-
Notifications
You must be signed in to change notification settings - Fork 135
Expand file tree
/
Copy path20-certs_update.rb
More file actions
64 lines (53 loc) · 2.04 KB
/
20-certs_update.rb
File metadata and controls
64 lines (53 loc) · 2.04 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
require 'fileutils'
require 'English'
SSL_BUILD_DIR = param('certs', 'ssl_build_dir').value
CHECK_SCRIPT = `which katello-certs-check`.strip
def mark_for_update(cert_name, hostname = nil)
path = File.join(*[SSL_BUILD_DIR, hostname, cert_name].compact)
puts "Marking certificate #{path} for update"
if app_value(:noop)
puts "skipping in noop mode"
else
FileUtils.touch("#{path}.update")
end
end
ca_file = param('certs', 'server_ca_cert').value
cert_file = param('certs', 'server_cert').value
key_file = param('certs', 'server_key').value
if app_value('certs_update_server_ca') && !katello_enabled?
fail_and_exit("--certs-update-server-ca needs to be used with katello", 101)
end
if param('foreman_proxy_certs', 'foreman_proxy_fqdn')
hostname = param('foreman_proxy_certs', 'foreman_proxy_fqdn').value
else
hostname = param('certs', 'node_fqdn').value
end
if app_value('certs_update_server')
mark_for_update("#{hostname}-apache", hostname)
mark_for_update("#{hostname}-foreman-proxy", hostname)
end
if app_value('certs_update_all') || app_value('certs_update_default_ca') || app_value('certs_reset')
all_cert_names = Dir.glob(File.join(SSL_BUILD_DIR, hostname, '*.noarch.rpm')).map do |rpm|
File.basename(rpm).sub(/-1\.0-\d+\.noarch\.rpm/, '')
end.uniq
all_cert_names.each do |cert_name|
mark_for_update(cert_name, hostname)
end
end
if app_value('certs_update_server_ca') || app_value('certs_reset')
mark_for_update('katello-server-ca')
end
if !app_value('certs_skip_check') &&
cert_file.to_s != "" &&
(app_value('certs_update_server_ca') || app_value('certs_update_server'))
check_cmd = %(#{CHECK_SCRIPT} -c "#{cert_file}" -k "#{key_file}" -b "#{ca_file}")
output = `#{check_cmd} 2>&1`
unless $CHILD_STATUS.success?
fail_and_exit("Command '#{check_cmd}' exited with #{$CHILD_STATUS.exitstatus}:\n #{output}", 101)
end
end
if app_value('certs_reset') && !app_value(:noop)
param('certs', 'server_cert').unset_value
param('certs', 'server_key').unset_value
param('certs', 'server_ca_cert').unset_value
end