Replies: 1 comment
-
|
Hi! Thanks for the suggestion, I've created issue #2158 from your question. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I use bacula to backup all the virtual machines in my home lab. I've had TLS running with all the bacula services for years, using a CA created by hand using
openssl. I'm now migrating to step ca so I can more easily automate renewals. My bacula config uses 3 different certificates, with various combinations of these certificates used by 3 different bacula daemons.I'm using a cron job to run a script to renew my certificates. The script uses
step ca renewto attempt renewal of each of the 3 certificates. I need logic in my script to decide which daemons to restart depending on which of the certificates have been renewed. Because of the particulars of this use case, I would like to avoid using--execso I don't have to restart these daemons multiple times.With all that context, here's my question/idea. I want
step ca renewto return a shell exit code of 0 if the certificate is renewed, a shell exit code of 1 if it isn't, and a shell exit code of 2 of there is a command line argument parsing problem. Right now,step ca renewreturns an exit code of 0 whether the cert was renewed or not. As a result, I can only think of two ways to tell whetherstep ca renewhas successfully renewed the certificate:step ca renew, and hash it again after, if the hash isn't the same, then the cert has been renewedstep ca renewto figure out if it thinks it has written a new certificateBoth of them are possible, but a little janky. If
step ca renewreturned a different exit code on renewal or non-renewal, then you could write something like:which is really convenient. It also let's me do this in a script:
Beta Was this translation helpful? Give feedback.
All reactions