sh Bash shell脚本,用于检查本地Vault服务器的密封状态,并尝试使用保管库保密库中的密钥进行密封。支持HA Va
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了sh Bash shell脚本,用于检查本地Vault服务器的密封状态,并尝试使用保管库保密库中的密钥进行密封。支持HA Va相关的知识,希望对你有一定的参考价值。
#!/bin/bash
export vault=/usr/local/bin/vault
export VAULT_TOKEN=$(cat /root/.vault-token)
vault_cacert='-ca-cert=/path/to/your/ca.pem'
local_vault="-address=https://$(hostname -f):8200"
unsealed_vault="-address=https://$(getent hosts $(dig +short vault.service.consul | tail -n 1) | awk '{ print $2 }'):8200"
leader_vault="-address=https://$($vault status $vault_cacert $unsealed_vault 2> /dev/null | grep Leader | awk '{ print $2 }' | sed 's/^http\(\|s\):\/\///g'):8200"
vault_read="$vault read $vault_cacert $leader_vault"
vault_unseal="$vault unseal $vault_cacert $local_vault"
vault_status="$vault status $vault_cacert $local_vault"
function check_unsealed(){
$vault_status &> /dev/null
if [[ ! $? == "0" ]]
then
echo "VaultSealManager-[$(date +'%X %x')]-[ERROR]: Local Vault instance was unsuccessfully unsealed (the instance is still sealed)."
exit 1
fi
}
function get_keys(){
vault_key_1=$($vault_read -field=value secret/vault/keys/1 2> /dev/null)
vault_key_2=$($vault_read -field=value secret/vault/keys/2 2> /dev/null)
vault_key_3=$($vault_read -field=value secret/vault/keys/3 2> /dev/null)
vault_key_4=$($vault_read -field=value secret/vault/keys/4 2> /dev/null)
vault_key_5=$($vault_read -field=value secret/vault/keys/5 2> /dev/null)
if [[ -z "$vault_key_1" ]] || [[ -z "$vault_key_2" ]] || [[ -z "$vault_key_3" ]] || [[ -z "$vault_key_4" ]] || [[ -z "$vault_key_5" ]]
then
echo "VaultSealManager-[$(date +'%X %x')]-[ERROR]: Error retrieving unseal keys from Vault secret store!"
exit 1
fi
}
function unseal_vault(){
$vault_unseal $vault_key_1 &> /dev/null;
status_1=$?
$vault_unseal $vault_key_2 &> /dev/null;
status_2=$?
$vault_unseal $vault_key_3 &> /dev/null;
status_3=$?
# Only need three to unseal
#$vault_unseal $vault_key_4 &> /dev/null;
#status_4=$?
#$vault_unseal $vault_key_5 &> /dev/null;
#status_5=$?
if [[ ! $status_1 == "0" ]] || [[ ! $status_2 == "0" ]] || [[ ! $status_3 == "0" ]] # || [[ ! "status_4" == "0" ]] || [[ ! "status_5" == "0" ]]
then
echo "VaultSealManager-[$(date +'%X %x')]-[ERROR]: Error unsealing local Vault instance!"
exit 1
fi
}
function main(){
$vault_status &> /dev/null
if [[ $? == "0" ]]
then
echo "VaultSealManager-[$(date +'%X %x')]-[IFNO]: Local Vault instance is already unsealed!"
exit 0
fi
if [[ -z "$unsealed_vault" ]]
then
echo "VaultSealManager-[$(date +'%X %x')]-[ERROR]: Consul service returned no unsealed Vault instances!"
exit 1
else
echo "VaultSealManager-[$(date +'%X %x')]-[INFO]: Consul service returned unsealed Vault instance..."
echo "VaultSealManager-[$(date +'%X %x')]-[INFO]: Attempting to get secured keys from Vault secret store..."
get_keys
echo "VaultSealManager-[$(date +'%X %x')]-[INFO]: Got unseal keys successfull..."
echo "VaultSealManager-[$(date +'%X %x')]-[INFO]: Attempting to unseal local Vault instance with acquired unseal keys..."
unseal_vault
echo "VaultSealManager-[$(date +'%X %x')]-[INFO]: Checking local seal status..."
check_unsealed
echo "VaultSealManager-[$(date +'%X %x')]-[INFO]: Local Vault instance is now unsealed!"
fi
}
main
exit 0
以上是关于sh Bash shell脚本,用于检查本地Vault服务器的密封状态,并尝试使用保管库保密库中的密钥进行密封。支持HA Va的主要内容,如果未能解决你的问题,请参考以下文章
Bash Shell脚本 - 检查标志并获取其值
sh 用于检查MySQL是否正在运行的简单bash脚本。
shell脚本结构和执行方法
sh 用于检查当前git branch =“x”的bash脚本
sh Bash脚本,用于检查网站是启动还是关闭,并通过电子邮件发送通知
shell 脚本4 检查脚本错误