Page MenuHomeDevCentral
Paste P351

Renew Vault certificates automation - renew.sh
ActivePublic
Actions

Authored by dereckson on Sun, Jun 2, 22:34.
source $HOME/dev/python/vault/bin/activate
python3 renew.py
chmod 644 ca.pem certificate.pem fullchain.pem private.key
chmod 400 private.key
sudo mv ca.pem certificate.pem fullchain.pem private.key /usr/local/etc/certificates/vault/
sudo chown vault /usr/local/etc/certificates/vault/private.key
sudo kill -1 $(cat /var/run/vault.pid)
openssl s_client -connect 172.27.27.7:8200 < /dev/null | openssl x509 -noout -subject -issuer -dates -serial

Event Timeline

dereckson created this paste.Sun, Jun 2, 22:34
dereckson mentioned this in T1966: Automate certificates renewal for Vault.Sun, Jun 2, 22:37

source $HOME/dev/python/vault/bin/activate

Needs hvac and pyyaml as packages to be installed on the server, Complector doesn't currently have hvac, only pyyaml.

dereckson added a comment.Sun, Jun 2, 22:40

sudo kill -1 $(cat /var/run/vault.pid)

Error management should be done to check if that pids exist or return an error code.

Also, that script is probably a good candidate to run as vault or root user, sudo needs to be dropped.

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator