Zeige QuelltextÄltere VersionenLinks hierherNach oben Letzte ÄnderungeneMail versendenDruckenPermalink × Dies ist eine alte Version des Dokuments! Beispiel für Zurück zur Überblickseite (Ein Klick auf den Dateinamen startet den Download) update-sealer.sh #!/bin/bash # https://wiki.shibboleth.net/confluence/display/IDP30/SecretKeyManagement # Pfad zur Java-Installation: export JAVA_HOME=/usr # Debian und Ubuntu mit OpenjDK set -e set -u # Default IDP_HOME if not already set if [ ! -d "${IDP_HOME:=/opt/shibboleth-idp}" ] then echo "ERROR: Directory does not exist: ${IDP_HOME}" >&2 exit 1 fi function get_config { # Key to lookup (escape . for regex lookup) local KEY=${1:?"No key provided to look up value"} # Passed default value local DEFAULT="${2:-}" # Lookup key, strip spaces, replace idp.home with IDP_HOME value local RESULT=$(sed -rn '/^'"${KEY//./\\.}"'\s*=/ { s|^[^=]*=(.*)\s*$|\1|; s|%\{idp\.home\}|'"${IDP_HOME}"'|g; p}' ${IDP_HOME}/conf/idp.properties) # Set if no result with default - exit if no default echo ${RESULT:-${DEFAULT:?"No value in config and no default defined for: '${KEY}'"}} } # Get config values ## Official config items ## storefile=$(get_config idp.sealer.storeResource) versionfile=$(get_config idp.sealer.versionResource) storepass=$(get_config idp.sealer.storePassword) alias=$(get_config idp.sealer.aliasBase secret) ## Extended config items ## count=$(get_config idp.sealer._count 30) # default cannot be empty - so "self" is the default (self is skipped for syncing) sync_hosts=$(get_config idp.sealer._sync_hosts ${HOSTNAME}) # Run the keygen utility ${0%/*}/runclass.sh net.shibboleth.utilities.java.support.security.BasicKeystoreKeyStrategyTool \ --storefile "${storefile}" \ --storepass "${storepass}" \ --versionfile "${versionfile}" \ --alias "${alias}" \ --count "${count}" # Display current version echo "INFO: $(tac "${versionfile}" | tr "\n" " ")" >&1 for EACH in ${sync_hosts} do if [ "${HOSTNAME}" == "${EACH}" ] then echo "INFO: Host '${EACH}' is myself - skipping" >&1 elif ! ping -q -c 1 -W 3 ${EACH} >/dev/null 2>&1 then echo "ERROR: Host '${EACH}' not reachable - skipping" >&2 else # run scp in the background scp "${storefile}" "${versionfile}" "${EACH}:${IDP_HOME}/credentials/" & fi done Quelle: https://wiki.shibboleth.net/confluence/display/IDP30/SecretKeyManagement Zuletzt geändert: vor 3 Jahren Anmelden