adjusting networks for certbot so that we can talk to the right containers

2020-06-06 15:18:26 -04:00
parent 4439ae493d
commit 68296c8e92
11 changed files with 82 additions and 33 deletions
--- a/dockerfiles/services/sslproxy/cli/certbot/certbot
+++ b/dockerfiles/services/sslproxy/cli/certbot/certbot
@@ -17,11 +17,5 @@ run() {
    run test $@
 }

-run_help() {
-    docker-compose \
-    -f docker-compose.tools.yml \
-    run test --help $@
-}
-

 run $@
--- a/dockerfiles/services/sslproxy/cli/certbot/info.help
+++ b/dockerfiles/services/sslproxy/cli/certbot/info.help
@@ -1,3 +1 @@
-ARGS  - The arguments you wish to provide to this command
-
-TODO: Fill out the help information for this command.
+prod if you want to see info about production certs
--- a/dockerfiles/services/sslproxy/cli/certbot/info.usage
+++ b/dockerfiles/services/sslproxy/cli/certbot/info.usage
@@ -1 +1 @@
-ARGS...
+[prod]
--- a/dockerfiles/services/sslproxy/cli/certbot/renew
+++ b/dockerfiles/services/sslproxy/cli/certbot/renew
@@ -1,6 +1,5 @@
 #!/usr/bin/env bash
 set -e
-set -x

 LETSENCRYPT_IMAGE=dkregistry.xai-corp.net:5000/xaicorp/acme-certbot
 LETSENCRYPT_MOUNT=/opt/shared/letsencrypt-2-staging
@@ -8,10 +7,6 @@ CERT_NAME=xai-corp.net

 LOG=$(mktemp)

-##export LOCAL_IMAGE
-#export REMOTE_IMAGE
-##export TAG
-
 ###

 run() {
@@ -31,7 +26,24 @@ update() {
  # shellcheck disable=SC2086
  docker-compose \
    -f docker-compose.tools.yml \
-    run --name sslproxy_renew renew ${OPTIONS}
+    run --rm --name sslproxy_renew \
+    renew ${OPTIONS}
+}
+
+test_new_certs() {
+  echo | openssl s_client -showcerts -servername gnupg.org -connect git.xai-corp.net:443 2>/dev/null \
+   | openssl x509 -inform pem -noout -text \
+   | grep 'Timestamp :'
+}
+
+retart_nginx() {
+  export DOCKER_HOST=${DOCKER_HOST:-'dkhost:2376'}
+  echo restarting nginx
+
+  containers=$(docker ps -q --filter "status=running" --filter "name=sslproxy_app")
+  for c in $containers; do
+    docker exec -it $c nginx -s reload
+  done
 }

 function trap_exit() {
@@ -61,25 +73,37 @@ print_usage() {

 ENVIRONMENT=dev
 OPTIONS="--cert-name ${CERT_NAME}"
-while getopts de: name
+TEST_CERT=true
+while getopts tnpde: name
 do
    case $name in
    d)
      OPTIONS="$OPTIONS --dry-run"
      ;;
-    e)
-      if [ $OPTARG == 'prod' ]; then
+    p)
+        TEST_CERT=false
        ENVIRONMENT=prod
-      else
-        OPTIONS="$OPTIONS --test-cert"
-      fi
      ;;
-    : )
+    t)
+      test_new_certs
+      exit 0
+      ;;
+    n)
+      retart_nginx
+      exit 0
+      ;;
+    :)
      echo "Invalid option: $OPTARG requires an argument" 1>&2
      ;;
    *)    print_usage;;
    esac
 done

+if [ "$TEST_CERT" == "true" ]; then
+  OPTIONS="$OPTIONS --test-cert"
+fi
+
 # shellcheck disable=SC2068
 run $@
+restart_nginx
+test_new_certs
--- a/dockerfiles/services/sslproxy/cli/certbot/renew.help
+++ b/dockerfiles/services/sslproxy/cli/certbot/renew.help
@@ -1,3 +1,3 @@
-ARGS  - The arguments you wish to provide to this command
+renew certificates

-TODO: Fill out the help information for this command.
+-p update production certs, otherwise we will update the staging certificates
--- a/dockerfiles/services/sslproxy/cli/certbot/renew.usage
+++ b/dockerfiles/services/sslproxy/cli/certbot/renew.usage
@@ -1 +1 @@
-ARGS...
+[-p]