X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=commands;h=aa2f8087a93a4f1fb5775e9eabf4b7f59f1dbcea;hb=8bfb19b81b8a2ff4ccd6782b2516a2a18b0f8095;hp=269100b80fe73aee931ef525477685f760c8ca86;hpb=417ce970216bcb6221d2e7335e89c65083cdecc5;p=infra.git diff --git a/commands b/commands index 269100b..aa2f808 100755 --- a/commands +++ b/commands @@ -1,22 +1,26 @@ #!/bin/bash com="$SSH_ORIGINAL_COMMAND" -if [[ "$UID" == 0 ]]; then +if [[ $UID == 0 ]]; then echo "Run script as non-root-user" exit fi -if [[ "$com" == "ask quiz certs" ]]; then +if [[ $com == "update certs" || $com == "force update certs" ]]; then + force=false + if [[ $com == "force update certs" ]]; then + force=true + fi folder=$(mktemp -d) # In argument 1 is the path of the certificates to update: $1.crt and $1.key function update_cert { name=$1 - if [[ -f $name.crt ]] && openssl x509 -checkend $((365*24*60*60)) -in $name.crt > /dev/null; then + if [[ -f $name.crt ]] && openssl x509 -checkend $((365*24*60*60)) -in $name.crt > /dev/null && ! $force; then echo "SKIP $name" else echo "ISSUE $name" openssl req -newkey rsa:4096 -subj "/CN=will-be-ignored" -nodes -out $folder/web.req -keyout $folder/web.key 2>/dev/null cat $folder/web.req read -r response - if [[ "$response" == "SUCCESS" ]]; then + if [[ $response == "SUCCESS" ]]; then # read certificate count read -r len printf '' > $folder/web.crt @@ -45,17 +49,19 @@ if [[ "$com" == "ask quiz certs" ]]; then update_cert "modules/quiz/files/client" update_cert "modules/gigi/files/gigi" update_cert "modules/gigi/files/client" + update_cert "modules/gitweb/files/web" + update_cert "modules/motion/files/motion" echo "DONE" [[ -f $folder/web.crt ]] && rm $folder/web.crt [[ -f $folder/web.req ]] && rm $folder/web.req [[ -f $folder/web.key ]] && rm $folder/web.key rmdir $folder -elif [[ "$com" == "reload quiz certs" ]]; then +elif [[ $com == "reload certs" ]]; then sudo puppet apply /etc/puppet/code/environments/production/manifests --verbose - sudo lxc-attach -n front-nginx -- puppet agent --verbose --test - sudo lxc-attach -n quiz -- puppet agent --verbose --test - sudo lxc-attach -n gigi -- puppet agent --verbose --test -elif [[ "$com" == "update crls" ]]; then + sudo lxc-attach -n front-nginx -- puppet agent --verbose --onetime --no-daemonize + sudo lxc-attach -n quiz -- puppet agent --verbose --onetime --no-daemonize + sudo lxc-attach -n gigi -- puppet agent --verbose --onetime --no-daemonize +elif [[ $com == "update crls" ]]; then if ! tar xv -C /data/crl; then echo "requiring tar" exit;