Use restart instead of reload to cope with services where reload doesn't pick up new certs.

Added -I option to install new binaries.
2022-07-28 19:34:33 +10:00 · 2022-07-28 19:34:33 +10:00 · 6ddb35c448
parent a44593e43b
commit 6ddb35c448
2 changed files with 34 additions and 13 deletions
--- a/README.md
+++ b/README.md
--- a/lehook.sh
+++ b/lehook.sh
@ -27,16 +27,33 @@ remotecertdir=/etc/ssl
 services="nginx httpd ngircd dovecot postfix"
 EOF
 	else
-		echo "$configfile already exists."
+		echo "$configfile already exists.  Did you mean -I? (install binary)"
 	fi
-	echo "Creating hardlinks in $DIR..."
-	cp -f $0 $DIR/lehook.sh
-	for x in pre post deploy; do
-		ln -f $DIR/lehook.sh $DIR/lehook-${x}.sh
-	done
-	ln -f $DIR/lehook.sh /usr/local/bin/lehook.sh
-	echo "Init complete.  Files are in $DIR."
-	echo "Main binary in /usr/local/bin/lehook.sh."
+        doinstall
+}
+
+function doinstall() {
+    local x
+    if [[ -z $DIR ]]; then
+        echo "Error: no install dir defined"
+        exit 1
+    elif [[ ! -d $DIR ]]; then
+        echo "Error: install dir $DIR doesn't exist"
+        exit 1
+    fi
+    echo "Creating hardlinks in $DIR..."
+    cp -f $0 $DIR/lehook.sh
+    for x in pre post deploy; do
+            ln -f $DIR/lehook.sh $DIR/lehook-${x}.sh
+    done
+    if [[ $(id -u) == "0" ]]; then
+        ln -f $DIR/lehook.sh /usr/local/bin/lehook.sh
+    else
+        echo "Calling sudo to install to /usr/local/bin, enter password if prompted"
+        sudo ln -f $DIR/lehook.sh /usr/local/bin/lehook.sh
+    fi
+    echo "Init complete.  Files are in $DIR."
+    echo "Main binary in /usr/local/bin/lehook.sh."
 }

 function out() {
@ -149,7 +166,7 @@ if [[ -e $configfile ]]; then
 	. $configfile
 fi

-ARGS="cd:fhiqr:s:v"
+ARGS="cd:fhiIqr:s:v"
 # TODO:  add renew mode
 # TODO:  add generate mode
 while getopts "$ARGS" i; do
@ -162,6 +179,10 @@ while getopts "$ARGS" i; do
 			usage;
                        exit 1;
 			;;
+		I)
+			doinstall;
+                        exit 0;
+			;;
 		i)
 			doinit;
                        exit 0;
@ -384,15 +405,15 @@ elif [[ $mode == "deploy" ]]; then
 					copycert $d/privkey.pem root@$r:$dest_priv
 					newcerts="$newcerts $domain"

-					out "* Reloading services"
+					out "* Restarting services"
 					inc
 					ssh root@$r "grep -qi 'Release 6' /etc/redhat-release 2>/dev/null"
 					if [[ $? -eq 0 ]]; then
 						checkcmd="chkconfig"
-						reloadcmd="service XX reload && echo Ok || echo failed"
+						reloadcmd="service XX restart && echo Ok || echo failed"
 					else
 						checkcmd="systemctl list-unit-files --state=enabled"
-						reloadcmd="systemctl reload XX"
+						reloadcmd="systemctl restart XX"
 					fi
 					enabled=$(ssh root@$r "$checkcmd" | awk '/:on|nabled/ { print $1 }')
 					nok=0