Page MenuHomeDevCentral
Differential D691

Allow to update Mumble server certificates
ClosedPublic
Actions

Authored by dereckson on Nov 3 2016, 02:01.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Jan 29, 01:42
Unknown Object (File)
Sat, Jan 25, 12:06
Unknown Object (File)
Fri, Jan 24, 07:25
Unknown Object (File)
Thu, Jan 23, 09:23
Unknown Object (File)
Tue, Jan 21, 05:11
Unknown Object (File)
Sun, Jan 19, 04:52
Unknown Object (File)
Sat, Jan 18, 02:18
Unknown Object (File)
Fri, Jan 10, 18:19
View All Files
Subscribers
fauve

Details

Reviewers
Theaptos
Sandlayth
Maniphest Tasks
T853: Deploy a Let's encrypt certificate to the Mumble server
Commits
rOPSc356aa59ba95: Allow to update Mumble server certificates
Summary

The Mumble server certificate is managed by Let's encrypt.
It's renewed on Ysul and deployed to nginx folder.

We then need to copy new certificates to Mumble jail
and restart the Murmur server.

This code takes care of this copy/restart operation.
A follow-up change should amend Let's encrypt configuration
to call this script automatically when the certificate is renewed.

Ref. T853.

Test Plan

Tested on Ysul to deploy the current certificate.

Copy, permissions and restart works fine.

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

dereckson updated this revision to Diff 1736.Nov 3 2016, 02:01
dereckson retitled this revision from to Allow to update Mumble server certificates.
dereckson updated this object.
dereckson edited the test plan for this revision. (Show Details)
dereckson added reviewers: Theaptos, Sandlayth.
dereckson added a subscriber: fauve.
dereckson added inline comments.Nov 3 2016, 02:03
roles/mumble/certificates/files/update-mumble-certificates
15

Is there a compact way to write these blocks in pure sh?

dereckson added inline comments.Nov 3 2016, 02:05
roles/mumble/certificates/init.sls
12

At first, I wondered if /usr/local/sbin would be more appropriated.

Then, I've seen there existed some attempts to call jexec as non root user.

http://web.archive.org/web/20070630041040/http://people.collaborativefusion.com/~wmoran/code/jailme.html

dereckson mentioned this in T1038: Renewed Let's encrypt certificate hasn't been deployed to SMTP.Nov 3 2016, 13:36
Sandlayth added inline comments.Nov 3 2016, 13:52
roles/mumble/certificates/files/update-mumble-certificates
15
: ${JAIL_HOSTNAME='mumble.nasqueron.org '}

Don't forget the space after the colon.

Sandlayth requested changes to this revision.Nov 3 2016, 13:52
Sandlayth edited edge metadata.
This revision now requires changes to proceed.Nov 3 2016, 13:52
dereckson updated this revision to Diff 1741.Nov 3 2016, 14:01
dereckson edited edge metadata.
dereckson marked 2 inline comments as done.

Simplify environment declaration

Sandlayth accepted this revision.Nov 3 2016, 14:09
Sandlayth edited edge metadata.
This revision is now accepted and ready to land.Nov 3 2016, 14:09
Closed by commit rOPSc356aa59ba95: Allow to update Mumble server certificates (authored by dereckson, committed by dereckson). · Explain WhyNov 3 2016, 14:13
This revision was automatically updated to reflect the committed changes.
dereckson added a task: T853: Deploy a Let's encrypt certificate to the Mumble server.Nov 6 2016, 19:08

Revision Contents
Changeset List

PathSize
roles/
mumble/
certificates/
files/
23 lines
13 lines

Diff 1742

View Options

roles/mumble/certificates/files/update-mumble-certificates

Loading...
View Options

roles/mumble/certificates/init.sls

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator