v1.4.3
This commit is contained in:
@@ -15,3 +15,6 @@ KEY_FILE=/etc/pki/tls/private/example.com.pem
|
||||
KEY_OWNER=root
|
||||
KEY_GROUP=root
|
||||
KEY_MODE=0600
|
||||
|
||||
SERVICE=someservice
|
||||
ACTION=reload
|
||||
|
||||
15
md-message
15
md-message
@@ -30,9 +30,20 @@ case $1 in
|
||||
fi
|
||||
if [[ -z $MD_RENEWED_HOST_DIR ]]; then
|
||||
echo $(date) $(hostname) > $MD_RENEWED_DIR/renewed/$DOMAIN
|
||||
rm -f $MD_RENEWED_DIR/installed/$DOMAIN
|
||||
else
|
||||
mkdir -p $MD_RENEWED_DIR/renewed/$MD_RENEWED_HOST_DIR
|
||||
echo $(date) $(hostname) > $MD_RENEWED_DIR/renewed/$MD_RENEWED_HOST_DIR/$DOMAIN
|
||||
for f in $MD_RENEWED_DIR/renewed/*/; do
|
||||
if [[ ! -d "$f" ]]; then
|
||||
continue
|
||||
fi
|
||||
echo $(date) $(hostname) > ${f}${DOMAIN}
|
||||
done
|
||||
for f in $MD_RENEWED_DIR/installed/*/; do
|
||||
if [[ ! -d "$f" ]]; then
|
||||
continue
|
||||
fi
|
||||
rm -f ${f}${DOMAIN}
|
||||
done
|
||||
fi
|
||||
;;
|
||||
installed)
|
||||
|
||||
@@ -23,12 +23,12 @@ fi
|
||||
|
||||
if [[ ! -d $MD_RENEWED_INSTALLING_TARGET ]]; then
|
||||
mkdir -p $MD_RENEWED_INSTALLING_TARGET
|
||||
chown apache.apache $MD_RENEWED_INSTALLING_TARGET
|
||||
chown ${MD_USER}.${MD_GROUP} $MD_RENEWED_INSTALLING_TARGET
|
||||
fi
|
||||
|
||||
if [[ ! -d $MD_RENEWED_INSTALLED_TARGET ]]; then
|
||||
mkdir -p $MD_RENEWED_INSTALLED_TARGET
|
||||
chown apache.apache $MD_RENEWED_INSTALLED_TARGET
|
||||
chown ${MD_USER}.${MD_GROUP} $MD_RENEWED_INSTALLED_TARGET
|
||||
fi
|
||||
|
||||
echo "md-renewed.service Looking for our domains: ${MYDOMAINS[*]}"
|
||||
@@ -51,7 +51,6 @@ done
|
||||
|
||||
if [[ $HTTPD_RELOAD == y ]]; then
|
||||
echo "md-renewed.service Restarting apache."
|
||||
sleep $[ ( $RANDOM % 60 ) + 1 ]s
|
||||
/usr/bin/systemctl reload httpd
|
||||
fi
|
||||
|
||||
|
||||
@@ -40,34 +40,65 @@ function run_copy
|
||||
local DOMAIN="$1"
|
||||
local CONFIG="$2"
|
||||
|
||||
CERT_OWNER=""
|
||||
CERT_GROUP=""
|
||||
CERT_MODE=""
|
||||
CERT_OWNER="root"
|
||||
CERT_GROUP="root"
|
||||
CERT_MODE="0700"
|
||||
CERT_FILE=""
|
||||
KEY_OWNER=""
|
||||
KEY_GROUP=""
|
||||
KEY_MODE=""
|
||||
KEY_OWNER="root"
|
||||
KEY_GROUP="root"
|
||||
KEY_MODE="0700"
|
||||
KEY_FILE=""
|
||||
SERVICE=""
|
||||
ACRION="restart"
|
||||
|
||||
. $CONFIG
|
||||
|
||||
[[ -z $CERT_FILE ]] && exit 0;
|
||||
|
||||
if [[ -z $KEY_FILE ]]; then
|
||||
KEY_FILE="$CERT_FILE"
|
||||
TEMP_CERT_FILE=$(mktemp)
|
||||
|
||||
if [[ ! -z $KEY_FILE ]]; then
|
||||
TEMP_KEY_FILE=$(mktemp)
|
||||
fi
|
||||
|
||||
cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem > $CERT_FILE
|
||||
