voltron/NodeMgmt
1
1
Fork 0
Code Issues Pull Requests Releases 1 Activity

Update nodemgmt-scripts.sh

Browse Source
This commit is contained in:
David Schroeder
2019-02-06 23:12:35 -06:00
parent 18917b992a
commit 1081607544
1 changed files with 78 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
nodemgmt-scripts.sh
View File

@@ -109,44 +109,50 @@ NEWCERT(){
else else
NEW_CERT=${1} NEW_CERT=${1}
fi fi
if [[ ${NEW_CERT} == *","* ]]; then
IFS=','; NEW_CERTS=(${NEW_CERT}); unset IFS
MAIN_CERT=${NEW_CERTS[0]}
else
MAIN_CERT=${NEW_CERT}
fi
if [ "${NEW_CERT}" != "" ]; then if [ "${NEW_CERT}" != "" ]; then
echo -e "${idsCL[LightGreen]}Requesting Certificate for '${idsCL[Yellow]}${NEW_CERT}${idsCL[LightGreen]}'...${idsCL[Default]}" echo -e "${idsCL[LightGreen]}Requesting Certificate for '${idsCL[Yellow]}${NEW_CERT}${idsCL[LightGreen]}'...${idsCL[Default]}"
echo "" echo ""
do_with_root $CERT_DAEMON certonly --webroot -w /var/www/html -d ${NEW_CERT} do_with_root $CERT_DAEMON certonly --webroot -w /var/www/html -d ${NEW_CERT}
if [ -f /etc/letsencrypt/live/${NEW_CERT}/cert.pem ]; then if [ -f /etc/letsencrypt/live/${MAIN_CERT}/cert.pem ]; then
do_with_root chown -R root:letsencrypt /etc/letsencrypt do_with_root chown -R root:letsencrypt /etc/letsencrypt
do_with_root chmod -R 6775 /etc/letsencrypt do_with_root chmod -R 6775 /etc/letsencrypt
rm -f /opt/idssys/nodemgmt/cert-request.lastrun # rm -f /opt/idssys/nodemgmt/cert-request.lastrun
daterun=`date +%Y-%m-%d-%H-%M` # daterun=`date +%Y-%m-%d-%H-%M`
echo -e "${NEW_CERT}\n${daterun}" > /opt/idssys/nodemgmt/cert-request.lastrun # echo -e "${NEW_CERT}\n${daterun}" > /opt/idssys/nodemgmt/cert-request.lastrun
yes | cp -rfH /opt/idssys/nodemgmt/cert-request.lastrun /etc/letsencrypt/cert-request.lastrun # yes | cp -rfH /opt/idssys/nodemgmt/cert-request.lastrun /etc/letsencrypt/cert-request.lastrun
DIVIDER true # DIVIDER true
echo -en "${idsCL[LightYellow]}Waiting for certifcate replication between the nodes... ${idsCL[Default]}" # echo -en "${idsCL[LightYellow]}Waiting for certificate replication between the nodes... ${idsCL[Default]}"
checked=false # checked=false
timeout=`date --date='2 minutes' +%s` # timeout=`date --date='2 minutes' +%s`
until [ "${checked}" = "" ]; do # until [ "${checked}" = "" ]; do
tchecked='' # tchecked=''
for nip in "${NODE_HOSTS[@]}"; do # for nip in "${NODE_HOSTS[@]}"; do
if [[ $(/sbin/ip -o -4 addr list ens192 | awk '{print $4}' | cut -d/ -f1) == *"${nip}"* ]]; then NCMD='' # if [[ $(/sbin/ip -o -4 addr list ens192 | awk '{print $4}' | cut -d/ -f1) == *"${nip}"* ]]; then NCMD=''
else NCMD="ssh root@${nip}" # else NCMD="ssh root@${nip}"
fi # fi
if [ "${NCMD}" != "" ]; then # if [ "${NCMD}" != "" ]; then
tchecked+=`${NCMD} "cat /etc/letsencrypt/cert-request.lastrun" | diff - /etc/letsencrypt/cert-request.lastrun` # tchecked+=`${NCMD} "cat /etc/letsencrypt/cert-request.lastrun" | diff - /etc/letsencrypt/cert-request.lastrun`
fi # fi
done # done
checked=${tchecked} # checked=${tchecked}
if [ "`date +%s`" -gt "$timeout" ]; then # if [ "`date +%s`" -gt "$timeout" ]; then
echo -e "${idsCL[Red]}Timeout${idsCL[Default]}" # echo -e "${idsCL[Red]}Timeout${idsCL[Default]}"
timeout=true # timeout=true
echo "Timeout occured in waiting for replication between nodes." | mail -s "Cert-Request" ${STATUS_CHECK_EMAIL} # echo "Timeout occured in waiting for replication between nodes. (${NEW_CERT})" | mail -s "Cert-Request" ${STATUS_CHECK_EMAIL}
break # break
fi # fi
done # done
if [ "${timeout}" != "true" ]; then # if [ "${timeout}" != "true" ]; then
echo -e "${idsCL[Green]}Completed${idsCL[Default]}" # echo -e "${idsCL[Green]}Completed${idsCL[Default]}"
fi # fi
echo # echo
SERVICE nginx reload # SERVICE nginx reload
echo -e "${idsCL[Green]}Certificate has been successfully created for '${idsCL[Yellow]}${NEW_CERT}${idsCL[Green]}'...${idsCL[Default]}" echo -e "${idsCL[Green]}Certificate has been successfully created for '${idsCL[Yellow]}${NEW_CERT}${idsCL[Green]}'...${idsCL[Default]}"
