Commit 26e7f8ba authored by Cédric BRINER's avatar Cédric BRINER Committed by Cédric BRINER
Browse files

ecp again

parent 031e214c
vérfication de la bonne santé de tungsten
vérification de la bonne synchronicité
systemctl stop tomcat7
systemctl disable tomcat7
mysql dump
systemctl stop mysql
systemctl stop treplicator
bloquer par iptables
apt update
apt dist-upgrade
init 6
idp-tools tungsten-watch-sync luniidptst5
......@@ -1237,25 +1237,35 @@ EOF
#
echo -e "\e[34mAPACHE\e[0m"
echo -e "\e[34m------\e[0m"
# extract ldap user/pass, ldap_url_here, ldap_url_remote
echo -e " \e[34m- extract ldap user/pass, ldap_url_here, ldap_url_remote\e[0m: "
ldap_user='"'$(ssh root@${h} \
"grep -P 'idp.authn.LDAP.bindDN[\s|=]' /opt/shibboleth-idp/conf/unige.instance.properties.${h} \
| sed -E 's|^idp.authn.LDAP.bindDN\s*=\s*(\S.*+)$|\1|'")'"'
ldap_password='"'$(ssh root@${h} \
"grep idp.authn.LDAP.bindDNCredential /opt/shibboleth-idp/conf/unige.instance.properties.${h} \
| sed -E 's|^idp.authn.LDAP.bindDNCredential\s*=\s*(\S+)\s*$|\1|'")'"'
ldap_url_here=$(grep idp.authn.LDAP.ldapURL /opt/shibboleth-idp/conf/unige.environment.properties \
| sed -E 's|^idp.authn.LDAP.ldapURL\s*=\s*(\S+)\s*$|\1|' \
| cut -d ":" -f2)
ldap_url_remote=$(ssh root@${h} \
"grep idp.authn.LDAP.ldapURL /opt/shibboleth-idp/conf/unige.environment.properties" \
| sed -E 's|^idp.authn.LDAP.ldapURL\s*=\s*(\S+)\s*$|\1|' \
| cut -d ":" -f2)
# idp.conf
echo -e " \e[34m- rysnc idp.conf\e[0m"
if test "${is_on_same_group}" = "True"
then
rsync -av \
--force --delete \
/etc/apache2/sites-available/ root@${h}:/etc/apache2/sites-available/ \
| indent 5
else
rsync -av \
rsync -av \
--force --delete \
--exclude="idp-*" \
/etc/apache2/sites-available/ root@${h}:/etc/apache2/sites-available/ \
| indent 5
cat /etc/apache2/sites-available/idp-lab.unige.ch.conf \
| sed "s|idp-lab|${lb_service_name}|" \
| sed "s|ServerAlias .*|ServerAlias ${lb_2nd_service_name}.unige.ch|" \
| ssh root@${h} "cat - > /etc/apache2/sites-available/${lb_service_name}.unige.ch.conf ;"
fi
cat /etc/apache2/sites-available/idp-lab.unige.ch.conf \
| sed "s|idp-lab|${lb_service_name}|" \
| sed "s|ServerAlias .*|ServerAlias ${lb_2nd_service_name}.unige.ch|" \
| sed -E "s|(\s*AuthLDAPBindDN\s+)(.*)\$|\1$ldap_user|" \
| sed -E "s|(\s*AuthLDAPBindPassword\s+)(.*)\$|\1$ldap_password|" \
| sed "s|${ldap_url_here}|${ldap_url_remote}|" \
| ssh root@${h} "cat - > /etc/apache2/sites-available/${lb_service_name}.unige.ch.conf ;"
# copy ssl key
ssl_pub_path="/etc/ssl/certs/${lb_service_name}.unige.ch.pem"
ssl_priv_path="/etc/ssl/private/${lb_service_name}.unige.ch.key"
......@@ -1373,16 +1383,12 @@ EOF
done
# configure ldap.conf
echo -e " \e[34m- configure ldap.conf by extracting data from unige.instance.properties.${h}\e[0m"
ldap_user='"'$(ssh root@${h} \
"grep -P 'idp.authn.LDAP.bindDN[\s|=]' /opt/shibboleth-idp/conf/unige.instance.properties.${h} \
| sed -E 's|^idp.authn.LDAP.bindDN\s*=\s*(\S.*+)$|\1|'")'"'
ldap_password='"'$(ssh root@${h} \
"grep idp.authn.LDAP.bindDNCredential /opt/shibboleth-idp/conf/unige.instance.properties.${h} \
| sed -E 's|^idp.authn.LDAP.bindDNCredential\s*=\s*(\S+)\s*$|\1|'")'"'
cat /etc/apache2/mods-available/ldap.conf \
| sed -E "s|(\s*AuthLDAPBindDN\s+)(.*)\$|\1$ldap_user|" \
| sed -E "s|(\s*AuthLDAPBindPassword\s+)(.*)\$|\1$ldap_password|" \
| sed "s|${ldap_url_here}|${ldap_url_remote}|" \
| ssh root@${h} " cat - > /etc/apache2/mods-available/ldap.conf"
# disable/enable site
echo -e " \e[34m- enable site\e[0m"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment