-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtemplate_start_script.sh
139 lines (93 loc) · 3.4 KB
/
template_start_script.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
#!/bin/bash
set -x
. shared_logging.sh
###############################
## ACtion - _CHANGE_TO_REQUIRED_APP_CERT_DUR_VARIABLE to the required Variable
## ACtion - Update INST_LOCFILE & CERT_LOCATION
#################################
HOST_FQDN=`hostname -f`
INST_LOCFILE="{file or process to check that APP is initialised}"
HN=`hostname -f`
#TX_CONTAINER_NAME
CERT_LOCATION="./cert"
CERT_NAME="[&replace_lower_app_name&]"
CERT_DB_LOCATION="./.postgresql"
CERT_DB_NAME="${TX_POSTGRES_USER}"
check_step_ca () {
#check_step_ca ${number_of_loops} ${sleep duration}
for (( i=1; i<=${1}; i++ )); do
curl -sk ${TX_STEP_HOST}/roots.pem -o stepCA.pem
retVal=$?
if [[ $retVal -eq 0 ]];then
let stepca_cdur=$(step ca provisioner list --ca-url=${TX_STEP_HOST} --root=./stepCA.pem |jq -r '.[0].claims.maxTLSCertDuration | split("h")[0]')
let app_cdur=$(echo $TX_[&REPLACE_UPPER_APP_NAME&]_CERT_DUR |sed "s/h//")
if [[ "$app_cdur" -le "$stepca_cdur" ]]; then
return 0
else
logwarn "Step is available but the max certificate expiry is not set correctly, post script wants $app_cdur waiting for step as its currently $stepca_cdur: attempt $i / ${1}"
fi
fi
sleep ${2}
done
return 1
}
initialise_app () {
loginfo "initial setup of application"
FP=$(step certificate fingerprint stepCA.pem)
step ca bootstrap --ca-url ${TX_STEP_HOST} --fingerprint ${FP}
#app server certificate
step ca certificate ${TX_CONTAINER_NAME} ${CERT_LOCATION}/${CERT_NAME}.crt ${CERT_LOCATION}/${CERT_NAME}.key --not-after ${TX_[&REPLACE_UPPER_APP_NAME&]_CERT_DUR} --san ${TX_CONTAINER_NAME} --san $HOST_FQDN --provisioner-password-file <(set +x;echo -n `shared_get_info.sh STEP PW`;set -x)
#db user connection certificate
step ca certificate ${CERT_DB_NAME} ${CERT_DB_LOCATION}/${CERT_DB_NAME}.crt ${CERT_DB_LOCATION}/${CERT_DB_NAME}.key --not-after ${TX_[&REPLACE_UPPER_APP_NAME&]_CERT_DUR} --san ${CERT_DB_NAME} --san $HOST_FQDN --provisioner-password-file <(set +x;echo -n `shared_get_info.sh STEP PW`;set -x)
}
renew () {
loginfo "renew"
}
config_file () {
loginfo "config_file"
}
startup () {
loginfo "startup"
}
post_startup_init () {
loginfo "post start initialisation actions"
}
stopapp () {
loginfo "stopping "
}
shutdown_stopapp () {
stopapp
exit 0
}
andcheck () {
loginfo "test"
stopapp
renew
startup
}
trap shutdown_stopapp TERM INT
if [[ ! -f ${INST_LOCFILE} ]];then
if check_step_ca 2 10; then
loginfo "setup TX_APP"
initialise_app
config_file
startup
post_startup_init
sleep 25
andcheck
else
logerr "Exiting setup as step ca cant be contacted"
fi
else
if check_step_ca 2 10; then
loginfo "Renew certificate and startup TX_APP"
renew
startup
andcheck
else
logerr "Failure to connect to step-ca - cant renew certificates but starting TX_APP and certificates may cause issues "
startup
andcheck
fi
fi
tail -f /dev/null