ca acme avec le ca de la vm

This commit is contained in:
Francois Lesueur 2023-05-26 10:04:35 +02:00
parent c7e438d4ee
commit 4117afd993
3 changed files with 9 additions and 2 deletions

View File

@ -23,7 +23,7 @@ wget "https://dl.smallstep.com/gh-release/certificates/gh-release-header/v0.24.2
dpkg -i step-ca_0.24.2_amd64.deb dpkg -i step-ca_0.24.2_amd64.deb
echo "password" > /root/ca-passwordfile echo "password" > /root/ca-passwordfile
step ca init --deployment-type=standalone --name="Kaz CA" --dns="ca.mica.sns" --acme --address=":443" --provisioner="contact@kaz.sns" --password-file="/root/ca-passwordfile" step ca init --deployment-type=standalone --name="Kaz CA" --dns="ca.mica.sns" --acme --address=":443" --provisioner="contact@kaz.sns" --password-file="/root/ca-passwordfile" --root="letsencrypt/local/rootCA.pem" --key "letsencrypt/local/rootCA-key.pem"
echo -e '#!/bin/sh\nstep-ca --password-file /root/ca-passwordfile' >> /etc/rc.local echo -e '#!/bin/sh\nstep-ca --password-file /root/ca-passwordfile' >> /etc/rc.local
chmod +x /etc/rc.local chmod +x /etc/rc.local

View File

@ -222,6 +222,8 @@ auth:
cp -ar /etc/letsencrypt /root/snster-kaz/hoster-a/kaz1/ cp -ar /etc/letsencrypt /root/snster-kaz/hoster-a/kaz1/
cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/ cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/
cp -ar /etc/letsencrypt /root/snster-kaz/hoster-b/kaz2/ cp -ar /etc/letsencrypt /root/snster-kaz/hoster-b/kaz2/
cp -ar /etc/letsencrypt /root/snster-kaz/mica/infra/
# On lie le filesystem de kaz-prod dans le /kaz de la VM pour le dév # On lie le filesystem de kaz-prod dans le /kaz de la VM pour le dév
ln -s /var/lib/lxc/kaz-hoster-a-kaz1/rootfs/ /kaz1-prod ln -s /var/lib/lxc/kaz-hoster-a-kaz1/rootfs/ /kaz1-prod

View File

@ -15,9 +15,13 @@ git pull
sed -i -e "s/template=self.template/template=self.template, bdevtype='btrfs'/" /usr/local/lib/python3.9/dist-packages/backends/LxcBackend.py sed -i -e "s/template=self.template/template=self.template, bdevtype='btrfs'/" /usr/local/lib/python3.9/dist-packages/backends/LxcBackend.py
# On récupère le dernier kaz-vagrant # On récupère le dernier kaz-vagrant
if [ -z "${KAZBRANCH}" ] ; then
KAZBRANCH="master"
fi
cd /tmp cd /tmp
git clone https://git.kaz.bzh/KAZ/kaz-vagrant.git || (cd kaz-vagrant && git pull) git clone https://git.kaz.bzh/KAZ/kaz-vagrant.git || (cd kaz-vagrant && git fetch && git switch "${KAZBRANCH}" && git pull)
cd /tmp/kaz-vagrant cd /tmp/kaz-vagrant
git switch "${KAZBRANCH}"
# On écrase les anciens fichiers # On écrase les anciens fichiers
cp -ar /tmp/kaz-vagrant/files/snster-kaz /root/ cp -ar /tmp/kaz-vagrant/files/snster-kaz /root/
@ -25,6 +29,7 @@ cp -ar /tmp/kaz-vagrant/files/snster-kaz /root/
cp -ar /etc/letsencrypt /root/snster-kaz/hoster-a/kaz1/ cp -ar /etc/letsencrypt /root/snster-kaz/hoster-a/kaz1/
cp -ar /etc/letsencrypt /root/snster-kaz/hoster-b/kaz2/ cp -ar /etc/letsencrypt /root/snster-kaz/hoster-b/kaz2/
cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/ cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/
cp -ar /etc/letsencrypt /root/snster-kaz/mica/infra/
# On détruit et reconstruit tout sauf kaz-prod # On détruit et reconstruit tout sauf kaz-prod
SNSTER="snster -c /root/snster-kaz" SNSTER="snster -c /root/snster-kaz"