#!/bin/bash
com="$SSH_ORIGINAL_COMMAND"
-if [[ "$UID" == 0 ]]; then
+if [[ $UID == 0 ]]; then
echo "Run script as non-root-user"
exit
fi
-if [[ "$com" == "ask quiz certs" ]]; then
+if [[ $com == "update certs" || $com == "force update certs" ]]; then
+ force=false
+ if [[ $com == "force update certs" ]]; then
+ force=true
+ fi
folder=$(mktemp -d)
# In argument 1 is the path of the certificates to update: $1.crt and $1.key
function update_cert {
name=$1
- if [[ -f $name.crt ]] && openssl x509 -checkend $((365*24*60*60)) -in $name.crt > /dev/null; then
+ if [[ -f $name.crt ]] && openssl x509 -checkend $((365*24*60*60)) -in $name.crt > /dev/null && ! $force; then
echo "SKIP $name"
else
echo "ISSUE $name"
openssl req -newkey rsa:4096 -subj "/CN=will-be-ignored" -nodes -out $folder/web.req -keyout $folder/web.key 2>/dev/null
cat $folder/web.req
read -r response
- if [[ "$response" == "SUCCESS" ]]; then
+ if [[ $response == "SUCCESS" ]]; then
# read certificate count
read -r len
printf '' > $folder/web.crt
update_cert "modules/gigi/files/gigi"
update_cert "modules/gigi/files/client"
update_cert "modules/gitweb/files/web"
+ update_cert "modules/motion/files/motion"
echo "DONE"
[[ -f $folder/web.crt ]] && rm $folder/web.crt
[[ -f $folder/web.req ]] && rm $folder/web.req
[[ -f $folder/web.key ]] && rm $folder/web.key
rmdir $folder
-elif [[ "$com" == "reload quiz certs" ]]; then
+elif [[ $com == "reload certs" ]]; then
sudo puppet apply /etc/puppet/code/environments/production/manifests --verbose
- sudo lxc-attach -n front-nginx -- puppet agent --verbose --test
- sudo lxc-attach -n quiz -- puppet agent --verbose --test
- sudo lxc-attach -n gigi -- puppet agent --verbose --test
-elif [[ "$com" == "update crls" ]]; then
+ sudo lxc-attach -n front-nginx -- puppet agent --verbose --onetime --no-daemonize
+ sudo lxc-attach -n quiz -- puppet agent --verbose --onetime --no-daemonize
+ sudo lxc-attach -n gigi -- puppet agent --verbose --onetime --no-daemonize
+elif [[ $com == "update crls" ]]; then
if ! tar xv -C /data/crl; then
echo "requiring tar"
exit;