Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve cert renew job #303

Merged
merged 1 commit into from
Aug 11, 2023
Merged

Improve cert renew job #303

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
## FIWARE Big Bang v0.31.0-next

- Improve cert renew job (#303)

## FIWARE Big Bang v0.31.0 - 08 August, 2023

- Improve collect.sh script (#300)
Expand Down
28 changes: 14 additions & 14 deletions docs/en/system_administration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,20 +18,20 @@

The following files and directories will be created.

| File or directory | Description |
| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| . | A root directory of FI-BB. It's a directory in which you ran lets-fiware.sh command. |
| ./docker-compose.yml | A config file for docker compose which has the configuration information of FIWARE GEs. |
| ./.env | A file which has environment variables for docker-compose.yml file. |
| ./Makefile | A file for make command. |
| ./config | A directory which has configuration files for running Docker containers. |
| ./config/keyrock/whitelist.txt | A whitelist of email domains for Keyrock. See [Keyrock documentation](https://fiware-idm.readthedocs.io/en/latest/installation_and_administration_guide/configuration/index.html#email-filtering) in detail. |
| ./data | A directory which has persistent data for running Docker containers. |
| /etc/letsencrypt | A directory which has server certificate files. |
| /var/log/fiware | A directory which has log files. |
| /etc/rsyslog.d/10-fiware.conf | A config file for rsyslog. In the case of CentOS, the filename is 'fiware.conf'. |
| /etc/logrotate.d/fiware | A config file for logroate. |
| /etc/cron.d/fiware-big-bang | A config file for cron |
| File or directory | Description |
| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| . | A root directory of FI-BB. It's a directory in which you ran lets-fiware.sh command. |
| ./docker-compose.yml | A config file for docker compose which has the configuration information of FIWARE GEs. |
| ./.env | A file which has environment variables for docker-compose.yml file. |
| ./Makefile | A file for make command. |
| ./config | A directory which has configuration files for running Docker containers. |
| ./config/keyrock/whitelist.txt | A whitelist of email domains for Keyrock. See [Keyrock documentation](https://fiware-idm.readthedocs.io/en/latest/installation_and_administration_guide/configuration/index.html#email-filtering) in detail. |
| ./data | A directory which has persistent data for running Docker containers. |
| /etc/letsencrypt | A directory which has server certificate files. |
| /var/log/fiware | A directory which has log files. |
| /etc/rsyslog.d/10-fiware.conf | A config file for rsyslog. In the case of CentOS, the filename is 'fiware.conf'. |
| /etc/logrotate.d/fiware | A config file for logroate. |
| /etc/cron.daily/fi-bb-cert-renew | A config file for cron |

## Make command for system administration

Expand Down
28 changes: 14 additions & 14 deletions docs/ja/system_administration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,20 +20,20 @@

以下のファイルとディレクトリが作成されます。

| ファイル、または、ディレクトリ | 説明 |
| ------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| . | FIWARE Big Bang のルートディレクトリ。これは、lets-fiware.sh コマンドを実行したディレクトリです。 |
| ./docker-compose.yml | FIWARE GE の構成情報を持つ docker compose 用の構成ファイル。 |
| ./.env | docker-compose.yml ファイルの環境変数を含むファイル。 |
| ./Makefile | make コマンド用のファイル。 |
| ./config | Docker コンテナを実行するための構成ファイルを含むディレクトリ。 |
| ./config/keyrock/whitelist.txt | Keyrock の電子メール・ドメインのホワイトリスト。詳細については、[Keyrock のドキュメント](https://fiware-idm.readthedocs.io/en/latest/installation_and_administration_guide/configuration/index.html#email-filtering) を参照してください。 |
| ./data | Docker コンテナを実行するための永続データを含むディレクトリ。 |
| /etc/letsencrypt | サーバ証明書ファイルがあるディレクトリ。 |
| /var/log/fiware | ログファイルがあるディレクトリ。 |
| /etc/rsyslog.d/10-fiware.conf | rsyslog の構成ファイル。CentOS の場合、ファイル名は 'fiware.conf' です。 |
| /etc/logrotate.d/fiware | logroate の構成ファイル。 |
| /etc/cron.d/fiware-big-bang | cron の設定ファイル |
| ファイル、または、ディレクトリ | 説明 |
| -------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| . | FIWARE Big Bang のルートディレクトリ。これは、lets-fiware.sh コマンドを実行したディレクトリです。 |
| ./docker-compose.yml | FIWARE GE の構成情報を持つ docker compose 用の構成ファイル。 |
| ./.env | docker-compose.yml ファイルの環境変数を含むファイル。 |
| ./Makefile | make コマンド用のファイル。 |
| ./config | Docker コンテナを実行するための構成ファイルを含むディレクトリ。 |
| ./config/keyrock/whitelist.txt | Keyrock の電子メール・ドメインのホワイトリスト。詳細については、[Keyrock のドキュメント](https://fiware-idm.readthedocs.io/en/latest/installation_and_administration_guide/configuration/index.html#email-filtering) を参照してください。 |
| ./data | Docker コンテナを実行するための永続データを含むディレクトリ。 |
| /etc/letsencrypt | サーバ証明書ファイルがあるディレクトリ。 |
| /var/log/fiware | ログファイルがあるディレクトリ。 |
| /etc/rsyslog.d/10-fiware.conf | rsyslog の構成ファイル。CentOS の場合、ファイル名は 'fiware.conf' です。 |
| /etc/logrotate.d/fiware | logroate の構成ファイル。 |
| /etc/cron.daily/fi-bb-cert-renew | cron の設定ファイル |

<a name="make-command-for-system-administration"></a>

Expand Down
23 changes: 5 additions & 18 deletions lets-fiware.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -694,7 +694,7 @@ install_commands_ubuntu() {
echo "\$nrconf{restart} = 'a';" | ${SUDO} tee /etc/needrestart/conf.d/50local.conf > /dev/null
fi
${APT} update
${APT} install -y curl pwgen jq make zip rsyslog host
${APT} install -y curl pwgen jq make zip rsyslog host anacron
}

#
Expand All @@ -714,7 +714,7 @@ install_commands() {
logging_info "${FUNCNAME[0]}"

update=false
for cmd in curl pwgen jq zip host rsyslogd
for cmd in curl pwgen jq zip rsyslogd host anacron
do
if ! type "${cmd}" >/dev/null 2>&1; then
update=true
Expand Down Expand Up @@ -1168,23 +1168,10 @@ setup_cert() {

${DOCKER_COMPOSE} -f docker-cert.yml down

RND=$(od -An -tu1 -N1 /dev/urandom)
HOUR=$(( "${RND}" % 5 ))
RND=$(od -An -tu1 -N1 /dev/urandom)
MINUTE=$(( "${RND}" % 60 ))
CRON_FILE=/etc/cron.daily/fi-bb-cert-renew

CRON_FILE=/etc/cron.d/fiware-big-bang

if [ -e "${CRON_FILE}" ]; then
${SUDO} rm -f "${CRON_FILE}"
fi

CRON_SH="${MINUTE} ${HOUR} \* \* \* root ${PWD}/config/script/renew.sh > /dev/null 2>&1"
${SUDO} sh -c "echo ${CRON_SH} > ${CRON_FILE}"

local msg
msg=$(echo "${CRON_FILE}: $CRON_SH" | sed -e "s/\\\\//g")
logging_info "${msg}"
echo -e "#!/bin/sh\n${PWD}/config/script/renew.sh" | "${SUDO}" tee "${CRON_FILE}"
"${SUDO}" chmod 755 "${CRON_FILE}"
}

#
Expand Down