fix certificate update, add backup cleaner
This commit is contained in:
parent
c7ed48855a
commit
cd2244395b
13
Makefile
13
Makefile
|
@ -1,11 +1,12 @@
|
||||||
02firstboot = $(CHROOT)/usr/local/bin/02firstboot.start
|
02firstboot = $(CHROOT)/usr/local/bin/02firstboot.start
|
||||||
cert-renew.sh = $(CHROOT)/etc/ssl/cert-renew.sh
|
cert-renew.sh = $(CHROOT)/etc/ssl/cert-renew.sh
|
||||||
|
isl-backup-cleanup.sh = $(CHROOT)/usr/local/bin/isl-backup-cleanup.sh
|
||||||
install_confproxy = $(CHROOT)/opt/confproxy
|
install_confproxy = $(CHROOT)/opt/confproxy
|
||||||
|
|
||||||
CONFPROXY_URL = https://www.islonline.com/system/installer_latest_linux64
|
CONFPROXY_URL = https://www.islonline.com/system/installer_latest_linux64
|
||||||
|
|
||||||
systemd-units: appliance/cert-renew.service appliance/cert-renew.timer
|
systemd-units: appliance/cert-renew.service appliance/cert-renew.timer confproxy/isl-backup-cleanup.service confproxy/isl-backup-cleanup.timer
|
||||||
cp appliance/cert-renew.service appliance/cert-renew.timer $(CHROOT)/etc/systemd/system/
|
cp appliance/cert-renew.service appliance/cert-renew.timer confproxy/isl-backup-cleanup.service confproxy/isl-backup-cleanup.timer $(CHROOT)/etc/systemd/system/
|
||||||
|
|
||||||
$(02firstboot): appliance/02firstboot.start
|
$(02firstboot): appliance/02firstboot.start
|
||||||
mkdir -p $(CHROOT)/usr/local/bin
|
mkdir -p $(CHROOT)/usr/local/bin
|
||||||
|
@ -16,12 +17,18 @@ $(cert-renew.sh): appliance/cert-renew.sh
|
||||||
mkdir -p $(CHROOT)/etc/ssl
|
mkdir -p $(CHROOT)/etc/ssl
|
||||||
cp $< $@
|
cp $< $@
|
||||||
|
|
||||||
|
$(isl-backup-cleanup.sh): confproxy/isl-backup-cleanup.sh
|
||||||
|
mkdir -p $(CHROOT)/usr/local/bin
|
||||||
|
cp $< $@
|
||||||
|
|
||||||
$(install_confproxy):
|
$(install_confproxy):
|
||||||
# user islcp with fixed uid 950
|
# user islcp with fixed uid 950
|
||||||
-RUN useradd --system --comment="ISL ConfProxy User" --home-dir="/opt/confproxy" --shell="/bin/sh" --no-create-home --uid 950 --user-group islcp
|
-RUN useradd --system --comment="ISL ConfProxy User" --home-dir="/opt/confproxy" --shell="/bin/sh" --no-create-home --uid 950 --user-group islcp
|
||||||
# virtual-appliance starts the build environment with sh instead of systemd as pid1; skip start service
|
# virtual-appliance starts the build environment with sh instead of systemd as pid1; skip start service
|
||||||
RUN sh -c 'wget $(CONFPROXY_URL) -O /tmp/confproxy-installer.bin && sed -e "s:\"systemd\":\"sh\":g" -e "s:status \"Starting ISL Conference Proxy (confproxy.service)\":exit 0:" -i /tmp/confproxy-installer.bin && sh /tmp/confproxy-installer.bin'
|
RUN sh -c 'wget $(CONFPROXY_URL) -O /tmp/confproxy-installer.bin && sed -e "s:\"systemd\":\"sh\":g" -e "s:status \"Starting ISL Conference Proxy (confproxy.service)\":exit 0:" -i /tmp/confproxy-installer.bin && sh /tmp/confproxy-installer.bin'
|
||||||
|
# sometimes ConfProxy also looks into the alternative installation directory /var/confproxy (bug)
|
||||||
|
ln -sf /opt/confproxy $(CHROOT)/var/confproxy
|
||||||
|
|
||||||
preinstall:
|
preinstall:
|
||||||
|
|
||||||
postinstall: systemd-units $(02firstboot) $(cert-renew.sh) $(install_confproxy)
|
