making sure the new cert is tried to be pulled over the mgmt vrf since it doesn't have connectivity on the frontend without a cert
This commit is contained in:
toby
parent
a000b9e2de
commit
fa496d25c5
|
|
@ -6,8 +6,8 @@ pipeline:
|
|||
- DEBNAME=wit-network-config
|
||||
commands:
|
||||
- echo Building ${DRONE_BRANCH/master/experimental}
|
||||
- apt-get update
|
||||
- apt-get install -y sed strongswan frr isc-dhcp-client systemd
|
||||
- sudo apt-get update
|
||||
- sudo apt-get install -y sed strongswan frr isc-dhcp-client systemd
|
||||
- echo "${DEBNAME} (2.0.$(TZ=UTC date +%Y.%m.%d.%H.%M)) unstable; urgency=low\n\n$(git log --format=" * %s")\n\n -- wit <netops@wit.com> $(TZ=UTC date -R)" >debian/changelog
|
||||
- dpkg-buildpackage --no-sign
|
||||
- ls -lha ../${DEBNAME}_*_all.deb
|
||||
|
|
|
|||
|
|
@ -398,7 +398,7 @@ case "$1" in
|
|||
SHELL=/bin/bash
|
||||
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||
|
||||
* * * * * root curl --fail -so ${CRTFILE} ${CACURLURL}/certs/${CRTFILE##*/} 2>/dev/null && diff -s <(pki --keyid --type priv --in ${KEYFILE} 2>/dev/null) <(pki --keyid --type x509 --in ${CRTFILE} 2>/dev/null) >/dev/null && ipsec rereadall && ipsec rereadsecrets && ipsec purgecerts && ipsec purgecrls && ipsec reload && rm -f /etc/cron.d/wit-net-config-pull-signed-cert
|
||||
* * * * * root ip vrf exec mgmt curl --fail -so ${CRTFILE} ${CACURLURL}/certs/${CRTFILE##*/} 2>/dev/null && diff -s <(pki --keyid --type priv --in ${KEYFILE} 2>/dev/null) <(pki --keyid --type x509 --in ${CRTFILE} 2>/dev/null) >/dev/null && ipsec rereadall && ipsec rereadsecrets && ipsec purgecerts && ipsec purgecrls && ipsec reload && rm -f /etc/cron.d/wit-net-config-pull-signed-cert
|
||||
## self delete after successfully pulling cert
|
||||
EOF
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue