path: root/shib_secondary/remote/copy-current-config.sh

#!/bin/bash

set -e

mkdir -p /opt/bwlp/tmp/files
chmod 0700 /opt/bwlp/tmp

aestgz="/opt/bwlp/tmp/tgz.aes"
tgz="/opt/bwlp/tmp/archive.tgz"

# Get

if ! curl -sS -L -m 60 --connect-timeout 20 --retry-max-time 300 -o "$aestgz" \
		"https://%DOMAIN%/slave-config.aes"; then
	echo "Cannot download masterserver config"
	exit 1
fi

. /opt/bwlp/config

ENCPW="$SHARED_SECRET" openssl enc -d -aes-256-cbc -pbkdf2 -pass "env:ENCPW" \
		-in "$aestgz" -out "$tgz"

# Extract
tar -C /opt/bwlp/tmp/files -x -z -f "$tgz"
cd /opt/bwlp/tmp/files

# Check/update

changed() {
	local i
	for i in "$@"; do
		[ -f "/${i#/}" ] || return 0
		cmp "${i#/}" "/${i#/}" || return 0
	done
	return 1
}

schema_changed=
data_changed=
restart_apache=
restart_master=
restart_shibd=
if changed "opt/bwlp/db-schema.sql"; then
	schema_changed=1
fi
if changed "opt/bwlp/db-data.sql"; then
	data_changed=1
fi

if changed "opt/bwlp/ssl/live/ssl-cert/cert.pem" "opt/bwlp/ssl/live/ssl-cert/privkey.pem"; then
	restart_apache=1
fi

if changed "home/bwlp/server/server.jar" "home/bwlp/server/config/masterserver.jks"; then
	restart_master=1
fi

if changed "etc/shibboleth/shibboleth2.xml" "etc/shibboleth/dfn-aai.pem" "etc/shibboleth/attribute-map.xml"; then
	restart_shibd=1
fi

# Copy to FS - *AFTER* checking for changes

rsync -av . /

# Now restart services - *AFTER* copying files

if [ -n "$schema_changed" ]; then
	mysql bwlp < /opt/bwlp/db-schema.sql
fi
if [ -n "$schema_changed" ] || [ -n "$data_changed" ]; then
	mysql bwlp < /opt/bwlp/db-data.sql
fi

if [ -n "$restart_apache" ]; then
	systemctl --no-block restart apache2.service
fi
if [ -n "$restart_master" ]; then
	systemctl --no-block try-restart bwlp-master.service
fi
if [ -n "$restart_shibd" ]; then
	systemctl --no-block restart shibd.service
fi

: