#!/usr/bin/env bash # =============================================================== # - Don't make definitions here! Do this at the configuration file # ================================================================ working_dir="$(dirname $(realpath $0))" conf_file="${working_dir}/conf/check_cert_for_service.conf" # ---------- # - # - Script checks, whether the certificate for mumble services are up to date. If # - newer versions than the installed one found, script changes the installed # - key/cert to the latest version. # - # - Note !! # - This script is very special to the server environment of machine 'o13-il.oopen.de' # - # ---------- LOCK_DIR="/tmp/check_cert_${service_name}.sh.LOCK" log_file="${LOCK_DIR}/check_cert_${service_name}.log" restart_service=false # ------------- # --- Some functions # ------------- clean_up() { # Perform program exit housekeeping rm -rf "$LOCK_DIR" exit $1 } echononl(){ if $terminal ; then echo X\\c > /tmp/shprompt$$ if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then echo -e -n "$*\\c" 1>&2 else echo -e -n "$*" 1>&2 fi rm /tmp/shprompt$$ fi } fatal(){ echo "" if $terminal ; then echo -e " [ \033[31m\033[1mFatal\033[m ]: $*" echo "" echo -e " \033[31m\033[1mScript was interupted\033[m!" else echo " [ Fatal ]: $*" echo "" echo " Script was terminated...." fi echo "" clean_up 1 } error() { echo "" if $terminal ; then echo -e " [ \033[31m\033[1mError\033[m ]: $*" else echo " [ Error ]: $*" fi echo "" } warn() { echo "" if $terminal ; then echo -e " [ \033[33m\033[1mWarning\033[m ]: $*" else echo " [ Warning ]: $*" fi echo "" } info() { if $terminal ; then echo "" echo -e " [ \033[32m\033[1mInfo\033[m ]: $*" echo "" fi } echo_failed(){ if $terminal ; then echo -e "\033[75G[ \033[1;31mfailed\033[m ]" fi } echo_done() { if $terminal ; then echo -e "\033[75G[ \033[32mok\033[m ]" fi } # ------------- # - Job is already running? # ------------- # - If job already runs, stop execution.. # - if mkdir "$LOCK_DIR" 2> /dev/null ; then # - Remove lockdir when the script finishes, or when it receives a signal # - trap clean_up SIGHUP SIGINT SIGTERM else msg="A previos instance of script \"`basename $0`\" seems already be running." echo "" if $terminal ; then echo -e "[ \033[31m\033[1mFatal\033[m ]: $msg" echo "" echo -e " \033[31m\033[1mScript was interupted\033[m!" else echo " [ Fatal ]: $msg" echo "" echo " Script was interupted!" fi echo exit 1 fi # ------------- # --- Some checks # ------------- # - Running in a terminal? # - if [[ -t 1 ]] ; then terminal=true else terminal=false fi # - Read Configurations from $conf_file # - if [[ ! -f "$conf_file" ]]; then fatal " Configuration file '$(basename ${conf_file})' not found!" else source $conf_file fi # - Systemd supported ? # - systemd_supported=false systemd=$(which systemd) systemctl=$(which systemctl) if [[ -n "$systemd" ]] && [[ -n "$systemctl" ]] ; then systemd_supported=true fi SYSTEMD_SERVICE= SYSV_INIT_SCRIPT= if $systemd_supported ; then if systemctl -t service list-unit-files \ | grep -e "^${service_name,,}d" \ | grep -q -E "(enabled|disabled|generated)" 2> /devnull ; then SYSTEMD_SERVICE="$(systemctl -t service list-unit-files | grep -e "^${service_name,,}d" | awk '{print$1}' | head -1)" elif systemctl -t service list-unit-files \ | grep -e "^${service_name,,}-server" \ | grep -q -E "(enabled|disabled|generated)" 2> /devnull ; then SYSTEMD_SERVICE="$(systemctl -t service list-unit-files | grep -e "^${service_name,,}-server" | awk '{print$1}' | head -1)" elif systemctl -t service list-unit-files \ | grep -e "^${service_name,,}" \ | grep -q -E "(enabled|disabled|generated)" 2> /devnull ; then SYSTEMD_SERVICE="$(systemctl -t service list-unit-files | grep -e "^${service_name,,}" | awk '{print$1}' | head -1)" fi fi if [[ -z "$SYSTEMD_SERVICE" ]]; then if [[ -x "/etc/init.d/${service_name,,}" ]]; then SYSV_INIT_SCRIPT="/etc/init.d/${service_name,,}" elif [[ -x "/etc/init.d/${service_name,,}d" ]]; then SYSV_INIT_SCRIPT="/etc/init.d/${service_name,,}d" elif [[ -x "/etc/init.d/${service_name,,}-server" ]]; then SYSV_INIT_SCRIPT="/etc/init.d/${service_name,,}-server" fi fi if [[ -z "$SYSTEMD_SERVICE" ]] && [[ -z "$SYSV_INIT_SCRIPT" ]] ; then fatal "Neither an init-script nor a service file for $service_name found!" fi #echo "SYSTEMD_SERVICE: $SYSTEMD_SERVICE" #echo "SYSV_INIT_SCRIPT: $SYSV_INIT_SCRIPT" #clean_up 0 # ------------- # - Don't run script, if any give path for cert/key does not exists # ------------- if [[ ! -f "$cert_installed" ]] ; then fatal "Installed Certificate '$cert_installed' for service '${service_name}' not found!" elif [[ ! -f "$cert_newest" ]] ; then fatal "Newest Certificate '$cert_newest' for service '${service_name}' not found!" elif [[ ! -f "$key_installed" ]]; then fatal "Installed Key '$key_installed' for service '${service_name}' not found!" elif [[ ! -f "$key_newest" ]] ; then fatal "Newest Key '$key_newest' for service '${service_name}' not found!" fi # ------------- # - Check if key/cert are up to date, change them if needed. # ------------- if ! diff "$(realpath "$cert_installed")" "$(realpath "$cert_newest")" > /dev/null 2>&1 ; then _failed=false warn "Certificate for service '${service_name}' is outdated! Try to update certificate and key.." echononl " Update certificat for for service '${service_name}' .." > $log_file if [[ -h "$cert_installed" ]] ; then rm "$(realpath "$cert_installed")" >> $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi fi rm "$cert_installed" >> $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi cp -a "$(realpath "$cert_newest")" "$(dirname "$cert_installed")" >> $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi chown ${service_user}:$service_group "$(dirname "$cert_installed")/$(basename "$(realpath "$cert_newest")")" >> $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi ln -s "$(basename "$(realpath "$cert_newest")")" "$cert_installed" >> $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi if $_failed ; then echo_failed error "$(cat "$log_file")" else echo_done fi if ! $_failed ; then _failed=false echononl " Update key for service '${service_name}' .." if [[ -h "$key_installed" ]] ; then rm "$(realpath "$key_installed")" >> $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi fi rm "$key_installed" > $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi cp -a "$(realpath "$key_newest")" "$(dirname "$key_installed")" >> $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi chown ${service_user}:$service_group "$(dirname "$key_installed")/$(basename "$(realpath "$key_newest")")" >> $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi ln -s "$(basename "$(realpath "$key_newest")")" "$key_installed" >> $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi if $_failed ; then echo_failed error "$(cat "$log_file")" else echo_done restart_service=true fi fi if ! $_failed ; then if $terminal ; then info "Certificate/Key for service '${service_name}' is now up to date" else echo "" echo " [ Info ]: Certificate/Key for service '${service_name}' is now up to date" echo "" fi else error "Updating Certificate/Key for service '${service_name}' failed!" fi else up_to_date=true info "Certificate for service '${service_name}' is up to date!" fi if $restart_service ; then _failed=false echononl "Going to restart Service '${service_name}' .." if [[ -n "$SYSTEMD_SERVICE" ]] ; then $systemctl daemon-reload > $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi sleep 2 $systemctl stop $SYSTEMD_SERVICE >> $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi sleep 10 $systemctl start $SYSTEMD_SERVICE >> $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi if $_failed ; then echo_failed error "$(cat "$log_file")" else echo_done fi else $SYSV_INIT_SCRIPT stop > $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi sleep 10 $SYSV_INIT_SCRIPT start >> $log_file 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi if $_failed ; then echo_failed error "$(cat "$log_file")" else echo_done fi fi if ! $_failed ; then declare -i counter=0 PID=$(ps -e f | grep -E "${check_string_ps}"| grep -v grep | awk '{print$1}') while [[ "X${PID}" = "X" ]]; do if [[ $counter -gt 10 ]]; then _failed=true break else ((counter++)) fi sleep 1 PID=$(ps -e f | grep -E "${check_string_ps}"| grep -v grep | awk '{print$1}') done fi if $_failed ; then error "Restarting service '${service_name}' failed!" else if $terminal ; then info "'${service_name}' Service was restarted. the new pid is '$PID'." else echo "" echo " '${service_name}' Service was restarted. the new pid is '$PID'." echo "" fi fi fi clean_up 0