nomad-tls.sh (1240B)
1 #!/usr/bin/env bash 2 # 3 # Creates a set of certificates for use with HashiCorp Nomad 4 # https://developer.hashicorp.com/nomad/tutorials/transport-security/security-enable-tls 5 6 # set -o errexit 7 # set -o nounset 8 # set -o xtrace 9 10 # https://www.shellhacks.com/yes-no-bash-script-prompt-confirmation/ 11 read -p "Do you want to generate a new set of Nomad certicates in the directory \"./tls/nomad/\" [y/N]? " -n 1 -r 12 echo # (optional) move to a new line 13 if [[ ! $REPLY =~ ^[Yy]$ ]] 14 then 15 exit 1 16 fi 17 18 # Set working dir 19 NOMAD_TLS_BASE_PATH="${NOMAD_TLS_BASE_PATH:-./tls/nomad/}" 20 mkdir -p "$NOMAD_TLS_BASE_PATH" 21 cd "$NOMAD_TLS_BASE_PATH" 22 23 # Cleanup previously generated certificates 24 rm -rf certs 25 26 # Define cert types 27 crt_types=("server" "cli" "client") 28 29 for type in "${crt_types[@]}"; do 30 # Create certificate 31 nomad tls cert create -region dc1 -days 3560 \ 32 -additional-ipaddress 10.0.0.100 \ 33 -additional-ipaddress 10.0.0.101 \ 34 -additional-ipaddress 10.0.0.102 \ 35 -additional-ipaddress 10.0.0.103 \ 36 -additional-ipaddress 10.0.0.104 \ 37 -${type} 38 cert="dc1-$type-nomad.pem" 39 key="dc1-$type-nomad-key.pem" 40 41 # Show fingerprint 42 openssl x509 -in $cert -fingerprint -noout 43 done; 44 45 # Move to certs folder 46 mkdir certs 47 mv dc1-* certs/