-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
eb7ec8b
commit 5e2d24f
Showing
24 changed files
with
307 additions
and
91 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -20,4 +20,4 @@ local_dev/config/key.pem | |
config/ | ||
|
||
# installed traefik binary | ||
traefik | ||
/traefik |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,8 @@ | ||
[myhosts] | ||
ipa-dev identity=0 | ||
ipa-1 identity=1 | ||
ipa-2 identity=2 | ||
ipa-3 identity=3 | ||
ipa-dev identity=0 helper_domain=helper0.ipa-helper.dev sidecar_domain=sidecar0.ipa-helper.dev | ||
ipa-1 identity=1 helper_domain=helper1.ipa-helper.dev sidecar_domain=sidecar1.ipa-helper.dev | ||
ipa-2 identity=2 helper_domain=helper2.ipa-helper.dev sidecar_domain=sidecar2.ipa-helper.dev | ||
ipa-3 identity=3 helper_domain=helper3.ipa-helper.dev sidecar_domain=sidecar3.ipa-helper.dev | ||
[myhosts:vars] | ||
ansible_python_interpreter=/usr/bin/python3 | ||
root_domain=ipa-helper.dev |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
- name: Generate IPA keys | ||
hosts: all | ||
vars: | ||
local_public_key_directory: "{{ lookup('env', 'PWD') }}/.draft/deployed_public_keys" | ||
tasks: | ||
- name: Check if local directory exists | ||
local_action: | ||
module: stat | ||
path: "{{ local_public_key_directory }}" | ||
register: local_directory_status | ||
- name: Fail if local directory does not exist | ||
fail: | ||
msg: "The local directory {{ local_public_key_directory }} does not exist. Please create it." | ||
when: not local_directory_status.stat.exists | ||
- name: Create directories if they do not exist | ||
file: | ||
path: "{{ ansible_env.HOME }}/draft/tmp/sidecar/{{ identity }}" | ||
state: directory | ||
|
||
- name: Define ipa_path | ||
set_fact: | ||
ipa_path: "{{ ansible_env.HOME }}/draft/tmp/sidecar/{{ identity }}/ipa" | ||
|
||
- name: Clone repo (if needed) and pull main | ||
git: | ||
repo: 'https://github.com/private-attribution/ipa' | ||
dest: "{{ ipa_path }}" | ||
version: main | ||
update: yes | ||
|
||
- name: Get the current git hash | ||
command: git rev-parse --short HEAD | ||
args: | ||
chdir: "{{ ipa_path }}" | ||
register: git_hash | ||
|
||
- name: Define target_dir | ||
set_fact: | ||
target_dir: "target-keygen-{{ git_hash.stdout }}" | ||
|
||
- name: Check if binary exists | ||
stat: | ||
path: "{{ ipa_path }}/{{ target_dir }}/helper" | ||
register: binary_status | ||
|
||
- name: Run cargo build | ||
command: cargo build --bin helper --features="web-app real-world-infra compact-gate" --no-default-features --release --target-dir="{{ target_dir }}" | ||
args: | ||
chdir: "{{ ipa_path }}" | ||
when: not binary_status.stat.exists | ||
|
||
- name: Remove old keys if they exist | ||
file: | ||
path: "{{ ansible_env.HOME }}/draft/config/{{ item }}" | ||
state: absent | ||
loop: | ||
- "h{{ identity }}.key" | ||
- "h{{ identity }}_mk.key" | ||
