Sign upLogin

cloudamatic/mu

View on GitHub
Star
bin/mu-refresh-ssl

Summary

Maintainability
Test Coverage
#!/usr/local/ruby-current/bin/ruby
# Copyright:: Copyright (c) 2014 eGlobalTech, Inc., all rights reserved
#
# Licensed under the BSD-3 license (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License in the root of the project or at
#
#     http://egt-labs.com/mu/LICENSE.html
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

if ARGV.size > 0
  puts "#{$0}: Freshen the Mu Master's API and configuration documentation"
  exit 1
end

require 'rubygems'
require 'bundler/setup'
require 'erb'
require 'tempfile'
require 'fileutils'
require File.realpath(File.expand_path(File.dirname(__FILE__)+"/mu-load-config.rb"))
require 'mu'

# XXX need special handling if Mu_CA.pem is expired

ca = %w{Mu_CA}
services = %w{rsyslog mommacat ldap consul vault}
chef_server = %w{Mu_CA mommacat}

certfiles = Dir.glob(MU.dataDir+"/ssl/*.pem")
certfiles.concat(Dir.glob(MU.dataDir+"/ssl/*.crt"))

now= Time.now

need_chef_ssl_run = false
need_chef_reconfigure = false

certfiles.each { |filename|
  shortname = filename.gsub(/.*?\/|\.(pem|crt)$/, '')
  cert = OpenSSL::X509::Certificate.new(File.read(filename))
  if cert.not_after < now
    need_chef_ssl_run = true if services.include?(shortname)
    need_chef_reconfigure = true if chef_server.include?(shortname)
    newpath = filename+"."+now.strftime("%Y%m%d%H").to_s
    MU.log filename+" is expired, archiving to #{newpath} and regenerating", MU::WARN
    File.rename(filename, newpath)
  end
}


if need_chef_ssl_run
# XXX need to temporarily disable ssl checks in knife.rb and client.rb for this, maybe?
  if !system("/opt/chef/bin/chef-client -o 'recipe[mu-master::ssl-certs]'")
    MU.log "Got bad exit code trying to run recipe[mu-master::ssl-certs]'", MU::ERR
    exit 1
  end
end

if need_chef_reconfigure
  system("CHEF_LICENSE=\"accept\" /opt/opscode/bin/chef-server-ctl reconfigure")
  system("CHEF_LICENSE=\"accept\" /opt/opscode/bin/chef-server-ctl restart")
end