OLD_UMASK=$(umask)
|
||||
umask 0077
|
||||
DO_ACTION=n
|
||||
|
||||
set_permissions "$CERT_FILE" "$CERT_OWNER" "$CERT_GROUP" "$CERT_MODE"
|
||||
if [[ ! -z $KEY_FILE && $KEY_FILE != $CERT_FILE ]]; then
|
||||
cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem > $TEMP_CERT_FILE
|
||||
cat ${MOD_MD_DIR}/domains/$DOMAIN/privkey.pem > $TEMP_KEY_FILE
|
||||
|
||||
if [[ $CERT_FILE != $KEY_FILE ]]; then
|
||||
cat ${MOD_MD_DIR}/domains/$DOMAIN/privkey.pem > $KEY_FILE
|
||||
if [[ $(md5sum $TEMP_CERT_FILE) != $(md5sum $CERT_FILE) ]]; then
|
||||
cp -f $TEMP_CERT_FILE $CERT_FILE
|
||||
set_permissions "$CERT_FILE" "$CERT_OWNER" "$CERT_GROUP" "$CERT_MODE"
|
||||
DO_ACTION=y
|
||||
fi
|
||||
rm -f $TEMP_CERT_FILE
|
||||
|
||||
if [[ $(md5sum $TEMP_KEY_FILE) != $(md5sum $KEY_FILE) ]]; then
|
||||
cp -f $TEMP_KEY_FILE $KEY_FILE
|
||||
set_permissions "$KEY_FILE" "$KEY_OWNER" "$KEY_GROUP" "$KEY_MODE"
|
||||
DO_ACTION=y
|
||||
fi
|
||||
rm -f $TEMP_KEY_FILE
|
||||
else
|
||||
cat ${MOD_MD_DIR}/domains/$DOMAIN/privkey.pem >> $KEY_FILE
|
||||
fi
|
||||
cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem > $TEMP_CERT_FILE
|
||||
cat ${MOD_MD_DIR}/domains/$DOMAIN/privkey.pem >> $TEMP_CERT_FILE
|
||||
|
||||
set_permissions "$KEY_FILE" "$KEY_OWNER" "$KEY_GROUP" "$KEY_MODE"
|
||||
if [[ $(md5sum $TEMP_CERT_FILE) != $(md5sum $CERT_FILE) ]]; then
|
||||
cp -f $TEMP_CERT_FILE $CERT_FILE
|
||||
set_permissions "$CERT_FILE" "$CERT_OWNER" "$CERT_GROUP" "$CERT_MODE"
|
||||
DO_ACTION=y
|
||||
fi
|
||||
rm -f $TEMP_CERT_FILE
|
||||
fi
|
||||
umask $OLD_UMASK
|
||||
|
||||
if [[ $DO_ACTION == y && ! -z $SERVICE ]]; then
|
||||
ACTION=${ACTION:-restart}
|
||||
/usr/bin/systemctl $ACTION $SERVICE > /dev/null 2>&1
|
||||
fi
|
||||
}
|
||||
|
||||
function run_service
|
||||
@@ -81,9 +112,7 @@ function run_service
|
||||
|
||||
[[ -z $SERVICE ]] && exit 0;
|
||||
|
||||
if [[ -z $ACTION ]]; then
|
||||
ACTION="restart"
|
||||
fi
|
||||
ACTION=${ACTION:-restart}
|
||||
|
||||
/usr/bin/systemctl $ACTION $SERVICE > /dev/null 2>&1
|
||||
}
|
||||
@@ -102,8 +131,6 @@ function domain_renew
|
||||
done
|
||||
}
|
||||
|
||||
HTTP_RELOAD=n
|
||||
|
||||
if [ -z $MD_RENEWED_HOST_DIR ]; then
|
||||
MD_RENEWED_INSTALLING_TARGET=${MD_RENEWED_DIR}/installing
|
||||
MD_RENEWED_INSTALLED_TARGET=${MD_RENEWED_DIR}/installed
|
||||
@@ -114,12 +141,12 @@ fi
|
||||
|
||||
if [[ ! -d $MD_RENEWED_INSTALLING_TARGET ]]; then
|
||||
mkdir -p $MD_RENEWED_INSTALLING_TARGET
|
||||
chown apache.apache $MD_RENEWED_INSTALLING_TARGET
|
||||
chown ${MD_USER}.${MD_GROUP} $MD_RENEWED_INSTALLING_TARGET
|
||||
fi
|
