This repository has been archived by the owner on Nov 24, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 58
/
20-certs_update.rb
64 lines (53 loc) · 1.87 KB
/
20-certs_update.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
require 'fileutils'
SSL_BUILD_DIR = '/root/ssl-build/'
CHECK_SCRIPT = `which katello-certs-check`.strip
def error(message)
logger.error message
say message
exit 101
end
def mark_for_update(cert_name, hostname = nil)
path = File.join(*[SSL_BUILD_DIR, hostname, cert_name].compact)
puts "Marking certificate #{path} for update"
if app_value(:noop)
puts "skipping in noop mode"
else
FileUtils.touch("#{path}.update")
end
end
ca_file = param('certs', 'server_ca_cert').value
cert_file = param('certs', 'server_cert').value
key_file = param('certs', 'server_key').value
req_file = param('certs', 'server_cert_req').value
if app_value('certs_update_server_ca') && !Kafo::Helpers.module_enabled?(@kafo, 'katello')
error "--certs-update-server-ca needs to be used with katello"
end
if param('capsule_certs', 'capsule_fqdn')
hostname = param('capsule_certs', 'capsule_fqdn').value
else
hostname = param('certs', 'node_fqdn').value
end
if app_value('certs_update_server')
mark_for_update("#{hostname}-apache", hostname)
mark_for_update("#{hostname}-foreman-proxy", hostname)
end
if app_value('certs_update_all') || app_value('certs_update_default_ca')
all_cert_names = Dir.glob(File.join(SSL_BUILD_DIR, hostname, '*.noarch.rpm')).map do |rpm|
File.basename(rpm).sub(/-1\.0-\d+\.noarch\.rpm/, '')
end.uniq
all_cert_names.each do |cert_name|
mark_for_update(cert_name, hostname)
end
end
if app_value('certs_update_server_ca')
mark_for_update('katello-server-ca')
end
if !app_value('certs_skip_check') &&
cert_file.to_s != "" &&
(app_value('certs_update_server_ca') || app_value('certs_update_server'))
check_cmd = %{#{CHECK_SCRIPT} -c "#{cert_file}" -r "#{req_file}" -k "#{key_file}" -b "#{ca_file}"}
output = `#{check_cmd} 2>&1`
unless $?.success?
error "Command '#{check_cmd}' exited with #{$?.exitstatus}:\n #{output}"
end
end