Changes between Version 2 and Version 3 of support-team/update-ssl-certificate

Timestamp:

Apr 13, 2014, 10:35:23 PM (12 years ago)

Author:

Steve Revilak

Comment:

--

support-team/update-ssl-certificate

@@ -14 +14 @@
     exit 1
 fi
+
+# if anything goes wrong, stop
+set -e
 
 echo "Creating /etc/ssl/temp directory..."
@@ -34 +37 @@
 
 echo "Moving new files into place..."
-ssh -t root@$1.mayfirst.org "mv /etc/ssl/$1.mayfirst.org.crt{,.old} && mv /etc/ssl/$1.mayfirst.org.crt{.new,} && mv /etc/ssl/private/$1.mayfirst.org.pem{,.old} && mv /etc/ssl/private/$1.mayfirst.org.pem{.new,} && [[ -a /etc/ssl/private/$1.mayfirst.org.key ]] && mv /etc/ssl/private/$1.mayfirst.org.key{,.old} || echo 'No old key to move' && mv /etc/ssl/private/$1.mayfirst.org.safe.key /etc/ssl/private/$1.mayfirst.org.key && /usr/local/sbin/freepuppet-run"
+# ssh -t root@$1.mayfirst.org "mv /etc/ssl/$1.mayfirst.org.crt{,.old} && mv /etc/ssl/$1.mayfirst.org.crt{.new,} && mv /etc/ssl/private/$1.mayfirst.org.pem{,.old} && mv /etc/ssl/private/$1.mayfirst.org.pem{.new,} && [[ -a /etc/ssl/private/$1.mayfirst.org.key ]] && mv /etc/ssl/private/$1.mayfirst.org.key{,.old} || echo 'No old key to move' && mv /etc/ssl/private/$1.mayfirst.org.safe.key /etc/ssl/private/$1.mayfirst.org.key && /usr/local/sbin/freepuppet-run"
+
+# a variation on the line above, which attempts to cope with missing files
+ssh -t root@$1.mayfirst.org "(test ! -f /etc/ssl/$1.mayfirst.org.crt || \
+       mv -v /etc/ssl/$1.mayfirst.org.crt{,.old}) && \
+  mv -v /etc/ssl/$1.mayfirst.org.crt{.new,} && \
+  (test ! -f /etc/ssl/private/$1.mayfirst.org.pem || \
+       mv -v /etc/ssl/private/$1.mayfirst.org.pem{,.old}) && \
+  mv -v /etc/ssl/private/$1.mayfirst.org.pem{.new,} && \
+  (test ! -f /etc/ssl/private/$1.mayfirst.org.key || \
+       mv -v /etc/ssl/private/$1.mayfirst.org.key{,.old}) && \
+  mv -v /etc/ssl/private/$1.mayfirst.org.safe.key \
+     /etc/ssl/private/$1.mayfirst.org.key && \
+  /usr/local/sbin/freepuppet-run"
+
 
 # Use this line for brand new servers