Updated certificate renewal

Signed-off-by: Russell Seymour <[email protected]>

Author: russellseymour

cookbooks/camsa/templates/default/renew_cert.sh renamed to cookbooks/camsa/files/default/configure_automate_crt.sh

@@ -98,4 +98,4 @@ executeCmd "chef-automate config patch ssl_cert.toml"
 log "Restarting Services"
 executeCmd "chef-automate restart-services"
 
-popd
+popd

cookbooks/camsa/libraries/camsa_certificate.rb

@@ -82,12 +82,17 @@ def schedule_check
         stop_command = new_resource.stop_command
 
         # Use the template to create the script that will be run to renew the certificate
-        filename = ::File.join(node['camsa']['dirs']['bin'], 'renew_cert.sh')
-        template filename do
-          source 'renew_cert.sh'
-          variables ({
-            stop_command: stop_command,
-            start_command: start_command,
+        script_filename = ::File.join(node['camsa']['dirs']['bin'], 'configure_automate_crt.sh')
+        cookbook_file script_filename do
+          source 'configure_automate_crt.sh'
+          mode '0755'
+        end
+
+        cron_filename = ::File.join(node['camsa']['dirs']['bin'], 'cron_ssl_renew.sh')
+        template cron_filename do
+          source 'cron_ssl_renew.sh'
+          variables({
+            renew_cert_path: script_filename
           })
           mode '0755'
         end
@@ -100,7 +105,7 @@ def schedule_check
           day timing[2]
           month timing[3]
           weekday timing[4]
-          command filename
+          command cron_filename
         end
 
       end

cookbooks/camsa/templates/default/cron_ssl_renew.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+# Determine the command to use to stop the service based on what commands
+# are installed on the server
+if [ -f '/usr/local/bin/chef-automate' ]
+  PRE_HOOK="chef-automate stop"
+  POST_HOOK="<%= @renew_cert_path %>"
+else
+  PRE_HOOK="chef-server-ctl stop nginx"
+  POST_HOOK="chef-server-ctl start nginx"
+fi
+
+certbot renew --pre-hook "${PRE_HOOK}" --post-hook "${POST_HOOK}"