From: Giorgio Ravera <giorgio.ravera@gmail.com>
Date: Wed, 9 Sep 2020 20:19:13 +0000 (+0200)
Subject: Review update_certificate script
X-Git-Url: http://git.giorgioravera.it/?a=commitdiff_plain;h=2f17ea2f5390b0643bb9b6d2b00a556bedcb7c10;p=scripts.git

Review update_certificate script
---

diff --git a/update_certificate b/update_certificate
index e8ece4d..f30f2c8 100755
--- a/update_certificate
+++ b/update_certificate
@@ -1,20 +1,64 @@
 #!/bin/bash
 
-# Download
-echo " ------------------------------- "
-echo "| Updating Download Certificate |"
-echo " ------------------------------- "
-host="download.giorgioravera.it"
-user="root"
-ALIVE=$(ping -c 1 $host |grep ttl)
-if [ ! -z "$ALIVE" ]; then
-	rsync -rlptDv /etc/letsencrypt/archive $user@$host:/etc/letsencrypt/
-	rsync -rlptDv /etc/letsencrypt/live $user@$host:/etc/letsencrypt/
-	ssh $user@$host /etc/init.d/apache2 restart
-else
-	echo "Host $host not alive, skipped"
-fi
-echo ""
+# Parameters
+src_folder="/etc/letsencrypt/live/server.giorgioravera.it"
+src_cert="$src_folder/cert.pem"
+src_key="$src_folder/privkey.pem"
+src_chain="$src_folder/chain.pem"
+src_fullchain="$src_folder/fullchain.pem"
+dst_folder="/etc/ssl/giorgioravera.it/"
+dst_cert="$dst_folder/cert.pem"
+dst_key="$dst_folder/privkey.pem"
+dst_chain="$dst_folder/chain.pem"
+dst_fullchain="$dst_folder/fullchain.pem"
+dst_server="$dst_folder/server.pem"
+dst_tmp_folder="/tmp"
+dst_tmp_cert="$dst_tmp_folder/cert.pem"
+dst_tmp_key="$dst_tmp_folder/key.pem"
+dst_tmp_server="$dst_tmp_folder/server.pem"
+PATH="$PATH:/usr/local/bin"
+
+# Update Function
+function update_certificate () {
+	ALIVE=$(ping -c 1 $host |grep ttl)
+	if [ ! -z "$ALIVE" ]; then
+		ssh $user@$host mkdir -p $dst_folder
+		scp $src_cert $user@$host:$dst_cert
+		scp $src_key $user@$host:$dst_key
+		scp $src_chain $user@$host:$dst_chain
+		scp $src_fullchain $user@$host:$dst_fullchain
+		ssh $user@$host "cat $dst_cert > $dst_server"
+		ssh $user@$host "cat $dst_key >> $dst_server"
+		ssh $user@$host $command
+	else
+		echo "Host $host not alive, skipped"
+	fi
+}
+
+function copy_certificate () {
+	ALIVE=$(ping -c 1 $host |grep ttl)
+	if [ ! -z "$ALIVE" ]; then
+		scp $src_cert $user@$host:$dst_tmp_cert
+		scp $src_key $user@$host:$dst_tmp_key
+		ssh $user@$host "cat $dst_tmp_cert > $dst_tmp_server"
+		ssh $user@$host "cat $dst_tmp_key >> $dst_tmp_server"
+		ssh $user@$host $command
+		ssh $user@$host rm $dst_tmp_cert $dst_tmp_key $dst_tmp_server
+	else
+		echo "Host $host not alive, skipped"
+	fi
+}
+
+## Download
+#echo " ------------------------------- "
+#echo "| Updating Download Certificate |"
+#echo " ------------------------------- "
+#host="download.giorgioravera.it"
+#user="root"
+#command="/etc/init.d/apache2 restart"
+##command="systemctl restart apache2.service"
+#update_certificate
+#echo ""
 
 # Docker
 echo " ------------------------------- "
@@ -22,15 +66,8 @@ echo "| Updating Docker Certificate   |"
 echo " ------------------------------- "
 host="docker.giorgioravera.it"
 user="root"
-ALIVE=$(ping -c 1 $host |grep ttl)
-if [ ! -z "$ALIVE" ]; then
-	rsync -rlptDv /etc/letsencrypt/archive $user@$host:/etc/letsencrypt/
-	rsync -rlptDv /etc/letsencrypt/live $user@$host:/etc/letsencrypt/
-#	ssh $user@$host systemctl restart xo-server.service
-	ssh $user@$host docker container restart traefik
-else
-	echo "Host $host not alive, skipped"
-fi
+command="docker container restart traefik mosquitto"
+update_certificate
 echo ""
 
