fix deploy_pki

This commit is contained in:
Alex 2023-01-02 13:51:13 +01:00
parent d588764748
commit af73126f45
Signed by untrusted user: lx
GPG key ID: 0E496D15096376BE

View file

@ -19,8 +19,10 @@ cmd ln -sf /var/lib/consul/pki/consul$YEAR.key /var/lib/consul/pki/consul.key
cmd ln -sf /var/lib/consul/pki/consul$YEAR-client.crt /var/lib/consul/pki/consul-client.crt cmd ln -sf /var/lib/consul/pki/consul$YEAR-client.crt /var/lib/consul/pki/consul-client.crt
cmd ln -sf /var/lib/consul/pki/consul$YEAR-client.key /var/lib/consul/pki/consul-client.key cmd ln -sf /var/lib/consul/pki/consul$YEAR-client.key /var/lib/consul/pki/consul-client.key
if [ ! "$CLUSTER" = "prod" ]; then
cmd systemctl restart consul cmd systemctl restart consul
cmd sleep 10 cmd sleep 10
fi
for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key \ for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key \
nomad$YEAR-client.crt nomad$YEAR-client.key \ nomad$YEAR-client.crt nomad$YEAR-client.key \
@ -28,7 +30,7 @@ for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key \
do do
if pass $PKI/$file >/dev/null; then if pass $PKI/$file >/dev/null; then
write_pass $PKI/$file /var/lib/nomad/pki/$file write_pass $PKI/$file /var/lib/nomad/pki/$file
cmd "chown \$(stat -c %u /var/lib/nomad) /var/lib/nomad/pki/$file" cmd "chown \$(stat -c %u /var/lib/nomad/client/client-id) /var/lib/nomad/pki/$file"
fi fi
done done
@ -40,7 +42,9 @@ cmd ln -sf /var/lib/nomad/pki/consul$YEAR.crt /var/lib/nomad/pki/consul.crt
cmd ln -sf /var/lib/nomad/pki/consul$YEAR-client.crt /var/lib/nomad/pki/consul-client.crt cmd ln -sf /var/lib/nomad/pki/consul$YEAR-client.crt /var/lib/nomad/pki/consul-client.crt
cmd ln -sf /var/lib/nomad/pki/consul$YEAR-client.key /var/lib/nomad/pki/consul-client.key cmd ln -sf /var/lib/nomad/pki/consul$YEAR-client.key /var/lib/nomad/pki/consul-client.key
if [ ! "$CLUSTER" = "prod" ]; then
cmd systemctl restart nomad cmd systemctl restart nomad
fi
set_env CONSUL_HTTP_ADDR=https://localhost:8501 set_env CONSUL_HTTP_ADDR=https://localhost:8501
set_env CONSUL_CACERT=/var/lib/consul/pki/consul-ca.crt set_env CONSUL_CACERT=/var/lib/consul/pki/consul-ca.crt