Zeige QuelltextÄltere VersionenLinks hierherNach oben Teilen auf ... Twitter LinkedIn Facebook Pinterest Telegram Yammer Reddit Dies ist eine alte Version des Dokuments! Beispiel für Zurück zur Überblickseite (Ein Klick auf den Dateinamen startet den Download) update-sealer.sh #!/bin/bash # https://wiki.shibboleth.net/confluence/display/IDP30/SecretKeyManagement # Pfad zur Java-Installation: export JAVA_HOME=/usr # Debian und Ubuntu mit OpenjDK set -e set -u # Default IDP_HOME if not already set if [ ! -d "${IDP_HOME:=/opt/shibboleth-idp}" ] then echo "ERROR: Directory does not exist: ${IDP_HOME}" >&2 exit 1 fi function get_config { # Key to lookup (escape . for regex lookup) local KEY=${1:?"No key provided to look up value"} # Passed default value local DEFAULT="${2:-}" # Lookup key, strip spaces, replace idp.home with IDP_HOME value local RESULT=$(sed -rn '/^'"${KEY//./\\.}"'\s*=/ { s|^[^=]*=(.*)\s*$|\1|; s|%\{idp\.home\}|'"${IDP_HOME}"'|g; p}' ${IDP_HOME}/conf/idp.properties) # Set if no result with default - exit if no default echo ${RESULT:-${DEFAULT:?"No value in config and no default defined for: '${KEY}'"}} } # Get config values ## Official config items ## storefile=$(get_config idp.sealer.storeResource) versionfile=$(get_config idp.sealer.versionResource) storepass=$(get_config idp.sealer.storePassword) alias=$(get_config idp.sealer.aliasBase secret) ## Extended config items ## count=$(get_config idp.sealer._count 30) # default cannot be empty - so "self" is the default (self is skipped for syncing) sync_hosts=$(get_config idp.sealer._sync_hosts ${HOSTNAME}) # Run the keygen utility ${0%/*}/runclass.sh net.shibboleth.utilities.java.support.security.BasicKeystoreKeyStrategyTool \ --storefile "${storefile}" \ --storepass "${storepass}" \ --versionfile "${versionfile}" \ --alias "${alias}" \ --count "${count}" # Display current version echo "INFO: $(tac "${versionfile}" | tr "\n" " ")" >&1 for EACH in ${sync_hosts} do if [ "${HOSTNAME}" == "${EACH}" ] then echo "INFO: Host '${EACH}' is myself - skipping" >&1 elif ! ping -q -c 1 -W 3 ${EACH} >/dev/null 2>&1 then echo "ERROR: Host '${EACH}' not reachable - skipping" >&2 else # run scp in the background scp "${storefile}" "${versionfile}" "${EACH}:${IDP_HOME}/credentials/" & fi done Quelle: https://wiki.shibboleth.net/confluence/display/IDP30/SecretKeyManagement Zuletzt geändert: vor 3 Jahren Anmelden