46 lines
1.3 KiB
Text
46 lines
1.3 KiB
Text
|
#!/bin/bash
|
||
|
|
||
|
# Prereqs
|
||
|
# Setup private key between members
|
||
|
|
||
|
SERVERS=(
|
||
|
{% for host in groups['haproxy'] %}
|
||
|
{{ hostvars[host].ansible_host }}
|
||
|
{% endfor %}
|
||
|
)
|
||
|
VIRTUAL_IP=( {{ haproxy_shared_ip }} )
|
||
|
USER={{ haproxy_certbot_user }}
|
||
|
PRIVATE_KEY={{ haproxy_private_key }}
|
||
|
|
||
|
TARFILE=letsencrypt.tar
|
||
|
TARFILE_COMPRESS=$TARFILE'.gz'
|
||
|
|
||
|
if [[ $(hostname -I)[*] =~ $VIRTUAL_IP ]]; then
|
||
|
echo "Current master - Processing renewals"
|
||
|
certbot renew
|
||
|
|
||
|
# tar the letsencrypt directory for transferring to other members with symlinks
|
||
|
tar cfP $TARFILE /etc/letsencrypt/
|
||
|
|
||
|
# Add each letsencrypt cert to the tarball
|
||
|
for cert in /etc/letsencrypt/live/*/ ;
|
||
|
do
|
||
|
tar ufP $TARFILE /etc/haproxy/ssl/$(basename $cert).pem
|
||
|
done
|
||
|
|
||
|
# Compress the file for transfer
|
||
|
gzip -f9 $TARFILE
|
||
|
|
||
|
# Update the other members of the cluster
|
||
|
for SERVER in "${SERVERS[@]}"
|
||
|
do
|
||
|
if [[ ! $(hostname -I)[*] =~ $SERVER ]]; then
|
||
|
# Transfer the files to the backup server
|
||
|
sudo -u $USER scp -i $PRIVATE_KEY $TARFILE_COMPRESS $USER@$SERVER:~
|
||
|
|
||
|
# Deploy the current letsencrypt config/certs
|
||
|
sudo -u $USER ssh -i $PRIVATE_KEY $USER@$SERVER "sudo rm -rf /etc/letsencrypt; sudo tar xzfP $TARFILE_COMPRESS && sudo rm $TARFILE_COMPRESS;sudo systemctl reload haproxy"
|
||
|
fi
|
||
|
done
|
||
|
fi
|