voltron/NodeMgmt
1
1
Fork 0
Code Issues Pull Requests Releases 1 Activity

update

Browse Source
This commit is contained in:
David Schroeder
2023-11-22 23:09:02 -06:00
parent 26dd6b81ae
commit 00640cf822
2 changed files with 19 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
inc/certs.inc
View File

@@ -155,7 +155,7 @@ NIGHTLYRENEW(){
CONCAT_SSL CONCAT_SSL
chown -R root:le ${NM_CERTPATH} chown -R root:le ${NM_CERTPATH}
chmod -R 6775 ${NM_CERTPATH} chmod -R 6775 ${NM_CERTPATH}
SERVICE_MGMT nginx reload >> ${NM_LOGFOLDER}/cert-renewal.lastrun SERVICE_MGMT nginx reload
} }
CONCAT_SSL(){ CONCAT_SSL(){
@@ -621,6 +621,17 @@ CHECK-CERTS(){
fi fi
} }
UPGRADECERTS(){
ssldir=$(${NCMD} find ${NM_CERTPATH}/live/* -type d)
i=1
for certdir in ${ssldir[@]}; do
SUBJECTNAMES=$(${NCMD} openssl x509 -in ${certdir}/cert.pem -noout -text|grep -oP '(?<=DNS:|IP Address:)[^,]+'|sort -uV)
SUBJECTNAMES=${SUBJECTNAMES//$'\n'/, }
SUBJECTNAMES=${SUBJECTNAMES//, /,}
echo "$certdir = $SUBJECTNAMES "
done
}

11
nodemgmt-scripts.sh
View File

@@ -453,7 +453,7 @@ export PDNS_Ttl=60
LIVEMD5=$(ssh -q root@${NM_VC_HOSTNAME} "md5sum /etc/vmware-rhttpproxy/ssl/rui.crt | cut -d\ -f1") LIVEMD5=$(ssh -q root@${NM_VC_HOSTNAME} "md5sum /etc/vmware-rhttpproxy/ssl/rui.crt | cut -d\ -f1")
CURRENTMD5=$(ssh -q root@${NM_VC_HOSTNAME} "md5sum ${VC_CERT} | cut -d\ -f1") CURRENTMD5=$(ssh -q root@${NM_VC_HOSTNAME} "md5sum ${VC_CERT} | cut -d\ -f1")
if [ "$LIVEMD5" == "$CURRENTMD5" ] && [ "${1}" != "forcexx" ]; then if [ "$LIVEMD5" == "$CURRENTMD5" ] && [ "${1}" != "force" ]; then
echo -e "${idsCL[Yellow]}Certificates remains the same, no newer certificates exist${idsCL[Default]}" echo -e "${idsCL[Yellow]}Certificates remains the same, no newer certificates exist${idsCL[Default]}"
echo echo
exit 0 exit 0
@@ -463,12 +463,13 @@ export PDNS_Ttl=60
echo -e "${idsCL[LightCyan]}This process make take up to 10mins${idsCL[Default]}" echo -e "${idsCL[LightCyan]}This process make take up to 10mins${idsCL[Default]}"
echo echo
# ssh -q root@${NM_VC_HOSTNAME} "(printf '1\n%s\n' '${NM_VC_USER}'; sleep 1; printf '%s\n' '${NM_VC_PASS}'; sleep 1; printf '2\n'; sleep 1; printf '%s\n%s\n%s\ny\n\n' '${VC_CERT}' '${VC_KEY}' '${VC_CHAIN}') | setsid /usr/lib/vmware-vmca/bin/certificate-manager" ssh -q root@${NM_VC_HOSTNAME} "(printf '1\n%s\n' '${NM_VC_USER}'; sleep 1; printf '%s\n' '${NM_VC_PASS}'; sleep 1; printf '2\n'; sleep 1; printf '%s\n%s\n%s\ny\n\n' '${VC_CERT}' '${VC_KEY}' '${VC_CHAIN}') | setsid /usr/lib/vmware-vmca/bin/certificate-manager"
SENDNOTICE "vCenter SSL Updated" "Refresh/rescan any systems connecting to vcenter like Veeam"
ssh -q root@${NM_VC_HOSTNAME} "rm -f /tmp/vcenter-update-ssl.sh" ssh -q root@${NM_VC_HOSTNAME} "rm -f /tmp/vcenter-update-ssl.sh"
rm -f /tmp/vcenter-update-ssl.sh rm -f /tmp/vcenter-update-ssl.sh
echo -e "\n${idsCL[Green]}The vCenter certifcate has been updated${idsCL[Default]}" echo -e "\n${idsCL[Green]}The vCenter certifcate has been updated${idsCL[Default]}"
echo -e "${idsCL[LightCyan]}Don't forget to re-scan the vCenter connection in Veeam${idsCL[Default]}\n" echo -e "${idsCL[LightCyan]}Don't forget to re-scan the vCenter connection in Veeam${idsCL[Default]}\n"
else else
@@ -859,10 +860,12 @@ GUI(){
copynpmcerts) COPYCERTS_NPM ${2};; copynpmcerts) COPYCERTS_NPM ${2};;
checknpmcerts) CHECK_NPMCERTS;; checknpmcerts) CHECK_NPMCERTS;;
checkcerts) CHECK-CERTS ${2} ${3} ${4} ${5} ${6};; checkcerts) CHECK-CERTS ${2} ${3} ${4} ${5} ${6};;
upgradecerts) UPGRADECERTS ${2} ${3} ${4};;
nightlyrenew) nightlyrenew)
if [ "${2}" == "q" ]; then if [ "${2}" == "q" ]; then
exec 3>&1 >>${NM_LOGFOLDER}/cert-renewal.lastrun 2>&1 exec 3>&1 >>${NM_LOGFOLDER}/cert-renewal.lastrun 2>&1
echo "$(date +%Y-%m-%d-%H-%M-%S) #### vCenter Update Initiated ####" echo "$(date +%Y-%m-%d-%H-%M-%S) #### Nightly Cert Renewal check Initiated ####"
mv -f ${NM_LOGFOLDER}/cert-renewal1.lastrun ${NM_LOGFOLDER}/cert-renewal2.lastrun mv -f ${NM_LOGFOLDER}/cert-renewal1.lastrun ${NM_LOGFOLDER}/cert-renewal2.lastrun
mv -f ${NM_LOGFOLDER}/cert-renewal.lastrun ${NM_LOGFOLDER}/cert-renewal1.lastrun mv -f ${NM_LOGFOLDER}/cert-renewal.lastrun ${NM_LOGFOLDER}/cert-renewal1.lastrun
fi fi