ansible-role-keycloak/templates/keycloak-letsencrypt-hook.j2

41 lines
1.4 KiB
Plaintext
Raw Normal View History

2022-09-23 13:52:06 +02:00
#!/bin/bash
LE_CERTS_DIR="{{ letsencrypt_acme_sh_certificates_install_path }}"
LE_LOG_DIR=/var/log/letsencrypt
LE_LOGFILE="$LE_LOG_DIR/keycloak.log"
KEYCLOAK_CERTS_DIR="{{ keycloak_conf_directory }}"
KEYCLOAK_KEYFILE="{{ keycloak_conf_directory }}/server.key.pem"
keycloak_CERTFILE="{{ keycloak_conf_directory }}/server.crt.pem"
DATE=$( date )
RETVAL=
[ ! -d $LE_LOG_DIR ] && mkdir $LE_LOG_DIR
echo "$DATE" >> "$LE_LOGFILE"
logger "acme-keycloak-hook: Check if the certificate has been renewed"
cmp ${LE_CERTS_DIR}/privkey ${KEYCLOAK_KEYFILE}
RETVAL=$?
if [ $RETVAL -eq 0 ] ; then
logger "acme-keycloak-hook: No new cerficate."
echo "acme-keycloak-hook: No new cerficate." >> $LE_LOGFILE
exit 0
else
logger "acme-keycloak-hook: Copying the key file"
echo "Copy the certificate files" >> $LE_LOGFILE
/bin/cp -f ${LE_CERTS_DIR}/privkey ${KEYCLOAK_KEYFILE}
/bin/cp -f ${LE_CERTS_DIR}/fullchain ${KEYCLOAK_CERTFILE}
fi
chmod 440 ${KEYCLOAK_KEYFILE} ${KEYCLOAK_CERTFILE}
chown root ${KEYCLOAK_KEYFILE} ${KEYCLOAK_CERTFILE}
chgrp keycloak ${KEYCLOAK_KEYFILE} ${KEYCLOAK_CERTFILE}
2022-09-24 18:12:14 +02:00
logger "acme-keycloak-hook: Restart the {{ keycloak_service_name }} service after a certificate renewal"
systemctl restart {{ keycloak_service_name }} >> $LE_LOGFILE 2>&1
echo "acme-keycloak-hook: Restart the {{ keycloak_service_name }} service" >> $LE_LOGFILE
2022-09-23 13:52:06 +02:00
logger "acme-keycloak-hook: Done"
echo "acme-keycloak-hook: Done." >> $LE_LOGFILE
exit 0