- "pub/h{{ identity }}.pem" | ||
- "pub/h{{ identity }}_mk.pub" | ||
- name: Generate new keys | ||
command: "{{ target_dir }}/release/helper keygen --name {{ helper_domain }} --tls-cert {{ ansible_env.HOME }}/draft/config/pub/h{{ identity }}.pem --tls-key {{ ansible_env.HOME }}/draft/config/h{{ identity }}.key --mk-public-key {{ ansible_env.HOME }}/draft/config/pub/h{{ identity }}_mk.pub --mk-private-key {{ ansible_env.HOME }}/draft/config/h{{ identity }}_mk.key" | ||
args: | ||
chdir: "{{ ipa_path }}" | ||
- name: Fetch the newly created files | ||
fetch: | ||
src: "{{ ansible_env.HOME }}/draft/config/pub/{{ item }}" | ||
dest: "{{ local_public_key_directory }}/" | ||
flat: yes | ||
loop: | ||
- "h{{ identity }}.pem" | ||
- "h{{ identity }}_mk.pub" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
- hosts: all | ||
vars: | ||
local_public_key_directory: "{{ lookup('env', 'PWD') }}/.draft/deployed_public_keys" | ||
tasks: | ||
- name: Define remote_directory | ||
set_fact: | ||
remote_directory: "{{ ansible_env.HOME }}/draft/config" | ||
- name: Define keys | ||
local_action: | ||
module: stat | ||
path: "{{ local_public_key_directory }}/{{ item }}" | ||
register: public_keys | ||
loop: | ||
- "h0.pem" | ||
- "h0_mk.pub" | ||
- "h1.pem" | ||
- "h1_mk.pub" | ||
- "h2.pem" | ||
- "h2_mk.pub" | ||
- "h3.pem" | ||
- "h3_mk.pub" | ||
|
||
- name: Define network.toml | ||
local_action: | ||
module: stat | ||
path: "{{ local_public_key_directory }}/network.toml" | ||
register: network_toml | ||
|
||
- name: Fail if any keys are missing | ||
fail: | ||
msg: "Keys not found locally: {{ public_keys.results | selectattr('stat.exists','equalto', False) | map(attribute='item') | list }}" | ||
when: public_keys.results | selectattr('stat.exists','equalto', False) | list | count > 0 | ||
|
||
- name: Fail network.toml is missing | ||
fail: | ||
msg: "Key {{ local_public_key_directory}}/network.toml not found locally." | ||
when: not network_toml.stat.exists | ||
|
||
|
||
- name: Upload keys to remote hosts | ||
copy: | ||
src: "{{ item.stat.path }}" | ||
dest: "{{ remote_directory }}/pub" | ||
loop: "{{ public_keys.results }}" | ||
|
||
- name: Upload network.toml to remote hosts | ||
copy: | ||
src: "{{ network_toml.stat.path }}" | ||
dest: "{{ remote_directory }}/network.toml" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
-----BEGIN PRIVATE KEY----- | ||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgNXRbeh+/oz5xv2yY | ||
uSR0EPFuRratsNNVf9BzoBthCZyhRANCAASa4rehLdFG8wIcRyHg04c8Sj7XGHx9 | ||
hwa65bmXgEEsoNph/7uFVdZIgKswWXX/IQU7UTznqWD8WpXGGnbkj+Eo | ||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgYYwbLgxgzjdG7/3V | ||
O50xlJlkcRrqnYd63jG7GDhu9iyhRANCAAQqpG4nFwFbKPqxk1c3BC/QOiRhoHf4 | ||
rlrCdCTJR12SiENGg9+BQBf8NB7OFyqQNw4oxcy4/kGmMQ9iPed3xQR0 | ||
-----END PRIVATE KEY----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
