-
Notifications
You must be signed in to change notification settings - Fork 2
/
set-up-vvvote.py
100 lines (69 loc) · 3.07 KB
/
set-up-vvvote.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
import sys
from getpass import getpass
from pathlib import Path
from pprint import pprint
import subprocess
import json
DEPLOYMENT_NAME = "ekklesia-test"
KEEP_KEYS = True
def run(cmd):
return subprocess.run(cmd, capture_output=True, check=True, shell=True)
def ret(cmd):
return subprocess.run(cmd, capture_output=True, shell=True).returncode
def sh(cmd):
print(cmd)
run(cmd)
def secret(cmd_template, **secrets):
print(cmd_template)
run(cmd_template.format(**secrets))
def get_ekklesia_settings(vm_name):
settings = json.loads(
run(f"nixops show-option -d {DEPLOYMENT_NAME} {vm_name} services.ekklesia --json").stdout)
#pprint(settings)
return settings
def create_and_fetch_keys(server_number):
vm_name = f"vvvote{server_number}"
settings = get_ekklesia_settings(vm_name)
keydir = Path(settings["vvvote"]["privateKeydir"])
ssh = f"nixops ssh -d {DEPLOYMENT_NAME} {vm_name}"
fetch = f"nixops scp -d {DEPLOYMENT_NAME} --from {vm_name}"
if not KEEP_KEYS or ret(f"{ssh} stat {keydir.parent}/.dont_overwrite_keys") > 0:
sh(f"{ssh} mkdir -p {keydir.parent}/voting-keys")
sh(f"{ssh} mkdir -p {keydir}")
sh(f"{ssh} vvvote-admin.sh createKeypair p {server_number} {keydir.parent}")
sh(f"{ssh} vvvote-admin.sh createKeypair t {server_number} {keydir.parent}")
sh(f"{ssh} mv {keydir.parent}/voting-keys/\*private\* {keydir}")
sh(f"{ssh} touch /var/lib/vvvote/.dont_overwrite_keys")
else:
print(f"Keys are already set up for {vm_name}, refusing to create private keys. "
+ f"Remove {keydir.parent}/.dont_overwrite_keys to force key creation.")
sh(f"{fetch} {keydir.parent}/voting-keys/\*public\* vvvote-public-keys/")
def push_public_keys(server_number):
vm_name = f"vvvote{server_number}"
settings = get_ekklesia_settings(vm_name)
keydir = Path(settings["vvvote"]["settings"]["publicKeydir"])
ssh = f"nixops ssh -d {DEPLOYMENT_NAME} {vm_name}"
push = f"nixops scp -d {DEPLOYMENT_NAME} --to {vm_name}"
sh(f"{ssh} mkdir -p {keydir}")
keys = Path("vvvote-public-keys").glob("*.publickey.pem")
for key in keys:
sh(f"{push} {str(key)} {keydir}")
def set_up_secrets(server_number):
vm_name = f"vvvote{server_number}"
settings = get_ekklesia_settings(vm_name)
oauth_path = settings["vvvote"]["oauthClientSecretFile"]
notify_path = settings["vvvote"]["notifyClientSecretFile"]
ssh = f"nixops ssh -d {DEPLOYMENT_NAME} {vm_name}"
oauth_client_secret = getpass(f"oauth client secret for {vm_name} (Enter means no change):")
notify_secret = getpass(f"notify client secret for {vm_name} (Enter means no change):")
if oauth_client_secret:
secret(f"{ssh} 'echo {{oauth_client_secret}} > {oauth_path}'", oauth_client_secret=oauth_client_secret)
if notify_secret:
secret(f"{ssh} 'echo {{notify_secret}} > {notify_path}'", notify_secret=notify_secret)
sh("mkdir -p vvvote-public-keys")
create_and_fetch_keys(1)
create_and_fetch_keys(2)
push_public_keys(1)
push_public_keys(2)
set_up_secrets(1)
set_up_secrets(2)