Page MenuHomeDevCentral

Allow to update Mumble server certificates
ClosedPublic

Authored by dereckson on Nov 3 2016, 02:01.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Dec 17, 06:13
Unknown Object (File)
Sat, Dec 14, 17:57
Unknown Object (File)
Thu, Dec 12, 14:51
Unknown Object (File)
Sat, Dec 7, 07:30
Unknown Object (File)
Tue, Nov 26, 18:28
Unknown Object (File)
Nov 18 2024, 05:23
Unknown Object (File)
Nov 17 2024, 11:46
Unknown Object (File)
Nov 17 2024, 11:46
Subscribers

Details

Summary

The Mumble server certificate is managed by Let's encrypt.
It's renewed on Ysul and deployed to nginx folder.

We then need to copy new certificates to Mumble jail
and restart the Murmur server.

This code takes care of this copy/restart operation.
A follow-up change should amend Let's encrypt configuration
to call this script automatically when the certificate is renewed.

Ref. T853.

Test Plan

Tested on Ysul to deploy the current certificate.

Copy, permissions and restart works fine.

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
No Lint Coverage
Unit
No Test Coverage
Branch
murmur
Build Status
Buildable 1051
Build 1266: arc lint + arc unit

Event Timeline

dereckson retitled this revision from to Allow to update Mumble server certificates.
dereckson updated this object.
dereckson edited the test plan for this revision. (Show Details)
dereckson added reviewers: Theaptos, Sandlayth.
dereckson added a subscriber: fauve.
roles/mumble/certificates/files/update-mumble-certificates
15

Is there a compact way to write these blocks in pure sh?

roles/mumble/certificates/init.sls
12

At first, I wondered if /usr/local/sbin would be more appropriated.

Then, I've seen there existed some attempts to call jexec as non root user.

http://web.archive.org/web/20070630041040/http://people.collaborativefusion.com/~wmoran/code/jailme.html

roles/mumble/certificates/files/update-mumble-certificates
15
: ${JAIL_HOSTNAME='mumble.nasqueron.org '}

Don't forget the space after the colon.

Sandlayth requested changes to this revision.Nov 3 2016, 13:52
Sandlayth edited edge metadata.
This revision now requires changes to proceed.Nov 3 2016, 13:52
dereckson edited edge metadata.
dereckson marked 2 inline comments as done.

Simplify environment declaration

Sandlayth edited edge metadata.
This revision is now accepted and ready to land.Nov 3 2016, 14:09
This revision was automatically updated to reflect the committed changes.