||||
|
||||
if [[ ! -d $MD_RENEWED_INSTALLED_TARGET ]]; then
|
||||
mkdir -p $MD_RENEWED_INSTALLED_TARGET
|
||||
chown apache.apache $MD_RENEWED_INSTALLED_TARGET
|
||||
chown ${MD_USER}.${MD_GROUP} $MD_RENEWED_INSTALLED_TARGET
|
||||
fi
|
||||
|
||||
echo "md-renewed-install.service Looking for our domains: ${MYDOMAINS[*]}"
|
||||
@@ -132,52 +159,33 @@ for f in ${MD_RENEWED_INSTALLING_TARGET}/*; do
|
||||
rm -f $f
|
||||
echo "md-renewed-install.service Checking domain $DOMAIN"
|
||||
|
||||
if [[ ! -f $MD_RENEWED_INSTALLED_TARGET/$DOMAIN ]]; then
|
||||
echo "md-renewed-install.service Installing domain $DOMAIN"
|
||||
touch $MD_RENEWED_INSTALLED_TARGET/$DOMAIN
|
||||
echo "md-renewed-install.service Installing domain $DOMAIN"
|
||||
touch $MD_RENEWED_INSTALLED_TARGET/$DOMAIN
|
||||
|
||||
if [[ -d /etc/md-renewed/$DOMAIN ]]; then
|
||||
domain_renew "$DOMAIN"
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ $1 == "force" ]]; then
|
||||
echo "md-renewed-install.service Looking for our already installed domains: ${MYDOMAINS[*]}"
|
||||
for f in ${MOD_MD_DIR}/domains/*; do
|
||||
if [[ ! -d $f ]]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
DOMAIN=$(basename $f)
|
||||
|
||||
echo "md-renewed-install.service Checking already installed domain $DOMAIN"
|
||||
|
||||
if [[ ! -f $MD_RENEWED_INSTALLED_TARGET/$DOMAIN ]]; then
|
||||
touch $MD_RENEWED_INSTALLED_TARGET/$DOMAIN
|
||||
fi
|
||||
|
||||
if [[ -d /etc/md-renewed/$DOMAIN ]]; then
|
||||
domain_renew "$DOMAIN"
|
||||
fi
|
||||
|
||||
for i in ${MYDOMAINS[@]}; do
|
||||
if [[ $DOMAIN == $i ]]; then
|
||||
echo "md-renewed-install.service $DOMAIN is our."
|
||||
HTTPD_RELOAD=y
|
||||
fi
|
||||
done
|
||||
fi
|
||||
done
|
||||
|
||||
echo "md-renewed-install.service Looking for our already installed domains: ${MYDOMAINS[*]}"
|
||||
for f in ${MOD_MD_DIR}/domains/*; do
|
||||
if [[ ! -d $f ]]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
DOMAIN=$(basename $f)
|
||||
echo "md-renewed-install.service Checking already installed domain $DOMAIN"
|
||||
|
||||
if [[ ! -f $MD_RENEWED_INSTALLED_TARGET/$DOMAIN ]]; then
|
||||
touch $MD_RENEWED_INSTALLED_TARGET/$DOMAIN
|
||||
|
||||
if [[ -d /etc/md-renewed/$DOMAIN ]]; then
|
||||
domain_renew "$DOMAIN"
|
||||
fi
|
||||
|
||||
for i in ${MYDOMAINS[@]}; do
|
||||
if [[ $DOMAIN == $i ]]; then
|
||||
echo "md-renewed-install.service Already installed $DOMAIN is our."
|
||||
HTTPD_RELOAD=y
|
||||
fi
|
||||
done
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ $HTTPD_RELOAD == y ]]; then
|
||||
echo "md-renewed-install.service Restarting apache."
