forked from evolix/ansible-roles
certbot: Renewal hook for NRPE
This commit is contained in:
parent
0a4a220bdf
commit
b0ba70f06c
|
@ -13,6 +13,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|
||||||
|
* certbot: Renewal hook for NRPE
|
||||||
* kvm-host: add minifirewall rules if DRBD interface is configured
|
* kvm-host: add minifirewall rules if DRBD interface is configured
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
44
certbot/files/hooks/deploy/nrpe.sh
Normal file
44
certbot/files/hooks/deploy/nrpe.sh
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
error() {
|
||||||
|
>&2 echo "${PROGNAME}: $1"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
debug() {
|
||||||
|
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
||||||
|
>&2 echo "${PROGNAME}: $1"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
daemon_found_and_running() {
|
||||||
|
test -n "$(pidof nrpe)"
|
||||||
|
}
|
||||||
|
letsencrypt_lineaged_used() {
|
||||||
|
grep -r "^ssl_cert_file" /etc/nagios/ | grep "letsencrypt" | grep -q "$(basename "${RENEWED_LINEAGE}")"
|
||||||
|
}
|
||||||
|
copy_letsencrypt_cert() {
|
||||||
|
DEST_CERTIFICATE=$(grep -r "^ssl_cert_file" /etc/nagios/ | awk -F'=' '{print $2}')
|
||||||
|
DEST_PRIVATE_KEY=$(grep -r "^ssl_privatekey_file" /etc/nagios/ | awk -F'=' '{print $2}')
|
||||||
|
|
||||||
|
install --mode 440 --group nagios ${RENEWED_LINEAGE}/fullchain.pem ${DEST_CERTIFICATE}
|
||||||
|
install --mode 440 --group nagios ${RENEWED_LINEAGE}/privkey.pem ${DEST_PRIVATE_KEY}
|
||||||
|
}
|
||||||
|
main() {
|
||||||
|
if daemon_found_and_running; then
|
||||||
|
if letsencrypt_lineaged_used; then
|
||||||
|
debug "NRPE detected... Copying certificates to the right place & permissions"
|
||||||
|
copy_letsencrypt_cert
|
||||||
|
debug "Restarting NRPE"
|
||||||
|
systemctl restart nagios-nrpe-server
|
||||||
|
else
|
||||||
|
debug "NRPE doesn't use the given Let's Encrypt certificate. Skip."
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
debug "NRPE is not running or missing. Skip."
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
readonly PROGNAME=$(basename "$0")
|
||||||
|
readonly VERBOSE=${VERBOSE:-"0"}
|
||||||
|
readonly QUIET=${QUIET:-"0"}
|
||||||
|
|
||||||
|
main
|
Loading…
Reference in a new issue