-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathupdate_passive_ca.sh.erb
45 lines (37 loc) · 1.6 KB
/
update_passive_ca.sh.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#!/bin/bash
# This file is managed by Puppet
SCRIPTNAME=$(basename $0)
logger "PE_FAILOVER: ${SCRIPTNAME} ---> [SUCCESS] Starting Passive CA Update"
CERT_DUMP_LOCATION="<%= @cert_dump_path %>/latest"
CERT_TEMP_LOCATION="<%= @cert_dump_path %>/temp_${$}"
# Copy all of the data to a temp location for processing
mkdir $CERT_TEMP_LOCATION &>/dev/null
if [ $? -ne 0 ]; then
logger "PE_FAILOVER: ${SCRIPTNAME} ---> [FAILURE] Failed to create ${CERT_TEMP_LOCATION}, error code $?. Exiting!"
exit 1
fi
cp -pr $CERT_DUMP_LOCATION/* $CERT_TEMP_LOCATION &>/dev/null
if [ $? -ne 0 ]; then
logger "PE_FAILOVER: ${SCRIPTNAME} ---> [FAILURE] Failed to copy ${CERT_DUMP_LOCATION}, error code $?. Exiting!"
exit 2
fi
chown 'pe-puppet':'pe-puppet' -R $CERT_TEMP_LOCATION
if [ $? -ne 0 ]; then
logger "PE_FAILOVER: ${SCRIPTNAME} ---> [FAILURE] Failed to update ownership on ${CERT_TEMP_LOCATION}, error code $?. Exiting!"
exit 3
fi
# Rsync all ca files to 'real' CA location
<%= @rsync_command %> \
--exclude-from="${CERT_TEMP_LOCATION}/rsync_exclude" \
$CERT_TEMP_LOCATION/* <%= @rsync_ssl_dir %>/ &>/dev/null
if [ $? -ne 0 ]; then
logger "PE_FAILOVER: ${SCRIPTNAME} ---> [FAILURE] Failed to run rsync to update CA directories, error code $?. Exiting!"
exit 4
fi
# Archive the temp folder
mv $CERT_TEMP_LOCATION <%= @cert_dump_path %>/archive/cert_$$_<%= @timestamp_command %>
if [ $? -ne 0 ]; then
logger "PE_FAILOVER: ${SCRIPTNAME} ---> [FAILURE] Failed to run rsync to update CA directories, error code $?. Exiting!"
exit 4
fi
logger "PE_FAILOVER: ${SCRIPTNAME} ---> [SUCCESS] Completed update of Passive CA."