api_update_stuff.sh.j2

#!/bin/bash

{% if 'cert_user' in group_names %}
check_rsync() {
	if [ ! -x /usr/bin/rsync ]; then
		echo KO: rsync command not found
		return 1
	fi
	return 0
}
{% endif %}

{% if 'monitor' in group_names %}
check_nagios4() {
	if [ ! -x /usr/sbin/nagios4 ]; then
		echo KO: nagios4 command not found
		return 1
	fi
	if ! /usr/sbin/nagios4 -v /etc/nagios4/nagios.cfg; then
		echo KO: nagios configuration is broken
		return 1
	fi
	return 0
}
{% endif %}

if [ "$1" = "check" ]; then
	valid='yes'
{% if 'cert_user' in group_names %}
	check_rsync || valid='no'
{% endif %}
{% if 'monitor' in group_names %}
	check_nagios4 || valid='no'
{% endif %}
	if [ "$valid" == "no" ]; then
		echo KO: something wrong
		exit 1
	else
		echo OK
		exit 0
	fi
fi

{% if 'cert_manager' not in group_names %}
/usr/bin/rsync -av {{ hostvars[groups['cert_manager'].0].priv_fqdn }}::certs /opt/certs/
{% endif %}

{% if 'monitor' in group_names %}
# Check the nagios config
if /usr/sbin/nagios4 -v /etc/nagios4/nagios.cfg; then
	service nagios4 reload
else
	echo "Nagios configuration is broken"
	exit 1
fi
{% endif %}

service nginx reload

{% if 'imap_master' in group_names %}
service dovecot reload
{% endif %}

{% if 'smtp' in group_names %}
if [ /opt/certs/config/postfix/certs-api -nt /opt/certs/config/postfix/certs-api.db ]; then
	# -o : do not drop root privileges, required to be able to read the private keys.
	postmap -o -F /opt/certs/config/postfix/certs-api
	service postfix reload
fi
{% endif %}