update certs scripts

932c9e2b · Vitaly Lipatov · 5daecf82 · 932c9e2b · 932c9e2b · 932c9e2b
Commit 932c9e2b authored Oct 23, 2014 by Vitaly Lipatov
5 changed files
--- a/certs/copy_certs_to_hosts.sh
+++ b/certs/copy_certs_to_hosts.sh
@@ -2,62 +2,12 @@

 # Размещает сертификаты на нужных местах нужных серверов

-fatal()
-{
-	echo "Fatal Error"
-	exit 1
-}
+. $(dirname $(realpath $0))/copy_certs_to_hosts-common.sh

 . cert.conf

 cd sites

-copy_to_nginx()
-{
-	ALTPEM="$(dirname "$PRIVATEPEM")/$1"
-	if [ -r "$ALTPEM" ] ; then
-		PEM="$ALTPEM"
-		shift
-	else
-		PEM="$PRIVATEPEM"
-	fi
-
-	echo "Copying $1 cert..."
-	CERT=$1
-	if [ -r "$INTERMEDCERT" ] ; then
-		cat "$CERT" "$INTERMEDCERT" >tempcert.crt || fatal
-		CERT=tempcert.crt
-	fi
-
-	scp $CERT $2:/etc/nginx/ssl/$1 || fatal
-	scp "$PEM" $2:/etc/nginx/ssl/ || fatal
-
-	[ -n "$3" ] || ssh $2 service nginx reload
-}
-
-do_pem()
-{
-test -f "$1" || return
-cat "$1" "$PRIVATEPEM" \
-	> "$2"
-}
-
-# TODO: use two script with common part
-# StartSSL
-
-if false ; then
-#copy_to_nginx pravtor.pem pravtor.ru.crt pravtor
-#exit
-copy_to_nginx bugs.etersoft.ru.crt bugs
-copy_to_nginx mysql.eterhost.ru.crt host03
-copy_to_nginx stog.etersoft.ru.crt stog
-
-for crt in roundcube.eterhost.ru.crt ; do
-	copy_to_nginx $crt priv noreload || fatal
-done
-ssh priv service nginx reload
-fi
-
 copy_to_priv()
 {
 	for crt in sales.etersoft.ru.crt rt.etersoft.ru.crt cyradm.eterhost.ru.crt \
@@ -68,7 +18,7 @@ copy_to_priv()
 	ssh priv service nginx reload
 }

-#copy_to_priv
+copy_to_priv

 copy_to_im()
 {
@@ -99,3 +49,12 @@ ssh mail service cyrus-imapd restart
 }

 copy_to_mail
+
+copy_to_host()
+{
+	copy_to_nginx $1.crt $1 reload
+}
+
+for host in research.devel.etersoft.ru ; do
+	copy_to_host $host
+done
--- a/certs/copy_cacert_to_nginx_host.sh
+++ b/certs/copy_cacert_to_nginx_host.sh
+#!/bin/sh
+
+# Размещает сертификаты на нужных местах нужных серверов
+
+. $(dirname $(realpath $0))/copy_certs_to_hosts-common.sh
+
+. cert.conf
+
+cd sites
+
+HOST=$1
+crt=$HOST.crt
+
+[ -n "$HOST" ] || fatal "Need run with hostname"
+
+[ -s "$crt" ] || fatal "No cert file $crt"
+
+ssh $HOST true || fatal "No ssh access to $HOST server"
+
+copy_to_nginx $crt $HOST
+
--- a/certs/copy_certs_to_hosts-common.sh
+++ b/certs/copy_certs_to_hosts-common.sh
+#!/bin/sh
+
+# Размещает сертификаты на нужных местах нужных серверов
+
+fatal()
+{
+	echo "Fatal Error: $@"
+	exit 1
+}
+
+copy_to_nginx()
+{
+	ALTPEM="$(dirname "$PRIVATEPEM")/$1"
+	if [ -r "$ALTPEM" ] ; then
+		PEM="$ALTPEM"
+		shift
+	else
+		PEM="$PRIVATEPEM"
+	fi
+
+	echo "Copying $1 cert..."
+	CERT=$1
+	if [ -r "$INTERMEDCERT" ] ; then
+		cat "$CERT" "$INTERMEDCERT" >tempcert.crt || fatal
+		CERT=tempcert.crt
+	fi
+
+	scp $CERT $2:/etc/nginx/ssl/$1 || fatal
+	scp "$PEM" $2:/etc/nginx/ssl/ || fatal
+
+	[ -n "$3" ] || ssh $2 service nginx condreload
+}
+
+do_pem()
+{
+test -f "$1" || return
+cat "$1" "$PRIVATEPEM" \
+	> "$2"
+}
+
--- a/certs/copy_startssl_to_hosts.sh
+++ b/certs/copy_startssl_to_hosts.sh
+#!/bin/sh
+
+# Размещает сертификаты на нужных местах нужных серверов
+
+. $(dirname $(realpath $0))/copy_certs_to_hosts-common.sh
+
+. cert.conf
+
+cd sites
+
+#copy_to_nginx eterfund.pem gitlab.eterfund.ru.crt devel
+#copy_to_nginx search.office.etersoft.ru.crt priv
+#copy_to_nginx stog.etersoft.ru.crt stog
+
+copy_to_nginx pravtor.pem pravtor.ru.crt pravtor
+
+copy_to_nginx bugs.etersoft.ru.crt bugs
+copy_to_nginx mysql.eterhost.ru.crt priv
+copy_to_nginx winehq.org.ru.crt host03
+copy_to_nginx stog.etersoft.ru.crt stog
+copy_to_nginx roundcube.eterhost.ru.crt priv
+
--- a/certs/gencsr.sh
+++ b/certs/gencsr.sh
 #!/bin/bash

+create_request()
+{
 DOMAIN=$1
 PRIVATE_KEY=private/etersoft-cacert.pem
 SUFFIX_OUT_FILE="request.csr"

 mkdir -p csr/
 openssl req -new -subj "/C=RU/ST=Saint-Petersburg/L=Saint-Petersburg/O=Etersoft/OU=/CN=$DOMAIN/emailAddress=admin@$DOMAIN" -key $PRIVATE_KEY -out csr/$DOMAIN-$SUFFIX_OUT_FILE
+}
+
+for i in $@ ; do
+	create_request $i
+done