2024-03-24 14:45:30 +01:00
|
|
|
.\" Generated by scdoc 1.11.2
|
2022-04-24 11:44:20 +02:00
|
|
|
.\" Complete documentation for this program is not available as a GNU info page
|
|
|
|
.ie \n(.g .ds Aq \(aq
|
|
|
|
.el .ds Aq '
|
|
|
|
.nh
|
|
|
|
.ad l
|
|
|
|
.\" Begin generated content:
|
2024-03-24 14:45:30 +01:00
|
|
|
.TH "INFRA" "7" "2024-03-21" "Infrastructure Baguette" "Manuel de l'infra de Baguette"
|
2022-04-24 11:44:20 +02:00
|
|
|
.P
|
|
|
|
.SH Liste des machines à toucher lors d'une mise à jour des certificats
|
|
|
|
.P
|
|
|
|
.P
|
|
|
|
.TS
|
|
|
|
allbox;c c c
|
|
|
|
c c c
|
|
|
|
c c c.
|
|
|
|
T{
|
|
|
|
\fBMachine\fR
|
|
|
|
T} T{
|
|
|
|
\fISystème\fR
|
|
|
|
T} T{
|
|
|
|
\fIApplications nécessitant des certificats
|
|
|
|
T}
|
|
|
|
T{
|
|
|
|
team
|
|
|
|
T} T{
|
|
|
|
OpenBSD
|
|
|
|
T} T{
|
|
|
|
smptd
|
|
|
|
T}
|
|
|
|
T{
|
|
|
|
alpha
|
|
|
|
T} T{
|
|
|
|
Alpine
|
|
|
|
T} T{
|
|
|
|
nginx
|
|
|
|
T}
|
|
|
|
.TE
|
|
|
|
.sp 1
|
|
|
|
\fRLa machine \fBteam\fR gère les certificats avec \fIacme-client\fR.\&
|
|
|
|
.P
|
|
|
|
.SH Certificats gérés
|
|
|
|
.P
|
|
|
|
.RS 4
|
|
|
|
.ie n \{\
|
|
|
|
\h'-04'\(bu\h'+03'\c
|
|
|
|
.\}
|
|
|
|
.el \{\
|
|
|
|
.IP \(bu 4
|
|
|
|
.\}
|
|
|
|
\fI*.\&baguette.\&netlib.\&re\fR
|
|
|
|
|
|
|
|
.RE
|
|
|
|
.P
|
|
|
|
.SH Comment mettre à jour
|
|
|
|
.P
|
2022-12-17 04:53:02 +01:00
|
|
|
Script \fBmaj-certificats.\&sh\fR
|
|
|
|
.P
|
|
|
|
.SS Ce que le script fait
|
|
|
|
.P
|
2022-04-24 11:44:20 +02:00
|
|
|
Si les machines \fIteam\fR et \fIalpha\fR sont dans le \fB.\&ssh/config\fR, un copier/coller fonctionne.\&
|
|
|
|
.P
|
|
|
|
.nf
|
|
|
|
.RS 4
|
|
|
|
ssh team acme-client baguette\&.netlib\&.re
|
|
|
|
NOW=`date "+%Y-%m-%d_%H-%M-%S"`
|
|
|
|
ssh team tar czvf crypto-$NOW\&.tar\&.gz /etc/ssl/bag* /etc/ssl/private/b*
|
|
|
|
scp team:crypto-$NOW\&.tar\&.gz \&.
|
|
|
|
scp crypto-$NOW\&.tar\&.gz alpha:/
|
|
|
|
ssh alpha "cd / && tar xf crypto-$NOW\&.tar\&.gz"
|
|
|
|
ssh alpha "rm /crypto-$NOW\&.tar\&.gz"
|
|
|
|
ssh alpha "pkill -1 nginx" # TODO: réparer le lancement de nginx
|
|
|
|
ssh team "rcctl restart smtpd"
|
|
|
|
ssh team "rcctl restart dovecot"
|
|
|
|
.fi
|
|
|
|
.RE
|