Merge pull request #4 from utilitywarehouse/ca-renewal

CA cert renewal
utilitywarehouse · Sep 28, 2017 · 55a588d · 55a588d
2 parents 17bf773 + e2864d9
commit 55a588d
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/cfssl.tf b/cfssl.tf
@@ -137,6 +137,13 @@ data "ignition_systemd_unit" "cfssl-nginx" {
   content = "${data.template_file.cfssl-nginx.rendered}"
 }
 
+module "cfssl-restarter" {
+  source = "./systemd_service_restarter"
+
+  service_name = "cfssl"
+  on_calendar  = "*-*-* 00:00:00"
+}
+
 data "ignition_config" "cfssl" {
   files = [
     "${data.ignition_file.cfssl.id}",
@@ -154,6 +161,7 @@ data "ignition_config" "cfssl" {
         "${data.ignition_systemd_unit.cfssl.id}",
         "${data.ignition_systemd_unit.cfssl-nginx.id}",
     ),
+    module.cfssl-restarter.systemd_units,
     module.cfssl-disk-mounter.systemd_units,
   )}"]
 }
diff --git a/resources/cfssl-init-ca.sh b/resources/cfssl-init-ca.sh
@@ -8,7 +8,7 @@ if [ ! -f "${_args}" ]; then
 fi
 
 if [ -f ca.pem ] && [ -f ca-key.pem ]; then
-    [ "$(/opt/bin/cfssl certinfo -cert=ca.pem | jq -r '.not_after')" \< "$(date +%Y-%m-%dT%H:%M:%IZ)" ] \
+    (( "$(date +%s)" >= "$(date -d "$(/opt/bin/cfssl certinfo -cert=/var/lib/cfssl/ca.pem | jq -r '.not_after')" +%s)" - 7 * 24 * 3600 )) \
         &&  /opt/bin/cfssl gencert\
             -renewca \
             -ca=ca.pem \