 # Asterisk
@@ -39,12 +76,15 @@ echo "| Updating Asterisk Certificate |"
 echo " ------------------------------- "
 host="asterisk.giorgioravera.it"
 user="root"
-ALIVE=$(ping -c 1 $host |grep ttl)
-if [ ! -z "$ALIVE" ]; then
-	update_certificate_asterisk
-else
-	echo "Host $host not alive, skipped"
-fi
+command="cat $dst_tmp_cert > /etc/asterisk/keys/Asterisk.crt &&
+	 cat $dst_tmp_key > /etc/asterisk/keys/Asterisk.key &&
+	 cat $dst_tmp_cert > /etc/httpd/pki/webserver.crt &&
+	 cat $dst_tmp_key > /etc/httpd/pki/webserver.key &&
+	 fwconsole certificate --import &&
+	 fwconsole certificate --default=0 &&
+	 fwconsole reload &&
+	 systemctl reload httpd.service"
+copy_certificate
 echo ""
 
 # NAS
@@ -53,16 +93,9 @@ echo "| Updating NAS Certificate      |"
 echo " ------------------------------- "
 host="nas.giorgioravera.it"
 user="admin"
-ALIVE=$(ping -c 1 $host |grep ttl)
-if [ ! -z "$ALIVE" ]; then
-	scp /etc/letsencrypt/live/server.giorgioravera.it/cert.pem $user@$host:/etc/stunnel
-	scp /etc/letsencrypt/live/server.giorgioravera.it/privkey.pem $user@$host:/etc/stunnel
-	ssh $user@$host 'cat /etc/stunnel/privkey.pem > /etc/stunnel/stunnel.pem'
-	ssh $user@$host 'cat /etc/stunnel/cert.pem >> /etc/stunnel/stunnel.pem'
-	ssh $user@$host /etc/init.d/stunnel.sh restart
-else
-	echo "Host $host not alive, skipped"
-fi
+command="cat $dst_tmp_server > /etc/stunnel/stunnel.pem &&
+	/etc/init.d/stunnel.sh restart"
+copy_certificate
 echo ""
 
 # Firewall
@@ -85,10 +118,7 @@ echo "| Updating Xenserver Certificate |"
 echo " ------------------------------- "
 host="xenserver.giorgioravera.it"
 user="root"
-ALIVE=$(ping -c 1 $host |grep ttl)
-if [ ! -z "$ALIVE" ]; then
-	update_certificate_xenserver
-else
-	echo "Host $host not alive, skipped"
-fi
+command="cat $dst_tmp_server > /etc/xensource/xapi-ssl.pem &&
+	 systemctl restart xapi.service"
+copy_certificate
 echo ""
diff --git a/update_certificate_asterisk b/update_certificate_asterisk
deleted file mode 100755
index f74cd66..0000000
--- a/update_certificate_asterisk
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/bash
-
-# Parameters
-host='asterisk.giorgioravera.it'
-username="root"
-cert_path="/etc/letsencrypt/live/server.giorgioravera.it"
-keyname="letsencrypt"
-certificate="cert.pem"
-privatekey="privkey.pem"
-
-# Replace old cert & key
-scp $cert_path/$certificate $username@$host:/etc/asterisk/keys/Asterisk.crt
-scp $cert_path/$privatekey $username@$host:/etc/asterisk/keys/Asterisk.key
-ssh $username@$host chown asterisk:asterisk /etc/asterisk/keys/Asterisk.crt
-ssh $username@$host chown asterisk:asterisk /etc/asterisk/keys/Asterisk.key
-ssh $username@$host fwconsole certificate --import
-ssh $username@$host fwconsole certificate --default=0
-ssh $username@$host fwconsole reload
-ssh $username@$host systemctl reload httpd.service
diff --git a/update_certificate_xenserver b/update_certificate_xenserver
deleted file mode 100755
index 4aab4c2..0000000
--- a/update_certificate_xenserver
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/bash
-
-# Parameters
-host='xenserver.giorgioravera.it'
-username="root"
-cert_path="/etc/letsencrypt/live/server.giorgioravera.it"
-keyname="letsencrypt"
-certificate="cert.pem"
-privatekey="privkey.pem"
-
-# Moving into temp dir
-cd /tmp
-
-# Replace old cert & key
-cat $cert_path/$certificate > xapi-ssl.pem
-cat $cert_path/$privatekey >> xapi-ssl.pem
-scp xapi-ssl.pem $username@$host:/etc/xensource
-ssh $username@$host chmod 400 /etc/xensource/xapi-ssl.pem
-ssh $username@$host systemctl restart xapi.service
-
-# Clean directory
-rm xapi-ssl.pem