consul-tls.sh (1110B)
1 #!/usr/bin/env bash 2 # 3 # Creates a set of certificates for use with HashiCorp Consul 4 # https://learn.hashicorp.com/consul/datacenter-deploy/deployment-guide 5 6 # set -o errexit 7 # set -o nounset 8 # set -o xtrace 9 10 # https://www.shellhacks.com/yes-no-bash-script-prompt-confirmation/ 11 read -p "Do you want to generate a new set of Consul certicates in the directory \"./tls/consul/\" [y/N]? " -n 1 -r 12 echo # (optional) move to a new line 13 if [[ ! $REPLY =~ ^[Yy]$ ]] 14 then 15 exit 1 16 fi 17 18 # Set working dir 19 CONSUL_TLS_BASE_PATH="${CONSUL_TLS_BASE_PATH:-./tls/consul/}" 20 mkdir -p "$CONSUL_TLS_BASE_PATH" 21 cd "$CONSUL_TLS_BASE_PATH" 22 23 # Cleanup previously generated certificates 24 rm -rf certs 25 26 # Define cert types 27 crt_types=("server" "cli" "client") 28 29 for type in "${crt_types[@]}"; do 30 # Create certificate 31 consul tls cert create -${type} 32 cert="dc1-$type-consul-0.pem" 33 key="dc1-$type-consul-0-key.pem" 34 35 # Show fingerprint 36 openssl x509 -in $cert -fingerprint -noout 37 38 # Drop index 39 mv $cert "dc1-${type}-consul.pem" 40 mv $key "dc1-${type}-consul-key.pem" 41 done; 42 43 # Move to certs folder 44 mkdir certs 45 mv dc1-* certs/