fix certificate update, add backup cleaner
This commit is contained in:
parent
c7ed48855a
commit
c5fd865a93
13
Makefile
13
Makefile
|
@ -1,11 +1,12 @@
|
|||
02firstboot = $(CHROOT)/usr/local/bin/02firstboot.start
|
||||
cert-renew.sh = $(CHROOT)/etc/ssl/cert-renew.sh
|
||||
isl-backup-cleanup.sh = $(CHROOT)/usr/local/bin/isl-backup-cleanup.sh
|
||||
install_confproxy = $(CHROOT)/opt/confproxy
|
||||
|
||||
CONFPROXY_URL = https://www.islonline.com/system/installer_latest_linux64
|
||||
|
||||
systemd-units: appliance/cert-renew.service appliance/cert-renew.timer
|
||||
cp appliance/cert-renew.service appliance/cert-renew.timer $(CHROOT)/etc/systemd/system/
|
||||
systemd-units: appliance/cert-renew.service appliance/cert-renew.timer confproxy/isl-backup-cleanup.service confproxy/isl-backup-cleanup.timer
|
||||
cp appliance/cert-renew.service appliance/cert-renew.timer confproxy/isl-backup-cleanup.service confproxy/isl-backup-cleanup.timer $(CHROOT)/etc/systemd/system/
|
||||
|
||||
$(02firstboot): appliance/02firstboot.start
|
||||
mkdir -p $(CHROOT)/usr/local/bin
|
||||
|
@ -16,12 +17,18 @@ $(cert-renew.sh): appliance/cert-renew.sh
|
|||
mkdir -p $(CHROOT)/etc/ssl
|
||||
cp $< $@
|
||||
|
||||
$(isl-backup-cleanup.sh): confproxy/isl-backup-cleanup.sh
|
||||
mkdir -p $(CHROOT)/usr/local/bin
|
||||
cp $< $@
|
||||
|
||||
$(install_confproxy):
|
||||
# user islcp with fixed uid 950
|
||||
-RUN useradd --system --comment="ISL ConfProxy User" --home-dir="/opt/confproxy" --shell="/bin/sh" --no-create-home --uid 950 --user-group islcp
|
||||
# virtual-appliance starts the build environment with sh instead of systemd as pid1; skip start service
|
||||
RUN sh -c 'wget $(CONFPROXY_URL) -O /tmp/confproxy-installer.bin && sed -e "s:\"systemd\":\"sh\":g" -e "s:status \"Starting ISL Conference Proxy (confproxy.service)\":exit 0:" -i /tmp/confproxy-installer.bin && sh /tmp/confproxy-installer.bin'
|
||||
# sometimes ConfProxy also looks into the alternative installation directory /var/confproxy (bug)
|
||||
ln -sf /opt/confproxy $(CHROOT)/var/confproxy
|
||||
|
||||
preinstall:
|
||||
|
||||
postinstall: systemd-units $(02firstboot) $(cert-renew.sh) $(install_confproxy)
|
||||
postinstall: systemd-units $(02firstboot) $(install_confproxy) $(cert-renew.sh) $(isl-backup-cleanup.sh)
|
||||
|
|
|
@ -37,10 +37,8 @@ else
|
|||
touch "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-chain.pem"
|
||||
fi
|
||||
|
||||
rm -rf /opt/confproxy/ssl
|
||||
rm -rf /etc/ssl/nginx
|
||||
mkdir -p /etc/ssl
|
||||
ln -sf "/$LABEL/opt/confproxy/ssl" "/opt/confproxy/ssl"
|
||||
ln -sf "/$LABEL/etc/ssl/nginx" "/etc/ssl/nginx"
|
||||
|
||||
/etc/ssl/cert-renew.sh
|
||||
|
|
|
@ -6,8 +6,8 @@ FQDN="$HOST.$TLD"
|
|||
LABEL="DATA"
|
||||
|
||||
CERT_DIR=/$LABEL/CERTS
|
||||
CERT_EJABBERD=/$LABEL/etc/ssl/ejabberd
|
||||
CERT_CONFPROXY=/$LABEL/opt/confproxy/ssl
|
||||
CERT_NGINX=/$LABEL/etc/ssl/nginx
|
||||
CERT_CONFPROXY=/$LABEL/etc/ssl/confproxy
|
||||
GETREPO=""
|
||||
GETUSER=""
|
||||
GETPASS=""
|
||||
|
@ -44,9 +44,11 @@ if [ $GIT_REVISION != $GIT_NEW_REVISION ]
|
|||
then
|
||||
echo "Update ISL Conference Proxy certificate..."
|
||||
mkdir -p $CERT_CONFPROXY
|
||||
rm -rf /opt/confproxy/ssl
|
||||
ln -sf $CERT_CONFPROXY /opt/confproxy/ssl
|
||||
cp $CERT_DIR/$FQDN/$FQDN-cert.pem $CERT_CONFPROXY/cert.pem
|
||||
cp $CERT_DIR/$FQDN/$FQDN-chain.pem $CERT_CONFPROXY/chain.pem
|
||||
cp $CERT_DIR/$FQDN/$FQDN-key.pem $CERT_CONFPROXY/privkey.pem
|
||||
cp $CERT_DIR/KEYS/$FQDN-key.pem $CERT_CONFPROXY/privkey.pem
|
||||
echo "Restart ISL Conference Proxy..."
|
||||
systemctl is-active --quiet confproxy && systemctl restart confproxy
|
||||
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
[Unit]
|
||||
Description=remove old ISL confproxy backups
|
||||
RefuseManualStart=no
|
||||
RefuseManualStop=yes
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/local/bin/isl-backup-cleanup.sh
|
|
@ -0,0 +1,12 @@
|
|||
#!/bin/bash
|
||||
# remove old backups
|
||||
|
||||
# variables
|
||||
BACKUPDIR="/DATA/Backup"
|
||||
RETAIN=3
|
||||
|
||||
# start
|
||||
set -e
|
||||
|
||||
cd "$BACKUPDIR"
|
||||
ls -t *.tar.gz | tail -n +$((RETAIN+1)) | sed "s/Z-islcp-.*/Z-islcp-*/" | xargs -i'{}' sh -c 'rm -f {}'
|
|
@ -0,0 +1,12 @@
|
|||
[Unit]
|
||||
Description=remove old ISL confproxy backups
|
||||
RefuseManualStart=no
|
||||
RefuseManualStop=no
|
||||
|
||||
[Timer]
|
||||
Persistent=false
|
||||
OnCalendar=Sun *-*-* 03:21:00
|
||||
Unit=isl-backup-cleanup.service
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
Loading…
Reference in New Issue