9e98e12742ca6a1b6f7543b6fbe1e40f6ed946bcfaf94eabd8701b2c21c92773 | ||
b5b6baa31bfdbabbca7c5c4ba0b60ce0f3c78dce20da814dbb9835ab1f920237 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
-----BEGIN PRIVATE KEY----- | ||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgpj/IkcF3+K5LvYO3 | ||
rFBGXRLQcIDTITGMwrzH48IwdFqhRANCAARE1EvqrvduIUxdaPPxYgVi68qA8uWH | ||
vZVNkjywpBcfQ4vevAov5KWzYkR0aCDI82IziNSv1T5PQipvGHmGBwu5 | ||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg68yge6rpoo1BuZf3 | ||
jgNKZTire4NXFFp7QB6ZHhUh03qhRANCAASe+M2dMLK5Veao85/jK01vK0xGNm/v | ||
TvXKNjdIohgo7iUteABhRSOEaV24I2+fhIkJ4u1nF5O3XDILN8qFU569 | ||
-----END PRIVATE KEY----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
baa3cc11f2cfe092eb86acabc028889438735fc667d0c88214185f8802b316a7 | ||
6bfec84fad7d6793b2da7d897d8b240e1657ce17ae85008ee3929205b10215c0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
-----BEGIN PRIVATE KEY----- | ||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgPEB0qkkpZ1sp44NS | ||
Ogbiz1MLgvyO/N3uvXgEhEGtKGahRANCAATLqehLL42VKHNmfZtY2BVehHsQNyGq | ||
fmOrs6V+DXrQ0eKgGF4ad1lrqXxJFMpVg2i1vOm/kq6GlvM6AqqcjuVc | ||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQguBEunJTE4p6odXBy | ||
SVFbZmp3f0MIUE/dWwnMFjaU9OGhRANCAAT0ZaJSBZNssVFtl14l38ykfcS8m8Q5 | ||
YWckipUyWV+EcXp8oHpTzVeAKTKP8mOp3zgj/qqsGu9nAOb2R524mR9C | ||
-----END PRIVATE KEY----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
a86e0204e38809dbc2ef89db7eeba2bbd6628e96bd0a46133666d667de681773 | ||
045bd3cb9f53394e9a1dd905c8e5dfeab7f3249e105ceca33663f7e078306f5d |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,10 +1,11 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIBZTCCAQugAwIBAgIIRxb0DaIIjkkwCgYIKoZIzj0EAwIwFDESMBAGA1UEAwwJ | ||
bG9jYWxob3N0MB4XDTI0MDMxNTAxMTI0M1oXDTI0MDYxNDAxMTI0M1owFDESMBAG | ||
A1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmuK3oS3R | ||
RvMCHEch4NOHPEo+1xh8fYcGuuW5l4BBLKDaYf+7hVXWSICrMFl1/yEFO1E856lg | ||
/FqVxhp25I/hKKNHMEUwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA4GA1UdDwEB/wQE | ||
AwICpDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCgYIKoZIzj0EAwID | ||
SAAwRQIgYgv5V5unp9q0WSnuPttA5fNASFLKrvslL+T0BKfLjRoCIQC4B+fmHpqX | ||
GVYq2Y0sGz79X+evTPmyJo7X3ye5DlSDeg== | ||
MIIBgDCCASagAwIBAgIIJIo0r8LAFEQwCgYIKoZIzj0EAwIwHTEbMBkGA1UEAwwS | ||
aGVscGVyMS5kcmFmdC50ZXN0MB4XDTI0MDUxOTIwMjc1MFoXDTI0MDgxODIwMjc1 | ||
MFowHTEbMBkGA1UEAwwSaGVscGVyMS5kcmFmdC50ZXN0MFkwEwYHKoZIzj0CAQYI | ||
KoZIzj0DAQcDQgAEKqRuJxcBWyj6sZNXNwQv0DokYaB3+K5awnQkyUddkohDRoPf | ||
gUAX/DQezhcqkDcOKMXMuP5BpjEPYj3nd8UEdKNQME4wHQYDVR0RBBYwFIISaGVs | ||
cGVyMS5kcmFmdC50ZXN0MA4GA1UdDwEB/wQEAwICpDAdBgNVHSUEFjAUBggrBgEF | ||
BQcDAQYIKwYBBQUHAwIwCgYIKoZIzj0EAwIDSAAwRQIgGjpC+WFl9MwpBjpn1oJZ | ||
ZvNkhjIzEAPu2HJzE4bgU7QCIQDEfVM2RxnnsXBQdpEq/ANX1xdMpYZi5ZHQP8ZE | ||
5GYNCw== | ||
-----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
