Created
October 24, 2019 14:31
-
-
Save devops-rob/2be8fe8562853137800e0d7843aca13c to your computer and use it in GitHub Desktop.
This script creates a botstrap acl token, then creates a policy for both agent tokens and vault client tokens, then finaly the tokns respectively
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
export CONSUL_HTTP_ADDR=https://10.201.44.11:8501 | |
export CONSUL_CACERT=/etc/consul.d/tls/consul-agent-ca.pem | |
export CONSUL_CLIENT_CERT=/etc/consul.d/tls/dc1-cli-consul-0.pem | |
export CONSUL_CLIENT_KEY=/etc/consul.d/tls/dc1-cli-consul-0-key.pem | |
AGENT_POLICY_NAME="agent-acl-policy" | |
CLIENT_POLICY_TOKEN="vault-acl-policy" | |
SECRETID=$(consul acl bootstrap | grep SecretID:) | |
RAW_SECRET_ID=$(printf '%s\n' "${SecretID//SecretID: /}") | |
echo $RAW_SECRET_ID > mgmt-SecretID | |
export CONSUL_HTTP_TOKEN=$RAW_SECRET_ID | |
consul acl policy create \ | |
-name="$AGENT_POLICY_NAME" \ | |
-rules=@/etc/consul.d/acl/agent_policy.hcl | |
consul acl token create \ | |
-description="agent acl token" \ | |
-policy-name="$AGENT_POLICY_NAME" \ | |
> /etc/consul.d/acl/agent-Token | |
consul acl policy create \ | |
- name="$CLIENT_POLICY_TOKEN" \ | |
-rules=@/etc/consul.d/acl/vault_policy_hcl | |
consul acl token create \ | |
-description="vault acl token" \ | |
-policy-name="$CLIENT_POLICY_TOKEN" \ | |
> /etc/consul.d/acl/vault-Token |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment