Browse Source

Deal with Concourse TSA host public key correctly

master
Sean Johnson 3 years ago
parent
commit
83de1ad2e1
WARNING! Although there is a key with this ID in the database it does not verify this commit! This commit is SUSPICIOUS.
GPG Key ID: 9FA15B87469EA850
  1. 20
      app/concourse_worker/init.sls

20
app/concourse_worker/init.sls

@ -2,6 +2,10 @@
{% from "app/concourse_worker/map.jinja" import container, settings with context %}
{% set tsa_privkey_path = settings.data_dir ~ "/tsa_worker_key" %}
{% set tsa_pubkey_path = tsa_privkey_path ~ ".pub" %}
{% set tsa_host_pubkey_path = settings.data_dir ~ "/tsa_host_public_key" %}
generate worker key:
cmd.run:
- name: >
@ -10,9 +14,19 @@ generate worker key:
-t rsa
-b 4096
-C 'concourse: TSA worker key'
-f {{ settings.data_dir }}/tsa_worker_key
-f {{ tsa_privkey_path }}
-P ''
- unless: "test -f {{ settings.data_dir }}/tsa_worker_key"
- unless: "test -f {{ tsa_privkey_path }}"
{% if settings.tsa_host_public_key is defined %}
store tsa host key:
file.managed:
- name: {{ tsa_host_pubkey_path }}
- mode: 0744
- contents: {{ settings.tsa_host_public_key }}
{% else %}
{{ raise("concourse-worker:settings:tsa_host_public_key is undefined") }}
{% endif %}
concourse worker image:
docker_image.present:
@ -37,7 +51,7 @@ concourse worker container:
- command: >
worker
--tsa-host {{ settings.tsa_host }}
--tsa-public-key {{ settings.tsa_host_public_key }}
--tsa-public-key /data/tsa_host_public_key
--tsa-worker-private-key /data/tsa_worker_key
{% if settings.args %}{% for arg in settings.args %} {{ arg }}
{% endfor %}{% endif %}
Loading…
Cancel
Save