roles/apps/mumble/templates/acmetool-reload.sh.j2


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

#!/bin/sh
set -e
EVENT_NAME="$1"
[ "$EVENT_NAME" = "live-updated" ] || exit 42

MAIN_HOSTNAME="{{ mumble_hostnames[0] }}"
SSL_D="{{ mumble_base_path }}/{{ mumble_instance }}/config/ssl"

while read name; do
  certdir="$ACME_STATE_DIR/live/$name"
  if [ -z "$name" -o ! -e "$certdir" ]; then
    continue
  fi
  if [ "$name" != "$MAIN_HOSTNAME" ]; then
    continue
  fi

  install -m 0644 -o root -g mumble "$certdir/fullchain" "$SSL_D/cert.pem"
  install -m 0640 -o root -g mumble "$certdir/privkey" "$SSL_D/privkey.pem"

  pod_id=$(crictl pods -q --state ready --name "^mumble-{{ mumble_instance }}-{{ ansible_nodename }}$")
  [ -n "$pod_id" ] || exit 42
  container_id=$(crictl ps -q --name '^mumble$' -p "$pod_id")
  [ -n "$container_id" ] || exit 42
  crictl exec "$container_id" kill -USR1 1

  break
done