-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathinstall.sh
More file actions
121 lines (102 loc) · 2.57 KB
/
install.sh
File metadata and controls
121 lines (102 loc) · 2.57 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
#!/bin/bash
function is_url {
regex='(https?)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]'
if [[ $1 =~ $regex ]]; then
return 0
fi
return 1
}
# If user is not root, try sudo
if [[ $EUID -ne 0 ]]; then
sudo -p
fi
# Setup vars
USERNAME=${USER}
GROUPNAME=$(id -gn $USER)
INSTALL=${PWD}
usage="$(basename "$0") [-h] [-u https://certificates.domain.com] -- Install script for uPKI client auto renewal service
where:
-h show this help text
-u set the RA listening url
"
UPKI_URL=''
while getopts ':hu:' option; do
case "$option" in
h) echo "$usage"
exit
;;
u) UPKI_URL=$OPTARG
;;
:) printf "missing argument for -%s\n" "$OPTARG" >&2
echo "$usage" >&2
exit 1
;;
\?) printf "illegal option: -%s\n" "$OPTARG" >&2
echo "$usage" >&2
exit 1
;;
esac
done
shift $((OPTIND - 1))
# Request CA listening ip from user if needed
if [[ -z "$UPKI_URL" ]]; then
read -p "Enter RA url: " UPKI_URL
while ! is_url "$UPKI_URL"
do
read -p "Not a valid URL. Re-enter: " UPKI_URL
done
fi
# Update system & install required apps
echo "[+] Update system"
sudo apt -y update && sudo apt -y upgrade
echo "[+] Install required apps"
sudo apt -y install build-essential libssl-dev libffi-dev python3-dev python3-pip git libnss3-tools
# Install required libs
echo "[+] Install required libs"
pip3 install -r requirements.txt
# Create cli service
echo "[+] Create services"
sudo tee /etc/systemd/system/upki-cli.service > /dev/null <<EOT
[Unit]
Description=µPki Client Renewal service
ConditionACPower=true
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
User=${USERNAME}
Group=${GROUPNAME}
Restart=on-failure
ExecStart=${INSTALL}/client.py --url ${UPKI_URL} renew
[Install]
WantedBy=upki-cli.timer
EOT
# Create Client certificate renewal service timer (every days @ 2:AM)
sudo tee /etc/systemd/system/upki-cli.timer > /dev/null <<EOT
[Unit]
Description=µPki Client certificate renewal service timer
[Timer]
OnBootSec=1min
OnCalendar= *-*-* 02:00:00
RandomizedDelaySec=1hour
Unit=upki-cli.service
Persistent=true
[Install]
WantedBy=timers.target
EOT
# Reload timers
sudo systemctl daemon-reload
echo "Do you wish to activate uPKI client service on boot?"
select yn in "Yes" "No"; do
case $yn in
Yes )
# Start uPKI service
echo "[+] Activate service"
sudo systemctl enable upki-cli.timer
sudo service upki-cli start
break;;
No ) exit;;
esac
done
echo "[+] All done"
echo ""