else else
echo "" echo ""
@@ -175,7 +181,7 @@ CERTRENEW(){
daterun=`date +%Y-%m-%d-%H-%M` daterun=`date +%Y-%m-%d-%H-%M`
echo -e "${daterun}" >> /etc/letsencrypt/cert-renewal.lastrun echo -e "${daterun}" >> /etc/letsencrypt/cert-renewal.lastrun
DIVIDER true DIVIDER true
echo -en "${idsCL[LightYellow]}Waiting for certifcate replication between the nodes... ${idsCL[Default]}" echo -en "${idsCL[LightYellow]}Waiting for certificate replication between the nodes... ${idsCL[Default]}"
checked=false checked=false
timeout=`date --date='2 minutes' +%s` timeout=`date --date='2 minutes' +%s`
until [ "${checked}" = "" ]; do until [ "${checked}" = "" ]; do
@@ -465,7 +471,7 @@ NEWSITE(){
echo "" echo ""
echo -e "Usage: ${idsCL[Yellow]}nodemgmt newcert${idsCL[Default]} {" echo -e "Usage: ${idsCL[Yellow]}nodemgmt newcert${idsCL[Default]} {"
width=33 width=33
printf "%-${width}s- %s\n" " -site {FQDN address(,es)}" "(new site and aliases, comma seperated)" printf "%-${width}s- %s\n" " -site {FQDN address(,es)}" "(new site and aliases, comma separated)"
printf "%-${width}s- %s\n" " -ssl {yes or no}" "(defaults to yes)" printf "%-${width}s- %s\n" " -ssl {yes or no}" "(defaults to yes)"
printf "%-${width}s- %s\n" " -type {'local' or 'proxy'}" "(defaults to local)" printf "%-${width}s- %s\n" " -type {'local' or 'proxy'}" "(defaults to local)"
printf "%-${width}s- %s\n" " -port {host port}" "(proxy backend host)" printf "%-${width}s- %s\n" " -port {host port}" "(proxy backend host)"
@@ -612,7 +618,7 @@ NEWSITE(){
fi fi
echo -e " echo -e "
server_name ${NGINX_SERVERNAME};" >> /etc/nginx/sites-available/${MAIN_SITE} server_name ${NGINX_SERVERNAME};" >> /etc/nginx/sites-available/${MAIN_SITE}
if [ "${CREATE_SSL}" = "yes" ]; then if [ "${CREATE_SSL}" = "yes" ]; then
echo -e " echo -e "
include conf.d/include/letsencrypt-acme-challenge.conf; include conf.d/include/letsencrypt-acme-challenge.conf;
include conf.d/include/ssl-ciphers.conf; include conf.d/include/ssl-ciphers.conf;
@@ -634,9 +640,44 @@ NEWSITE(){
ln -s /etc/nginx/sites-available/${MAIN_SITE} /etc/nginx/sites-enabled/${MAIN_SITE} ln -s /etc/nginx/sites-available/${MAIN_SITE} /etc/nginx/sites-enabled/${MAIN_SITE}
if [ "${CREATE_SSL}" = "yes" ]; then if [ "${CREATE_SSL}" = "yes" ]; then
NEWCERT ${NEW_SITE} NEWCERT ${NEW_SITE}
else
SERVICE nginx reload
fi fi
rm -f /opt/idssys/nodemgmt/new-site.lastrun
daterun=`date +%Y-%m-%d-%H-%M`
echo -e "${NEW_SITE}\n${daterun}" > /opt/idssys/nodemgmt/new-site.lastrun
yes | cp -rfH /opt/idssys/nodemgmt/new-site.lastrun /etc/nginx/new-site.lastrun
yes | cp -rfH /opt/idssys/nodemgmt/new-site.lastrun /var/www/new-site.lastrun
daterun=`date +%Y-%m-%d-%H-%M`
echo -e "${daterun}" >> /etc/nginx/new-site.lastrun
DIVIDER true
echo -en "${idsCL[LightYellow]}Waiting for certificate replication between the nodes... ${idsCL[Default]}"
checked=false
timeout=`date --date='2 minutes' +%s`
until [ "${checked}" = "" ]; do
tchecked=''
for nip in "${NODE_HOSTS[@]}"; do
if [[ $(/sbin/ip -o -4 addr list ens192 | awk '{print $4}' | cut -d/ -f1) == *"${nip}"* ]]; then NCMD=''
else NCMD="ssh root@${nip}"
fi
if [ "${NCMD}" != "" ]; then
tchecked+=`${NCMD} "cat /etc/nginx/new-site.lastrun" | diff - /etc/nginx/new-site.lastrun`
tchecked+=`${NCMD} "cat /var/www/new-site.lastrun" | diff - /var/www/new-site.lastrun`
fi
done
checked=${tchecked}
if [ "`date +%s`" -gt "$timeout" ]; then
echo -e "${idsCL[Red]}Timeout${idsCL[Default]}"
timeout=true
echo "Timeout occurred in waiting for replication between nodes." | mail -s "New-Site" ${STATUS_CHECK_EMAIL}
break
fi
done
if [ "${timeout}" != "true" ]; then
echo -e "${idsCL[Green]}Completed${idsCL[Default]}"
fi
echo
SERVICE nginx reload
echo "" echo ""
echo -e "${idsCL[LightGreen]}The new site for '${idsCL[LightGreen]}${NEW_SITE}${idsCL[Default]}' has been created.${idsCL[Default]}" echo -e "${idsCL[LightGreen]}The new site for '${idsCL[LightGreen]}${NEW_SITE}${idsCL[Default]}' has been created.${idsCL[Default]}"
echo "" echo ""