diff options
author | Daniel Baumann <daniel.baumann@open-infrastructure.net> | 2022-07-07 10:20:07 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@open-infrastructure.net> | 2022-07-07 14:14:23 +0000 |
commit | 5fe792ad41fb7f4c30cc03aebcff301f69885700 (patch) | |
tree | 145424d9b653853eecd96f0044e805214c4a4d6e | |
parent | Merging the different extra certificate files into one dehydrated hook handli... (diff) | |
download | service-tools-5fe792ad41fb7f4c30cc03aebcff301f69885700.tar.xz service-tools-5fe792ad41fb7f4c30cc03aebcff301f69885700.zip |
Reworking chrony workaround (#1013882) now that we know it's going to be permanent.
Signed-off-by: Daniel Baumann <daniel.baumann@open-infrastructure.net>
-rwxr-xr-x | dehydrated/share/hooks/deploy_cert.chrony (renamed from dehydrated/share/hooks/exit_hook.zz-chrony) | 15 | ||||
-rwxr-xr-x | dehydrated/share/hooks/exit_hook.service-reload | 2 |
2 files changed, 5 insertions, 12 deletions
diff --git a/dehydrated/share/hooks/exit_hook.zz-chrony b/dehydrated/share/hooks/deploy_cert.chrony index 13a7e9a..9bccf75 100755 --- a/dehydrated/share/hooks/exit_hook.zz-chrony +++ b/dehydrated/share/hooks/deploy_cert.chrony @@ -21,22 +21,15 @@ set -e -if grep -r -qs -E '^ntsserver(cert|key)' /etc/chrony +if grep -Eqrs '^ *ntsservercert' /etc/chrony then - echo -n " + chrony (workaround):" - # https://bugs.debian.org/1013882 - HOST="$(cat /etc/hostname)" + echo -n " + Copying certificate for chrony..." - cp -L "/var/lib/dehydrated/certs/${HOST}/fullchain.pem" /etc/chrony/cert.pem - cp -L "/var/lib/dehydrated/certs/${HOST}/privkey.pem" /etc/chrony/key.pem + cp -fL "${FULLCHAINFILE}" /etc/chrony/cert.pem + cp -fL "${KEYFILE}" /etc/chrony/key.pem chown _chrony:_chrony /etc/chrony/cert.pem /etc/chrony/key.pem - if service chrony status > /dev/null 2>&1 - then - service chrony restart - fi - echo " done." fi diff --git a/dehydrated/share/hooks/exit_hook.service-reload b/dehydrated/share/hooks/exit_hook.service-reload index 486c62f..02dd6c5 100755 --- a/dehydrated/share/hooks/exit_hook.service-reload +++ b/dehydrated/share/hooks/exit_hook.service-reload @@ -21,7 +21,7 @@ set -e -SERVICES="apache2 haproxy knot postgresql redis-server" +SERVICES="apache2 chrony haproxy knot postgresql redis-server" echo " + Reloading services..." |