Change to submodule for dehydrated to pin the version

TritonDataCenter · Aug 25, 2017 · 7055748 · 7055748
1 parent 2d85e69
commit 7055748
Show file tree

Hide file tree

Showing 7 changed files with 47 additions and 15 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,3 @@
+/dehydrated.tar.gz
+/cacert.pem
+/domains.txt
diff --git a/.gitmodules b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "deps/dehydrated"]
+	path = deps/dehydrated
+	url = https://github.com/lukas2511/dehydrated
diff --git a/Makefile b/Makefile
@@ -0,0 +1,15 @@
+SCRIPT=		deps/dehydrated/dehydrated
+ARCHIVE=	dehydrated.tar.gz
+
+.PHONY: archive
+archive: $(ARCHIVE)
+
+$(ARCHIVE): $(SCRIPT)
+	find . -type f \
+	    -not -path '*/.git/*' \
+	    -not -name '.git*' \
+	    -not -name '.travis.yml' | \
+	        xargs tar -czf "$@"
+
+$(SCRIPT):
+	git submodule init && git submodule update
diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 ## triton dehydrated
 
 [dehydrated](https://github.com/lukas2511/dehydrated) hook script to set up
-certificates automatically for Triton, using DNS challenges. Enabled via CNS.
+certificates automatically for Triton, using DNS challenges. Requires CNS.
 
 To use this you need to have CNS set up and publically resolvable. Then, either
 fill `domains.txt` with the names of the CNS endpoints for the Triton services

diff --git a/cns-hook b/cns-hook
@@ -1,16 +1,29 @@
 #!/usr/bin/env bash
 
 function getservice {
-	local domain="${1}"
-	if grep '^cloudapi\.' >/dev/null <<< "$domain"; then
-		echo "cloudapi"
-	elif grep '^adminui\.' >/dev/null <<< "$domain"; then
-		echo "adminui"
-	elif grep '^docker\.' >/dev/null <<< "$domain"; then
-		echo "docker"
-	elif grep 'manta' >/dev/null <<< "$domain"; then
-		echo "manta"
+	local vmuuid="$(dig +short txt "${domain}" @8.8.8.8 | head -1 | sed 's/"//g')"
+	if [ "a$vmuuid" == "a" ]; then
+		echo "ERROR: ${domain} does not appear to be a CNS name or CNAME to a CNS name" >&2
+		exit 1
 	fi
+	local sdcrole="$(sdc-vmadm get ${vmuuid} | json tags.smartdc_role)"
+	local mantarole="$(sdc-vmadm get ${vmuuid} | json tags.manta_role)"
+	case "$sdcrole" in
+		cloudapi|adminui|docker)
+			echo "$sdcrole"
+			;;
+		*)
+			case "$mantarole" in
+				loadbalancer)
+					echo "manta"
+					;;
+				*)
+					echo "ERROR: ${domain} points at VM ${vmuuid} with role ${role}, which is not supported" >&2
+					exit 1
+					;;
+			esac
+			;;
+	esac
 }
 
 function verifyvm {

diff --git a/run → dehydrated b/run → dehydrated
@@ -80,9 +80,6 @@ TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
 EOF
 	curl -o "$SCRIPTDIR/cacert.pem" https://curl.haxx.se/ca/cacert.pem
 fi
-if [ ! -f "$SCRIPTDIR/dehydrated" ]; then
-	curl -Lo "$SCRIPTDIR/dehydrated" https://raw.githubusercontent.com/lukas2511/dehydrated/master/dehydrated
-	chmod a+x "$SCRIPTDIR/dehydrated"
-fi
-exec $SCRIPTDIR/dehydrated $@
+
+source $SCRIPTDIR/deps/dehydrated/dehydrated
 
diff --git a/deps/dehydrated b/deps/dehydrated