008eb82d82def11d250243bc06d96637e9fa73e362de92ae729b6a599cc15b5c | ||
a3647267bfe14e702073799600e013e0519192744043e1644a8c697dbb77a102 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,10 +1,11 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIBZDCCAQugAwIBAgIIIHqS6JxF2+AwCgYIKoZIzj0EAwIwFDESMBAGA1UEAwwJ | ||
bG9jYWxob3N0MB4XDTI0MDMxNTAxMTMyMVoXDTI0MDYxNDAxMTMyMVowFDESMBAG | ||
A1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAERNRL6q73 | ||
biFMXWjz8WIFYuvKgPLlh72VTZI8sKQXH0OL3rwKL+Sls2JEdGggyPNiM4jUr9U+ | ||
T0Iqbxh5hgcLuaNHMEUwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA4GA1UdDwEB/wQE | ||
AwICpDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCgYIKoZIzj0EAwID | ||
RwAwRAIgUBVQLsrbhfoLfg6a2ATU+ulhYmFNvweQ/Xj1M9QgXaECIEbsLs0h4TRG | ||
loU+/Eo4LOm5CkEd8fPOuSdZTp1s8IGT | ||
MIIBgTCCASagAwIBAgIIc/DMyC/dz4AwCgYIKoZIzj0EAwIwHTEbMBkGA1UEAwwS | ||
aGVscGVyMi5kcmFmdC50ZXN0MB4XDTI0MDUxOTIwMjgxNVoXDTI0MDgxODIwMjgx | ||
NVowHTEbMBkGA1UEAwwSaGVscGVyMi5kcmFmdC50ZXN0MFkwEwYHKoZIzj0CAQYI | ||
KoZIzj0DAQcDQgAEnvjNnTCyuVXmqPOf4ytNbytMRjZv7071yjY3SKIYKO4lLXgA | ||
YUUjhGlduCNvn4SJCeLtZxeTt1wyCzfKhVOevaNQME4wHQYDVR0RBBYwFIISaGVs | ||
cGVyMi5kcmFmdC50ZXN0MA4GA1UdDwEB/wQEAwICpDAdBgNVHSUEFjAUBggrBgEF | ||
BQcDAQYIKwYBBQUHAwIwCgYIKoZIzj0EAwIDSQAwRgIhALaFcXtFfVXRxmxBWGqU | ||
qLOdmVEBY1UIGzYUrl5maoqXAiEAw4E3sDRsbP5jfgrx235RkVouQSENyC/I6/vQ | ||
gkzBFP0= | ||
-----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
d7cdae88176fd5ee2bef524b776a15fc52e4b9c3f986d34fe815c7463e7a425b | ||
b309e35605c369194fd04c411ef6b6feda334c5f8f55dcbb15f1484aa6178035 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,10 +1,11 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIBYzCCAQqgAwIBAgIHYwBqW8VtbjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAls | ||
b2NhbGhvc3QwHhcNMjQwMzE1MDExMzUyWhcNMjQwNjE0MDExMzUyWjAUMRIwEAYD | ||
VQQDDAlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATLqehLL42V | ||
KHNmfZtY2BVehHsQNyGqfmOrs6V+DXrQ0eKgGF4ad1lrqXxJFMpVg2i1vOm/kq6G | ||
lvM6AqqcjuVco0cwRTAUBgNVHREEDTALgglsb2NhbGhvc3QwDgYDVR0PAQH/BAQD | ||
AgKkMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAKBggqhkjOPQQDAgNH | ||
ADBEAiAfszb6imTolbufxqBhMd5gmCRmdxLWVDYCCF3wpa0bLQIgVDzc0X3eqN5U | ||
Ghgnqau5gaGAljARRWQNo8WVu6juWjs= | ||
MIIBgTCCASagAwIBAgIIU3AD7mE7qhMwCgYIKoZIzj0EAwIwHTEbMBkGA1UEAwwS | ||
aGVscGVyMy5kcmFmdC50ZXN0MB4XDTI0MDUxOTIwMjgzM1oXDTI0MDgxODIwMjgz | ||
M1owHTEbMBkGA1UEAwwSaGVscGVyMy5kcmFmdC50ZXN0MFkwEwYHKoZIzj0CAQYI | ||
KoZIzj0DAQcDQgAE9GWiUgWTbLFRbZdeJd/MpH3EvJvEOWFnJIqVMllfhHF6fKB6 | ||
U81XgCkyj/Jjqd84I/6qrBrvZwDm9keduJkfQqNQME4wHQYDVR0RBBYwFIISaGVs | ||
cGVyMy5kcmFmdC50ZXN0MA4GA1UdDwEB/wQEAwICpDAdBgNVHSUEFjAUBggrBgEF | ||
BQcDAQYIKwYBBQUHAwIwCgYIKoZIzj0EAwIDSQAwRgIhAPWMYS6CHXpFhM0z5n1K | ||
QyuFesT47zkYATrYgdbQm/KSAiEA4RDWidGzAeVylaWi8C1sx8/DtJwfKNw7VyqP | ||
BRcMXEI= | ||
-----END CERTIFICATE----- |
Oops, something went wrong.