_keyring_ -> _keystore_

This commit is contained in:
Andrea Dell'Amico 2020-07-06 15:48:07 +02:00
parent fc0082f6c0
commit 497951c2b6
2 changed files with 16 additions and 16 deletions

View File

@ -4,29 +4,29 @@ ORIENTDB_ENABLED="{{ orientdb_enabled }}"
RETVAL=0 RETVAL=0
# Add the CA certificate if it's not already present # Add the CA certificate if it's not already present
keytool -list -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt | grep {{ java_keyring_letsencrypt_trusted_ca }} keytool -list -keystore {{ java_keystore_file }} -storepass {{ java_keystore_pwd }} -noprompt | grep {{ java_keystore_letsencrypt_trusted_ca }}
RETVAL=$? RETVAL=$?
if [ $RETVAL -ne 0 ] ; then if [ $RETVAL -ne 0 ] ; then
keytool -trustcacerts -keystore "{{ java_keyring_file }}" -storepass {{ java_keyring_pwd }} -noprompt -importcert -alias "{{ java_keyring_letsencrypt_trusted_ca }}" -dname "CN={{ ansible_fqdn }}" -file "{{ letsencrypt_acme_certs_dir }}/fullchain" keytool -trustcacerts -keystore "{{ java_keystore_file }}" -storepass {{ java_keystore_pwd }} -noprompt -importcert -alias "{{ java_keystore_letsencrypt_trusted_ca }}" -dname "CN={{ ansible_fqdn }}" -file "{{ letsencrypt_acme_certs_dir }}/fullchain"
fi fi
# Remove the old certificate # Remove the old certificate
keytool -storepass {{ java_keyring_pwd }} -keystore "{{ java_keyring_file }}" -delete -alias "{{ ansible_fqdn }}" keytool -storepass {{ java_keystore_pwd }} -keystore "{{ java_keystore_file }}" -delete -alias "{{ ansible_fqdn }}"
# Check if the old certificate is still present. If so, we have a problem. Otherwise, import the new one # Check if the old certificate is still present. If so, we have a problem. Otherwise, import the new one
keytool -list -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt | grep {{ ansible_fqdn }} keytool -list -keystore {{ java_keystore_file }} -storepass {{ java_keystore_pwd }} -noprompt | grep {{ ansible_fqdn }}
RETVAL=$? RETVAL=$?
if [ $RETVAL -ne 0 ] ; then if [ $RETVAL -ne 0 ] ; then
openssl pkcs12 -export -in {{ letsencrypt_acme_certs_dir }}/cert -inkey {{ letsencrypt_acme_certs_dir }}/privkey -CAfile {{ letsencrypt_acme_certs_dir }}/fullchain -name "{{ ansible_fqdn }}" -out /var/tmp/{{ ansible_fqdn }}.p12 -password pass:{{ java_keyring_pwd }} openssl pkcs12 -export -in {{ letsencrypt_acme_certs_dir }}/cert -inkey {{ letsencrypt_acme_certs_dir }}/privkey -CAfile {{ letsencrypt_acme_certs_dir }}/fullchain -name "{{ ansible_fqdn }}" -out /var/tmp/{{ ansible_fqdn }}.p12 -password pass:{{ java_keystore_pwd }}
keytool -importkeystore -srcstorepass {{ java_keyring_pwd }} -deststorepass {{ java_keyring_pwd }} -destkeystore {{ java_keyring_file }} -srckeystore /var/tmp/{{ ansible_fqdn }}.p12 -srcstoretype PKCS12 keytool -importkeystore -srcstorepass {{ java_keystore_pwd }} -deststorepass {{ java_keystore_pwd }} -destkeystore {{ java_keystore_file }} -srckeystore /var/tmp/{{ ansible_fqdn }}.p12 -srcstoretype PKCS12
rm -f /var/tmp/{{ ansible_fqdn }}.p12 rm -f /var/tmp/{{ ansible_fqdn }}.p12
else else
logger "orientdb letsencrypt hook: the old certificate is still present inside the keystore, aborting." logger "orientdb letsencrypt hook: the old certificate is still present inside the keystore, aborting."
exit 1 exit 1
fi fi
chmod 440 "{{ java_keyring_file }}" chmod 440 "{{ java_keystore_file }}"
chgrp {{ orientdb_user }} "{{ java_keyring_file }}" chgrp {{ orientdb_user }} "{{ java_keystore_file }}"
if [ "$ORIENTDB_ENABLED" == "True" ] ; then if [ "$ORIENTDB_ENABLED" == "True" ] ; then
logger "orientdb letsencrypt hook: shut down orientdb." logger "orientdb letsencrypt hook: shut down orientdb."

View File

@ -50,10 +50,10 @@
{% else %} {% else %}
<parameter value="false" name="network.ssl.clientAuth"/> <parameter value="false" name="network.ssl.clientAuth"/>
{% endif %} {% endif %}
<parameter value="{{ java_keyring_file }}" name="network.ssl.keyStore"/> <parameter value="{{ java_keystore_file }}" name="network.ssl.keyStore"/>
<parameter value="{{ java_keyring_pwd }}" name="network.ssl.keyStorePassword"/> <parameter value="{{ java_keystore_pwd }}" name="network.ssl.keyStorePassword"/>
<parameter value="{{ java_keyring_file }}" name="network.ssl.trustStore"/> <parameter value="{{ java_keystore_file }}" name="network.ssl.trustStore"/>
<parameter value="{{ java_keyring_pwd }}" name="network.ssl.trustStorePassword"/> <parameter value="{{ java_keystore_pwd }}" name="network.ssl.trustStorePassword"/>
</parameters> </parameters>
</socket> </socket>
<socket implementation="com.orientechnologies.orient.server.network.OServerTLSSocketFactory" name="https"> <socket implementation="com.orientechnologies.orient.server.network.OServerTLSSocketFactory" name="https">
@ -63,10 +63,10 @@
{% else %} {% else %}
<parameter value="false" name="network.ssl.clientAuth"/> <parameter value="false" name="network.ssl.clientAuth"/>
{% endif %} {% endif %}
<parameter value="{{ java_keyring_file }}" name="network.ssl.keyStore"/> <parameter value="{{ java_keystore_file }}" name="network.ssl.keyStore"/>
<parameter value="{{ java_keyring_pwd }}" name="network.ssl.keyStorePassword"/> <parameter value="{{ java_keystore_pwd }}" name="network.ssl.keyStorePassword"/>
<parameter value="{{ java_keyring_file }}" name="network.ssl.trustStore"/> <parameter value="{{ java_keystore_file }}" name="network.ssl.trustStore"/>
<parameter value="{{ java_keyring_pwd }}" name="network.ssl.trustStorePassword"/> <parameter value="{{ java_keystore_pwd }}" name="network.ssl.trustStorePassword"/>
</parameters> </parameters>
</socket> </socket>
</sockets> </sockets>