forked from TrueCloudLab/certificates
Two small systemd changes
1. Don't halt the cert renewer service from ExecStartPost ops if a relying service doesn't exist; halt it if the relying service exists and doesn't restart properly. 2. Use /bin/env bash instead of /bin/bash for portability.
This commit is contained in:
parent
6861202762
commit
2c09baf696
1 changed files with 3 additions and 2 deletions
|
@ -15,7 +15,7 @@ Environment=STEPPATH=/etc/step-ca \
|
|||
; ExecStartPre checks if the certificate is ready for renewal,
|
||||
; based on the exit status of the command.
|
||||
; (In systemd 243 and above, you can use ExecCondition= here.)
|
||||
ExecStartPre=/usr/bin/bash -c \
|
||||
ExecStartPre=/usr/bin/env bash -c \
|
||||
'step certificate inspect $CERT_LOCATION --format json --roots "$STEPPATH/certs/root_ca.crt" | \
|
||||
jq -e "(((.validity.start | fromdate) + \
|
||||
((.validity.end | fromdate) - (.validity.start | fromdate)) * 0.66) \
|
||||
|
@ -25,7 +25,8 @@ ExecStartPre=/usr/bin/bash -c \
|
|||
ExecStart=/usr/bin/step ca renew --force $CERT_LOCATION $KEY_LOCATION
|
||||
|
||||
; Try to reload or restart the systemd service that relies on this cert-renewer
|
||||
ExecStartPost=/usr/bin/bash -c 'systemctl --quiet is-enabled %i && systemctl try-reload-or-restart %i'
|
||||
; If the relying service doesn't exist, forge ahead.
|
||||
ExecStartPost=/usr/bin/env bash -c 'if ! systemctl --quiet is-enabled %i.service ; then exit 0; fi; systemctl try-reload-or-restart %i'
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
Loading…
Reference in a new issue