rob
/
lehook
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Use restart instead of reload to cope with services where reload doesn't pick up new certs. 

Added -I option to install new binaries.
This commit is contained in:
Rob Pearce 2022-07-28 19:34:33 +10:00
parent a44593e43b
commit 6ddb35c448
2 changed files with 34 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
README.md Normal file → Executable file
View File

31
lehook.sh
View File

@ -27,14 +27,31 @@ remotecertdir=/etc/ssl
services="nginx httpd ngircd dovecot postfix" services="nginx httpd ngircd dovecot postfix"
EOF EOF
else else
echo "$configfile already exists." echo "$configfile already exists. Did you mean -I? (install binary)"
fi
doinstall
}
function doinstall() {
local x
if [[ -z $DIR ]]; then
echo "Error: no install dir defined"
exit 1
elif [[ ! -d $DIR ]]; then
echo "Error: install dir $DIR doesn't exist"
exit 1
fi fi
echo "Creating hardlinks in $DIR..." echo "Creating hardlinks in $DIR..."
cp -f $0 $DIR/lehook.sh cp -f $0 $DIR/lehook.sh
for x in pre post deploy; do for x in pre post deploy; do
ln -f $DIR/lehook.sh $DIR/lehook-${x}.sh ln -f $DIR/lehook.sh $DIR/lehook-${x}.sh
done done
if [[ $(id -u) == "0" ]]; then
ln -f $DIR/lehook.sh /usr/local/bin/lehook.sh ln -f $DIR/lehook.sh /usr/local/bin/lehook.sh
else
echo "Calling sudo to install to /usr/local/bin, enter password if prompted"
sudo ln -f $DIR/lehook.sh /usr/local/bin/lehook.sh
fi
echo "Init complete. Files are in $DIR." echo "Init complete. Files are in $DIR."
echo "Main binary in /usr/local/bin/lehook.sh." echo "Main binary in /usr/local/bin/lehook.sh."
} }
@ -149,7 +166,7 @@ if [[ -e $configfile ]]; then
. $configfile . $configfile
fi fi
ARGS="cd:fhiqr:s:v" ARGS="cd:fhiIqr:s:v"
# TODO: add renew mode # TODO: add renew mode
# TODO: add generate mode # TODO: add generate mode
while getopts "$ARGS" i; do while getopts "$ARGS" i; do
@ -162,6 +179,10 @@ while getopts "$ARGS" i; do
usage; usage;
exit 1; exit 1;
;; ;;
I)
doinstall;
exit 0;
;;
i) i)
doinit; doinit;
exit 0; exit 0;
@ -384,15 +405,15 @@ elif [[ $mode == "deploy" ]]; then
copycert $d/privkey.pem root@$r:$dest_priv copycert $d/privkey.pem root@$r:$dest_priv
newcerts="$newcerts $domain" newcerts="$newcerts $domain"
out "* Reloading services" out "* Restarting services"
inc inc
ssh root@$r "grep -qi 'Release 6' /etc/redhat-release 2>/dev/null" ssh root@$r "grep -qi 'Release 6' /etc/redhat-release 2>/dev/null"
if [[ $? -eq 0 ]]; then if [[ $? -eq 0 ]]; then
checkcmd="chkconfig" checkcmd="chkconfig"
reloadcmd="service XX reload && echo Ok || echo failed" reloadcmd="service XX restart && echo Ok || echo failed"
else else
checkcmd="systemctl list-unit-files --state=enabled" checkcmd="systemctl list-unit-files --state=enabled"
reloadcmd="systemctl reload XX" reloadcmd="systemctl restart XX"
fi fi
enabled=$(ssh root@$r "$checkcmd" | awk '/:on|nabled/ { print $1 }') enabled=$(ssh root@$r "$checkcmd" | awk '/:on|nabled/ { print $1 }')
nok=0 nok=0