") \
|
|
| 5 | + || { echo "Failed to retrieve SSH key: Request to Vault failed"; exit 1; }
|
|
| 6 | +private_key=$(printf "%s" "$response" | jq --raw-output .data.private_key)
|
|
| 7 | +signed_key=$(printf "%s" "$response" | jq --raw-output .data.signed_key)
|
|
| 8 | +[ "$signed_key" != "null" ] && [ "$private_key" != "null" ] \
|
|
| 9 | + || { echo "Failed to retrieve SSH key: SSH key is empty"; exit 1; }
|
|
| 10 | +printf "%s\n" "$private_key" >key && chmod 600 key
|
|
| 11 | +printf "%s\n" "$signed_key" >key-cert.pub && chmod 644 key-cert.pub |