postinstall: systemd-units $(02firstboot) $(install_confproxy) $(cert-renew.sh) $(isl-backup-cleanup.sh)
|
||||||
|
|
|
@ -37,10 +37,8 @@ else
|
||||||
touch "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-chain.pem"
|
touch "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-chain.pem"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
rm -rf /opt/confproxy/ssl
|
|
||||||
rm -rf /etc/ssl/nginx
|
rm -rf /etc/ssl/nginx
|
||||||
mkdir -p /etc/ssl
|
mkdir -p /etc/ssl
|
||||||
ln -sf "/$LABEL/opt/confproxy/ssl" "/opt/confproxy/ssl"
|
|
||||||
ln -sf "/$LABEL/etc/ssl/nginx" "/etc/ssl/nginx"
|
ln -sf "/$LABEL/etc/ssl/nginx" "/etc/ssl/nginx"
|
||||||
|
|
||||||
/etc/ssl/cert-renew.sh
|
/etc/ssl/cert-renew.sh
|
||||||
|
|
|
@ -6,8 +6,8 @@ FQDN="$HOST.$TLD"
|
||||||
LABEL="DATA"
|
LABEL="DATA"
|
||||||
|
|
||||||
CERT_DIR=/$LABEL/CERTS
|
CERT_DIR=/$LABEL/CERTS
|
||||||
CERT_EJABBERD=/$LABEL/etc/ssl/ejabberd
|
CERT_NGINX=/$LABEL/etc/ssl/nginx
|
||||||
CERT_CONFPROXY=/$LABEL/opt/confproxy/ssl
|
CERT_CONFPROXY=/$LABEL/etc/ssl/confproxy
|
||||||
GETREPO=""
|
GETREPO=""
|
||||||
GETUSER=""
|
GETUSER=""
|
||||||
GETPASS=""
|
GETPASS=""
|
||||||
|
@ -44,9 +44,11 @@ if [ $GIT_REVISION != $GIT_NEW_REVISION ]
|
||||||
then
|
then
|
||||||
echo "Update ISL Conference Proxy certificate..."
|
echo "Update ISL Conference Proxy certificate..."
|
||||||
mkdir -p $CERT_CONFPROXY
|
mkdir -p $CERT_CONFPROXY
|
||||||
|
rm -rf /opt/confproxy/ssl
|
||||||
|
ln -sf $CERT_CONFPROXY /opt/confproxy/ssl
|
||||||
cp $CERT_DIR/$FQDN/$FQDN-cert.pem $CERT_CONFPROXY/cert.pem
|
cp $CERT_DIR/$FQDN/$FQDN-cert.pem $CERT_CONFPROXY/cert.pem
|
||||||
cp $CERT_DIR/$FQDN/$FQDN-chain.pem $CERT_CONFPROXY/chain.pem
|
cp $CERT_DIR/$FQDN/$FQDN-chain.pem $CERT_CONFPROXY/chain.pem
|
||||||
cp $CERT_DIR/$FQDN/$FQDN-key.pem $CERT_CONFPROXY/privkey.pem
|
cp $CERT_DIR/KEYS/$FQDN-key.pem $CERT_CONFPROXY/privkey.pem
|
||||||
echo "Restart ISL Conference Proxy..."
|
echo "Restart ISL Conference Proxy..."
|
||||||
systemctl is-active --quiet confproxy && systemctl restart confproxy
|
systemctl is-active --quiet confproxy && systemctl restart confproxy
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
[Unit]
|
||||||
|
Description=remove old ISL confproxy backups
|
||||||
|
RefuseManualStart=no
|
||||||
|
RefuseManualStop=yes
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStart=/usr/local/bin/isl-backup-cleanup.sh
|
|
@ -0,0 +1,12 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# remove old backups
|
||||||
|
|
||||||
|
# variables
|
||||||
|
BACKUPDIR="/DATA/Backup"
|
||||||
|
RETAIN=3
|
||||||
|
|
||||||
|
# start
|
||||||
|
set -e
|
||||||
|
|
||||||
|
cd "$BACKUPDIR"
|
||||||
|
ls -t *.tar.gz | tail -n +$((RETAIN+1)) | sed "s/Z-islcp-.*/Z-islcp-*/" | xargs -i'{}' sh -c 'rm -f {}'
|
|
@ -0,0 +1,12 @@
|
||||||
|
[Unit]
|
||||||
|
Description=remove old ISL confproxy backups
|
||||||
|
RefuseManualStart=no
|
||||||
|
RefuseManualStop=no
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
Persistent=false
|
||||||
|
OnCalendar=Sun *-*-* 03:21:00
|
||||||
|
Unit=isl-backup-cleanup.service
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=default.target
|
Loading…
Reference in New Issue