there can only be one

This commit is contained in:
f 2022-03-08 14:40:02 -03:00
parent 6a30aaa5ec
commit d32a39acfc

View file

@ -1,5 +1,32 @@
#!/bin/sh #!/bin/sh
lock=/tmp/certbot.lck
ensure() {
test -n "$1" && echo "$1 received, exiting gracefully..."
rm -f "${lock}"
# Fix permissions, users in group ssl have read access
find /etc/letsencrypt -type d | xargs -r chmod 2750
find /etc/letsencrypt -type f | xargs -r chmod 640
chgrp -R ssl /etc/letsencrypt
# Push certificates to nodes, we use SSH as a secure transport
# but this means we're synchronizing from container to host which is
# awkward. A restricted rsync treats / as the remote location for the
# certificates.
for NODE in ${NODES}; do
rsync -avHAX --delete-after /etc/letsencrypt/ ${NODE}:/
done
}
for SIG in TERM QUIT INT HUP ERR; do
trap "ensure ${SIG}" ${SIG}
done
set -e
case $1 in case $1 in
# Renew certificates, trust in certbot's algorithms # Renew certificates, trust in certbot's algorithms
renew) /usr/bin/certbot renew --quiet --agree-tos ;; renew) /usr/bin/certbot renew --quiet --agree-tos ;;
@ -20,6 +47,10 @@ case $1 in
done ;; done ;;
# Generate certificates # Generate certificates
*) *)
# Only one instance can run at a time
test -f "${lock}" && exit 0
touch "${lock}"
# Save headers here # Save headers here
headers=/tmp/headers headers=/tmp/headers
# Gets ETag from previous headers # Gets ETag from previous headers
@ -50,15 +81,4 @@ case $1 in
done done
esac esac
# Fix permissions, users in group ssl have read access ensure
find /etc/letsencrypt -type d | xargs -r chmod 2750
find /etc/letsencrypt -type f | xargs -r chmod 640
chgrp -R ssl /etc/letsencrypt
# Push certificates to nodes, we use SSH as a secure transport
# but this means we're synchronizing from container to host which is
# awkward. A restricted rsync treats / as the remote location for the
# certificates.
for NODE in ${NODES}; do
rsync -avHAX --delete-after /etc/letsencrypt/ ${NODE}:/
done