Replies: 1 comment
-
|
Hi! Thanks for the suggestion, I've created issue #2158 from your question. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I use bacula to backup all the virtual machines in my home lab. I've had TLS running with all the bacula services for years, using a CA created by hand using
openssl. I'm now migrating to step ca so I can more easily automate renewals. My bacula config uses 3 different certificates, with various combinations of these certificates used by 3 different bacula daemons.I'm using a cron job to run a script to renew my certificates. The script uses
step ca renewto attempt renewal of each of the 3 certificates. I need logic in my script to decide which daemons to restart depending on which of the certificates have been renewed. Because of the particulars of this use case, I would like to avoid using--execso I don't have to restart these daemons multiple times.With all that context, here's my question/idea. I want
step ca renewto return a shell exit code of 0 if the certificate is renewed, a shell exit code of 1 if it isn't, and a shell exit code of 2 of there is a command line argument parsing problem. Right now,step ca renewreturns an exit code of 0 whether the cert was renewed or not. As a result, I can only think of two ways to tell whetherstep ca renewhas successfully renewed the certificate:step ca renew, and hash it again after, if the hash isn't the same, then the cert has been renewedstep ca renewto figure out if it thinks it has written a new certificateBoth of them are possible, but a little janky. If
step ca renewreturned a different exit code on renewal or non-renewal, then you could write something like:which is really convenient. It also let's me do this in a script:
Beta Was this translation helpful? Give feedback.
All reactions