adellam
/
ansible-roles
forked from ISTI-ansible-roles/ansible-roles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixed the letsencrypt hook for orientdb.

This commit is contained in:
Andrea Dell'Amico 2018-08-28 12:02:29 +02:00
parent 29a751eb22
commit e3f9ea4803
1 changed files with 17 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
orientdb/templates/orientdb-letsencrypt-acme.sh.j2
View File

@ -1,16 +1,17 @@
#!/bin/bash #!/bin/bash
RETVAL= ORIENTDB_ENABLED="{{ orientdb_enabled }}"
RETVAL=0
# Add the CA certificate if it's not already present # Add the CA certificate if it's not already present
keytool -list -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt | grep {{ java_keyring_letsencrypt_trusted_ca }} keytool -list -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt | grep {{ java_keyring_letsencrypt_trusted_ca }}
RETVAL=$? RETVAL=$?
if [ $RETVAL -ne 0 ] ; then if [ $RETVAL -ne 0 ] ; then
keytool -trustcacerts -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt -importcert -alias {{ java_keyring_letsencrypt_trusted_ca }} -dname "CN={{ ansible_fqdn }}" -file {{ letsencrypt_acme_certs_dir }}/chain keytool -trustcacerts -keystore "{{ java_keyring_file }}" -storepass {{ java_keyring_pwd }} -noprompt -importcert -alias "{{ java_keyring_letsencrypt_trusted_ca }}" -dname "CN={{ ansible_fqdn }}" -file "{{ letsencrypt_acme_certs_dir }}/chain"
fi fi
# Remove the old certificate # Remove the old certificate
keytool -storepass {{ java_keyring_pwd }} -keystore {{ java_keyring_file }} -delete -alias {{ ansible_fqdn }} keytool -storepass {{ java_keyring_pwd }} -keystore "{{ java_keyring_file }}" -delete -alias "{{ ansible_fqdn }}"
# Check if the old certificate is still present. If so, we have a problem. Otherwise, import the new one # Check if the old certificate is still present. If so, we have a problem. Otherwise, import the new one
keytool -list -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt | grep {{ ansible_fqdn }} keytool -list -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt | grep {{ ansible_fqdn }}
@ -24,13 +25,18 @@ else
exit 1 exit 1
fi fi
chmod 440 {{ java_keyring_file }} chmod 440 "{{ java_keyring_file }}"
chgrp {{ orientdb_user }} {{ java_keyring_file }} chgrp {{ orientdb_user }} "{{ java_keyring_file }}"
logger "orientdb letsencrypt hook: shut down orientdb."
/etc/init.d/orientdb stop if [ "$ORIENTDB_ENABLED" == "True" ] ; then
sleep 30 logger "orientdb letsencrypt hook: shut down orientdb."
/etc/init.d/orientdb start /etc/init.d/orientdb stop
logger "orientdb letsencrypt hook: start orientdb." sleep 30
/etc/init.d/orientdb start
logger "orientdb letsencrypt hook: start orientdb."
else
logger "orientdb letsencrypt hook: the service is disabled, we do not restart it."
fi
logger "orientdb letsencrypt hook: the keystore has been updated with the renewed certificate." logger "orientdb letsencrypt hook: the keystore has been updated with the renewed certificate."
exit 0 exit $RETVAL