|
||||
sleep $[ ( $RANDOM % 60 ) + 1 ]s
|
||||
/usr/bin/systemctl reload httpd
|
||||
done
|
||||
fi
|
||||
|
||||
exit 0
|
||||
@@ -1,13 +0,0 @@
|
||||
[Path]
|
||||
PathExistsGlob=/var/lib/httpd/md-renewed/installing/*
|
||||
Unit=md-renewed-install.service
|
||||
MakeDirectory=true
|
||||
DirectoryMode=0777
|
||||
|
||||
[Unit]
|
||||
BindsTo=httpd.service
|
||||
After=httpd.service
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
[Unit]
|
||||
Description=The Apache HTTP Server reloader
|
||||
After=network.target
|
||||
Wants=md-renewed-install.timer
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
|
||||
11
md-renewed-install.timer
Normal file
11
md-renewed-install.timer
Normal file
@@ -0,0 +1,11 @@
|
||||
[Unit]
|
||||
BindsTo=httpd.service
|
||||
After=httpd.service
|
||||
|
||||
[Timer]
|
||||
Unit=md-renewed-install.service
|
||||
OnUnitActiveSec=5min
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
MOD_MD_DIR=/var/lib/httpd/md
|
||||
MD_RENEWED_DIR=/var/lib/httpd/md-renewed
|
||||
MD_RENEWED_HOST_DIR=
|
||||
MD_USER=apache
|
||||
MD_GROUP=apache
|
||||
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
Name: md-renewed
|
||||
Version: 1.3.4
|
||||
Version: 1.4.3
|
||||
Release: 1%{?dist}
|
||||
Summary: Restart service on Apache module mod_md certificate renewal
|
||||
License: MIT
|
||||
@@ -9,14 +9,18 @@ BuildArch: noarch
|
||||
|
||||
Source0: md-renewed
|
||||
Source1: md-message
|
||||
|
||||
Source2: md-renewed.path
|
||||
Source3: md-renewed.service
|
||||
Source4: md-renewed.timer
|
||||
|
||||
Source5: md-renewed-install
|
||||
Source6: md-renewed-install.path
|
||||
Source6: md-renewed-install.timer
|
||||
Source7: md-renewed-install.service
|
||||
|
||||
Source10: md-renewed-httpd.conf
|
||||
Source11: md-renewed.conf
|
||||
|
||||
Source20: example.service
|
||||
Source21: example.cert
|
||||
Source22: example.sh
|
||||
@@ -41,6 +45,7 @@ Restart service on Apache module mod_md certificate renewal
|
||||
%{__install} -d -m 0755 %{buildroot}%{_unitdir}
|
||||
%{__install} -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/
|
||||
%{__install} -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/
|
||||
%{__install} -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/
|
||||
%{__install} -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}/
|
||||
%{__install} -m 0644 %{SOURCE7} %{buildroot}%{_unitdir}/
|
||||
|
||||
@@ -66,15 +71,18 @@ Restart service on Apache module mod_md certificate renewal
|
||||
|
||||
%post
|
||||
%systemd_post md-renewed.path
|
||||
%systemd_post md-renewed-install.path
|
||||
%systemd_post md-renewed.timer
|
||||
%systemd_post md-renewed-install.timer
|
||||
|
||||
%preun
|
||||
%systemd_preun md-renewed.path
|
||||
%systemd_preun md-renewed-install.path
|
||||
%systemd_preun md-renewed.timer
|
||||
%systemd_preun md-renewed-install.timer
|
||||
|
||||
%postun
|
||||
%systemd_postun md-renewed.path
|
||||
%systemd_postun md-renewed-install.path
|
||||
%systemd_postun md-renewed.timer
|
||||
%systemd_postun md-renewed-install.timer
|
||||
|
||||
%clean
|
||||
%{__rm} -rf %{buildroot}
|
||||
@@ -93,7 +101,8 @@ Restart service on Apache module mod_md certificate renewal
|
||||
%{_unitdir}/md-renewed.service
|
||||
%{_unitdir}/md-renewed-install.service
|
||||
%{_unitdir}/md-renewed.path
|
||||
%{_unitdir}/md-renewed-install.path
|
||||
%{_unitdir}/md-renewed.timer
|
||||
%{_unitdir}/md-renewed-install.timer
|
||||
|
||||
%dir %attr(-, root, apache) %{_sharedstatedir}/httpd/md-renewed/
|
||||
%dir %attr(-, root, apache) %{_sharedstatedir}/httpd/md-renewed/errored
|
||||
|
||||
11
md-renewed.timer
Normal file
11
md-renewed.timer
Normal file
@@ -0,0 +1,11 @@
|
||||
[Unit]
|
||||
BindsTo=httpd.service
|
||||
After=httpd.service
|
||||
|
||||
[Timer]
|
||||
Unit=md-renewed.service
|
||||
OnUnitActiveSec=5min
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
|
||||
Reference in New Issue
Block a user