| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar-conf.sh 2223 2017-05-14 14:38:01Z tom.houdayer $
|
2 |
# $Id: alcasar-conf.sh 2244 2017-05-21 00:16:14Z tom.houdayer $
|
| 3 |
|
3 |
|
| 4 |
# alcasar-conf.sh
|
4 |
# alcasar-conf.sh
|
| 5 |
# by REXY
|
5 |
# by REXY
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
|
7 |
|
| Line 9... |
Line 9... |
| 9 |
# - création de l'archive des fichiers de configuration dans "/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create)
|
9 |
# - création de l'archive des fichiers de configuration dans "/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create)
|
| 10 |
# - chargement de l'archive de fichiers de configuration lors de la mise à jour d'un alcasar (alcasar-conf -load)
|
10 |
# - chargement de l'archive de fichiers de configuration lors de la mise à jour d'un alcasar (alcasar-conf -load)
|
| 11 |
# - application des directives du fichier de conf central "/usr/local/etc/alcasar.conf" lors d'un changement de conf réseau à chaud (alcasar-conf -apply)
|
11 |
# - application des directives du fichier de conf central "/usr/local/etc/alcasar.conf" lors d'un changement de conf réseau à chaud (alcasar-conf -apply)
|
| 12 |
# This script allows ALCASAR update
|
12 |
# This script allows ALCASAR update
|
| 13 |
# - create the configuration files backup "/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create)
|
13 |
# - create the configuration files backup "/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create)
|
| 14 |
# - load the bachup of configuration files during the update process (alcasar-conf -load)
|
14 |
# - load the backup of configuration files during the update process (alcasar-conf -load)
|
| 15 |
# - apply ALCASAR central configuration file "/usr/local/etc/alcasar.conf" when hot modification is needed (alcasar-conf -apply)
|
15 |
# - apply ALCASAR central configuration file "/usr/local/etc/alcasar.conf" when hot modification is needed (alcasar-conf -apply)
|
| 16 |
|
16 |
|
| 17 |
new="$(date +%G%m%d-%Hh%M)" # date et heure des fichiers
|
17 |
new="$(date +%G%m%d-%Hh%M)" # date et heure des fichiers
|
| 18 |
fichier="alcasar-conf-$new.tar.gz" # nom du fichier de sauvegarde
|
18 |
fichier="alcasar-conf-$new.tar.gz" # nom du fichier de sauvegarde
|
| 19 |
DIR_UPDATE="/tmp/conf" # répertoire de stockage des fichier de conf pour une mise à jour
|
19 |
DIR_UPDATE="/tmp/conf" # répertoire de stockage des fichier de conf pour une mise à jour
|
| Line 99... |
Line 99... |
| 99 |
cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE # autosigned and official if exist
|
99 |
cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE # autosigned and official if exist
|
| 100 |
cp -f /etc/pki/tls/private/alcasar.key* $DIR_UPDATE # autosigned & official if exist
|
100 |
cp -f /etc/pki/tls/private/alcasar.key* $DIR_UPDATE # autosigned & official if exist
|
| 101 |
cp -f /etc/pki/CA/alcasar-ca.crt $DIR_UPDATE
|
101 |
cp -f /etc/pki/CA/alcasar-ca.crt $DIR_UPDATE
|
| 102 |
cp -f /etc/pki/CA/private/alcasar-ca.key $DIR_UPDATE
|
102 |
cp -f /etc/pki/CA/private/alcasar-ca.key $DIR_UPDATE
|
| 103 |
if [ -e /etc/pki/tls/certs/server-chain.crt ]; then
|
103 |
if [ -e /etc/pki/tls/certs/server-chain.crt ]; then
|
| 104 |
cp -f /etc/pki/tls/certs/server-chain.crt $DIR_UPDATE
|
104 |
cp -f /etc/pki/tls/certs/server-chain.crt* $DIR_UPDATE # autosigned and official if exist
|
| 105 |
else
|
105 |
else
|
| 106 |
cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE/server-chain.crt
|
106 |
cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE/server-chain.crt
|
| 107 |
fi
|
107 |
fi
|
| 108 |
# backup DNSMASQ conf file
|
108 |
# backup DNSMASQ conf file
|
| 109 |
cp /etc/sysconfig/dnsmasq $DIR_UPDATE
|
109 |
cp /etc/sysconfig/dnsmasq $DIR_UPDATE
|
| Line 122... |
Line 122... |
| 122 |
# Retrieve the security certificates (CA and server)
|
122 |
# Retrieve the security certificates (CA and server)
|
| 123 |
cp -f $DIR_UPDATE/alcasar-ca.crt* /etc/pki/CA/ # autosigned & official
|
123 |
cp -f $DIR_UPDATE/alcasar-ca.crt* /etc/pki/CA/ # autosigned & official
|
| 124 |
cp -f $DIR_UPDATE/alcasar-ca.key* /etc/pki/CA/private/ # autosigned & official
|
124 |
cp -f $DIR_UPDATE/alcasar-ca.key* /etc/pki/CA/private/ # autosigned & official
|
| 125 |
cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/
|
125 |
cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/
|
| 126 |
cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/
|
126 |
cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/
|
| 127 |
[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt /etc/pki/tls/certs/
|
127 |
[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt* /etc/pki/tls/certs/ # autosigned and official if exist
|
| - |
|
128 |
if [ -e $DIR_UPDATE/alcasar.crt.old ] && [ -e $DIR_UPDATE/alcasar.key.old ] && [ -e $DIR_UPDATE/server-chain.crt.old ]; then
|
| - |
|
129 |
$DIR_BIN/alcasar-importcert.sh -i $DIR_UPDATE/alcasar.crt -k $DIR_UPDATE/alcasar.key -c $DIR_UPDATE/server-chain.crt
|
| - |
|
130 |
elif [ -e $DIR_UPDATE/alcasar.crt.old ] && [ -e $DIR_UPDATE/alcasar.key.old ]; then
|
| - |
|
131 |
$DIR_BIN/alcasar-importcert.sh -i $DIR_UPDATE/alcasar.crt -k $DIR_UPDATE/alcasar.key
|
| - |
|
132 |
fi
|
| 128 |
chown -R root:apache /etc/pki
|
133 |
chown -R root:apache /etc/pki
|
| 129 |
chmod -R 750 /etc/pki
|
134 |
chmod -R 750 /etc/pki
|
| 130 |
# Import of the users database
|
135 |
# Import of the users database
|
| 131 |
gzip -dc < `ls $DIR_UPDATE/alcasar-users-database*` | mysql -u$DB_USER -p$radiuspwd
|
136 |
gzip -dc < `ls $DIR_UPDATE/alcasar-users-database*` | mysql -u$DB_USER -p$radiuspwd
|
| 132 |
# Retrieve local parameters
|
137 |
# Retrieve local parameters
|