ca acme avec le ca de la vm

11 months ago · 4117afd993
3 changed files with 9 additions and 2 deletions
--- a/files/snster-kaz/mica/infra/provision.sh
+++ b/files/snster-kaz/mica/infra/provision.sh
@ -23,7 +23,7 @@ wget "https://dl.smallstep.com/gh-release/certificates/gh-release-header/v0.24.2
 dpkg -i step-ca_0.24.2_amd64.deb

 echo "password" > /root/ca-passwordfile
-step ca init --deployment-type=standalone --name="Kaz CA" --dns="ca.mica.sns" --acme --address=":443" --provisioner="contact@kaz.sns" --password-file="/root/ca-passwordfile"
+step ca init --deployment-type=standalone --name="Kaz CA" --dns="ca.mica.sns" --acme --address=":443" --provisioner="contact@kaz.sns" --password-file="/root/ca-passwordfile" --root="letsencrypt/local/rootCA.pem" --key "letsencrypt/local/rootCA-key.pem"
 echo -e '#!/bin/sh\nstep-ca --password-file /root/ca-passwordfile' >> /etc/rc.local
 chmod +x /etc/rc.local

--- a/files/vm-provision.sh
+++ b/files/vm-provision.sh
@ -222,6 +222,8 @@ auth:
    cp -ar /etc/letsencrypt /root/snster-kaz/hoster-a/kaz1/
    cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/
    cp -ar /etc/letsencrypt /root/snster-kaz/hoster-b/kaz2/
+    cp -ar /etc/letsencrypt /root/snster-kaz/mica/infra/
+

    # On lie le filesystem de kaz-prod dans le /kaz de la VM pour le dév
    ln -s /var/lib/lxc/kaz-hoster-a-kaz1/rootfs/ /kaz1-prod
--- a/files/vm-upgrade.sh
+++ b/files/vm-upgrade.sh
@ -15,9 +15,13 @@ git pull
 sed -i -e "s/template=self.template/template=self.template, bdevtype='btrfs'/" /usr/local/lib/python3.9/dist-packages/backends/LxcBackend.py

 # On récupère le dernier kaz-vagrant
+if [ -z "${KAZBRANCH}" ] ; then
+   KAZBRANCH="master"
+fi
 cd /tmp
-git clone https://git.kaz.bzh/KAZ/kaz-vagrant.git || (cd kaz-vagrant && git pull)
+git clone https://git.kaz.bzh/KAZ/kaz-vagrant.git || (cd kaz-vagrant && git fetch && git switch "${KAZBRANCH}" && git pull)
 cd /tmp/kaz-vagrant
+git switch "${KAZBRANCH}"

 # On écrase les anciens fichiers
 cp -ar /tmp/kaz-vagrant/files/snster-kaz /root/
@ -25,6 +29,7 @@ cp -ar /tmp/kaz-vagrant/files/snster-kaz /root/
 cp -ar /etc/letsencrypt /root/snster-kaz/hoster-a/kaz1/
 cp -ar /etc/letsencrypt /root/snster-kaz/hoster-b/kaz2/
 cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/
+cp -ar /etc/letsencrypt /root/snster-kaz/mica/infra/

 # On détruit et reconstruit tout sauf kaz-prod
 SNSTER="snster -c /root/snster-kaz"