X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=commands;h=6f6d00d7d19d1e7b74010adc4996e1b10db61b6b;hb=fadef126716317722defc33a923de50fa7466303;hp=0a6251443aad257108e76413af937c4d142a7c8e;hpb=6e69c87b067707acfaa1b526697b9d5c855eee47;p=infra.git diff --git a/commands b/commands index 0a62514..6f6d00d 100755 --- a/commands +++ b/commands @@ -1,22 +1,26 @@ #!/bin/bash com="$SSH_ORIGINAL_COMMAND" -if [[ "$UID" == 0 ]]; then +if [[ $UID == 0 ]]; then echo "Run script as non-root-user" exit fi -if [[ "$com" == "ask quiz certs" ]]; then +if [[ $com == "update certs" || $com == "force update certs" ]]; then + force=false + if [[ $com == "force update certs" ]]; then + force=true + fi folder=$(mktemp -d) # In argument 1 is the path of the certificates to update: $1.crt and $1.key function update_cert { name=$1 - if [[ -f $name.crt ]] && openssl x509 -checkend $((365*24*60*60)) -in $name.crt > /dev/null; then + if [[ -f $name.crt ]] && openssl x509 -checkend $((365*24*60*60)) -in $name.crt > /dev/null && ! $force; then echo "SKIP $name" else echo "ISSUE $name" openssl req -newkey rsa:4096 -subj "/CN=will-be-ignored" -nodes -out $folder/web.req -keyout $folder/web.key 2>/dev/null cat $folder/web.req read -r response - if [[ "$response" == "SUCCESS" ]]; then + if [[ $response == "SUCCESS" ]]; then # read certificate count read -r len printf '' > $folder/web.crt @@ -51,12 +55,12 @@ if [[ "$com" == "ask quiz certs" ]]; then [[ -f $folder/web.req ]] && rm $folder/web.req [[ -f $folder/web.key ]] && rm $folder/web.key rmdir $folder -elif [[ "$com" == "reload quiz certs" ]]; then +elif [[ $com == "reload certs" ]]; then sudo puppet apply /etc/puppet/code/environments/production/manifests --verbose sudo lxc-attach -n front-nginx -- puppet agent --verbose --test sudo lxc-attach -n quiz -- puppet agent --verbose --test sudo lxc-attach -n gigi -- puppet agent --verbose --test -elif [[ "$com" == "update crls" ]]; then +elif [[ $com == "update crls" ]]; then if ! tar xv -C /data/crl; then echo "requiring tar" exit;