Page MenuHomeDevCentral
Differential D691

Allow to update Mumble server certificates
ClosedPublic
Actions

Authored by dereckson on Nov 3 2016, 02:01.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 12, 16:38
Unknown Object (File)
Sat, Nov 9, 17:18
Unknown Object (File)
Thu, Oct 31, 14:50
Unknown Object (File)
Sat, Oct 26, 21:37
Unknown Object (File)
Sun, Oct 20, 15:10
Unknown Object (File)
Sat, Oct 19, 20:54
Unknown Object (File)
Wed, Oct 16, 23:04
Unknown Object (File)
Wed, Oct 16, 23:04
View All Files
Subscribers
fauve

Details

Reviewers
Theaptos
Sandlayth
Maniphest Tasks
T853: Deploy a Let's encrypt certificate to the Mumble server
Commits
rOPSc356aa59ba95: Allow to update Mumble server certificates
Summary

The Mumble server certificate is managed by Let's encrypt.
It's renewed on Ysul and deployed to nginx folder.

We then need to copy new certificates to Mumble jail
and restart the Murmur server.

This code takes care of this copy/restart operation.
A follow-up change should amend Let's encrypt configuration
to call this script automatically when the certificate is renewed.

Ref. T853.

Test Plan

Tested on Ysul to deploy the current certificate.

Copy, permissions and restart works fine.

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
No Lint Coverage
Unit
No Test Coverage
Branch
murmur
Build Status
Buildable 1048
Build 1263: arc lint + arc unit

Event Timeline

dereckson updated this revision to Diff 1736.Nov 3 2016, 02:01
dereckson retitled this revision from to Allow to update Mumble server certificates.
dereckson updated this object.
dereckson edited the test plan for this revision. (Show Details)
dereckson added reviewers: Theaptos, Sandlayth.
dereckson added a subscriber: fauve.
dereckson added inline comments.Nov 3 2016, 02:03
roles/mumble/certificates/files/update-mumble-certificates
14

Is there a compact way to write these blocks in pure sh?

dereckson added inline comments.Nov 3 2016, 02:05
roles/mumble/certificates/init.sls
11

At first, I wondered if /usr/local/sbin would be more appropriated.

Then, I've seen there existed some attempts to call jexec as non root user.

http://web.archive.org/web/20070630041040/http://people.collaborativefusion.com/~wmoran/code/jailme.html

dereckson mentioned this in T1038: Renewed Let's encrypt certificate hasn't been deployed to SMTP.Nov 3 2016, 13:36
Sandlayth added inline comments.Nov 3 2016, 13:52
roles/mumble/certificates/files/update-mumble-certificates
14
: ${JAIL_HOSTNAME='mumble.nasqueron.org '}

Don't forget the space after the colon.

Sandlayth requested changes to this revision.Nov 3 2016, 13:52
Sandlayth edited edge metadata.
This revision now requires changes to proceed.Nov 3 2016, 13:52
dereckson updated this revision to Diff 1741.Nov 3 2016, 14:01
dereckson edited edge metadata.
dereckson marked 2 inline comments as done.

Simplify environment declaration

Sandlayth accepted this revision.Nov 3 2016, 14:09
Sandlayth edited edge metadata.
This revision is now accepted and ready to land.Nov 3 2016, 14:09
Closed by commit rOPSc356aa59ba95: Allow to update Mumble server certificates (authored by dereckson, committed by dereckson). · Explain WhyNov 3 2016, 14:13
This revision was automatically updated to reflect the committed changes.
dereckson added a task: T853: Deploy a Let's encrypt certificate to the Mumble server.Nov 6 2016, 19:08

Revision Contents
Changeset List

PathSize
roles/
mumble/
certificates/
files/
34 lines
13 lines

Diff 1736

View Options

roles/mumble/certificates/files/update-mumble-certificates

Loading...
View Options

roles/mumble/certificates/init.sls

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator