Subversion Repositories sysadmin_scripts

Rev

Rev 184 | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
179 rodolico 1
#! /usr/bin/env perl
2
 
182 rodolico 3
# copies server certificates to target, then restarts services
4
# If called with one parameter (hostname), will copy all .crt
5
# and .key files matching hostname (ie, hostname*.crt and 
6
# hostname*.key.
7
#
8
# assumes root user on this system can connect to hostname as
9
# root.
10
#
11
# restarts service apache2 on hostname after copy.
12
#
13
# assumes crt and key files are in $serverCertDir
14
 
179 rodolico 15
use strict;
16
use warnings;
17
 
182 rodolico 18
use FindBin;
19
use File::Spec;
20
use Cwd 'abs_path';
21
use File::Basename;
22
 
23
my $binDir = dirname( abs_path( __FILE__ ) ) . '/';
24
my $config = $binDir . "makeCert.conf";
25
 
26
my $configFile;    # prototype for the domain specific config file
27
my $caCRT;         # location of the CA crt file
28
my $caKey;         # location of the CA Key file
29
my $serverCertDir; # where to put the server certs
30
my $certDays;      # number of days a Server certificate is valid for, not used here
31
my $caDays;        # number of days a CA is good for
32
 
33
die "Config File $config not found\n" unless -f $config;
185 rodolico 34
#die "openssl config file $sslConfig not found\n" unless -f $sslConfig;
182 rodolico 35
 
36
# load the config file
37
eval `cat $config`;
38
 
179 rodolico 39
my $targetDir = '/etc/certificates/';
40
my $remoteCommand = 'chmod 644 /etc/certificates/* && chown root:root /etc/certificates/* && service apache2 reload';
41
my $hostname = shift;
42
my $certname = shift;
43
 
182 rodolico 44
die "Usage: $0 hostname [certname]\n" unless $hostname;
179 rodolico 45
 
184 rodolico 46
# get list of all crt files (without the extension) into @temp
47
my @temp;
48
if ( $certname ) {
49
   die "Can not find $certname ending in .crt or .key\n" unless -f "$serverCertDir$certname.crt" && -f "$serverCertDir$certname.key";
50
   push @temp, "$serverCertDir$certname";
51
} else {
185 rodolico 52
   $certname = $hostname;
53
   opendir my $dh, $serverCertDir or die "Can not find cert directory $serverCertDir: $!\n";
184 rodolico 54
   # get all matching cert files
185 rodolico 55
   @temp = map{ $serverCertDir . $_ } grep { /^$certname.*\.crt/ } readdir( $dh );
184 rodolico 56
   closedir $dh;
57
   for ( my $i = 0; $i < @temp; $i++ ) {
185 rodolico 58
      $temp[$i] =~ s/\.crt$//;
184 rodolico 59
   }
60
}
61
 
62
# make pem, create a list of all files to copy
63
my $filesToCopy;
64
foreach my $file ( @temp ) {
185 rodolico 65
   die "Can not find key file $file.key\n" unless -e "$file\.key";
184 rodolico 66
   `cat $file.crt $file.key > $file.pem`;
185 rodolico 67
   $filesToCopy .= "$file.crt $file.key $file.pem ";
184 rodolico 68
}
69
 
70
# ensure target directory exists on $hostname
185 rodolico 71
`ssh $hostname 'mkdir -p /etc/certificates'`;
184 rodolico 72
# copy the files
73
`scp $filesToCopy $hostname:$targetDir`;
74
# set permissions and reload services
179 rodolico 75
`ssh $hostname '$remoteCommand'`;
76
 
77
print "$hostname updated and web server restarted\n";
78
 
79
1;