From fa496d25c52019a18662b89303702ae032aeeea2 Mon Sep 17 00:00:00 2001 From: toby Date: Tue, 9 Apr 2019 23:26:37 +0000 Subject: [PATCH] making sure the new cert is tried to be pulled over the mgmt vrf since it doesn't have connectivity on the frontend without a cert --- .drone.yml | 4 ++-- debian/wit-network-config.postinst | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.drone.yml b/.drone.yml index 6596a99..12241c4 100644 --- a/.drone.yml +++ b/.drone.yml @@ -6,8 +6,8 @@ pipeline: - DEBNAME=wit-network-config commands: - echo Building ${DRONE_BRANCH/master/experimental} - - apt-get update - - apt-get install -y sed strongswan frr isc-dhcp-client systemd + - sudo apt-get update + - sudo apt-get install -y sed strongswan frr isc-dhcp-client systemd - echo "${DEBNAME} (2.0.$(TZ=UTC date +%Y.%m.%d.%H.%M)) unstable; urgency=low\n\n$(git log --format=" * %s")\n\n -- wit $(TZ=UTC date -R)" >debian/changelog - dpkg-buildpackage --no-sign - ls -lha ../${DEBNAME}_*_all.deb diff --git a/debian/wit-network-config.postinst b/debian/wit-network-config.postinst index 9be48e4..b8631d3 100755 --- a/debian/wit-network-config.postinst +++ b/debian/wit-network-config.postinst @@ -398,7 +398,7 @@ case "$1" in SHELL=/bin/bash PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin - * * * * * root curl --fail -so ${CRTFILE} ${CACURLURL}/certs/${CRTFILE##*/} 2>/dev/null && diff -s <(pki --keyid --type priv --in ${KEYFILE} 2>/dev/null) <(pki --keyid --type x509 --in ${CRTFILE} 2>/dev/null) >/dev/null && ipsec rereadall && ipsec rereadsecrets && ipsec purgecerts && ipsec purgecrls && ipsec reload && rm -f /etc/cron.d/wit-net-config-pull-signed-cert + * * * * * root ip vrf exec mgmt curl --fail -so ${CRTFILE} ${CACURLURL}/certs/${CRTFILE##*/} 2>/dev/null && diff -s <(pki --keyid --type priv --in ${KEYFILE} 2>/dev/null) <(pki --keyid --type x509 --in ${CRTFILE} 2>/dev/null) >/dev/null && ipsec rereadall && ipsec rereadsecrets && ipsec purgecerts && ipsec purgecrls && ipsec reload && rm -f /etc/cron.d/wit-net-config-pull-signed-cert ## self delete after successfully pulling cert EOF