summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@open-infrastructure.net>2022-07-07 10:20:07 +0000
committerDaniel Baumann <daniel.baumann@open-infrastructure.net>2022-07-07 14:14:23 +0000
commit5fe792ad41fb7f4c30cc03aebcff301f69885700 (patch)
tree145424d9b653853eecd96f0044e805214c4a4d6e
parentMerging the different extra certificate files into one dehydrated hook handli... (diff)
downloadservice-tools-5fe792ad41fb7f4c30cc03aebcff301f69885700.tar.xz
service-tools-5fe792ad41fb7f4c30cc03aebcff301f69885700.zip
Reworking chrony workaround (#1013882) now that we know it's going to be permanent.
Signed-off-by: Daniel Baumann <daniel.baumann@open-infrastructure.net>
-rwxr-xr-xdehydrated/share/hooks/deploy_cert.chrony (renamed from dehydrated/share/hooks/exit_hook.zz-chrony)15
-rwxr-xr-xdehydrated/share/hooks/exit_hook.service-reload2
2 files changed, 5 insertions, 12 deletions
diff --git a/dehydrated/share/hooks/exit_hook.zz-chrony b/dehydrated/share/hooks/deploy_cert.chrony
index 13a7e9a..9bccf75 100755
--- a/dehydrated/share/hooks/exit_hook.zz-chrony
+++ b/dehydrated/share/hooks/deploy_cert.chrony
@@ -21,22 +21,15 @@
set -e
-if grep -r -qs -E '^ntsserver(cert|key)' /etc/chrony
+if grep -Eqrs '^ *ntsservercert' /etc/chrony
then
- echo -n " + chrony (workaround):"
-
# https://bugs.debian.org/1013882
- HOST="$(cat /etc/hostname)"
+ echo -n " + Copying certificate for chrony..."
- cp -L "/var/lib/dehydrated/certs/${HOST}/fullchain.pem" /etc/chrony/cert.pem
- cp -L "/var/lib/dehydrated/certs/${HOST}/privkey.pem" /etc/chrony/key.pem
+ cp -fL "${FULLCHAINFILE}" /etc/chrony/cert.pem
+ cp -fL "${KEYFILE}" /etc/chrony/key.pem
chown _chrony:_chrony /etc/chrony/cert.pem /etc/chrony/key.pem
- if service chrony status > /dev/null 2>&1
- then
- service chrony restart
- fi
-
echo " done."
fi
diff --git a/dehydrated/share/hooks/exit_hook.service-reload b/dehydrated/share/hooks/exit_hook.service-reload
index 486c62f..02dd6c5 100755
--- a/dehydrated/share/hooks/exit_hook.service-reload
+++ b/dehydrated/share/hooks/exit_hook.service-reload
@@ -21,7 +21,7 @@
set -e
-SERVICES="apache2 haproxy knot postgresql redis-server"
+SERVICES="apache2 chrony haproxy knot postgresql redis-server"
echo " + Reloading services..."