samply
/
bridgehead
mirror of https://github.com/samply/bridgehead.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #100 from samply/checkClockSync 

Check time sync in prereqs
This commit is contained in:
Martin Lablans 2023-07-29 16:05:04 +02:00 committed by GitHub
parent 8046eddfef b7ed90c5c8
commit 708fc41d12
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 32 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
lib/prerequisites.sh
View File

@ -62,6 +62,35 @@ if [ -e /etc/bridgehead/vault.conf ]; then
fi fi
fi fi
log INFO "Checking network access ($BROKER_URL) ..."
source /etc/bridgehead/${PROJECT}.conf
source ${PROJECT}/vars
set +e
SERVERTIME="$(https_proxy=$HTTPS_PROXY_URL curl -m 5 -s -I $BROKER_URL 2>&1)"
RET=$?
set -e
if [ $RET -ne 0 ]; then
log WARN "Unable to connect to Samply.Beam broker at $BROKER_URL. Please check your proxy settings.\nThe currently configured proxy was \"$HTTPS_PROXY_URL\". This error is normal when using proxy authentication."
log WARN "Unable to check clock skew due to previous error."
else
log INFO "Checking clock skew ..."
SERVERTIME=$(echo -e "$SERVERTIME" | grep Date | sed -e 's/< Date: //')
SERVERTIME_AS_TIMESTAMP=$(date --date="$SERVERTIME" +%s)
MYTIME=$(date +%s)
SKEW=$(($SERVERTIME_AS_TIMESTAMP - $MYTIME))
SKEW=$(echo $SKEW | awk -F- '{print $NF}')
SYNCTEXT="For example, consider entering a correct NTP server (e.g. your institution's Active Directory Domain Controller in /etc/systemd/timesyncd.conf (option NTP=) and restart systemd-timesyncd."
if [ $SKEW -ge 300 ]; then
report_error 5 "Your clock is not synchronized (${SKEW}s off). This will cause Samply.Beam's certificate will fail. Please setup time synchronization. $SYNCTEXT"
exit 1
elif [ $SKEW -ge 60 ]; then
log WARN "Your clock is more than a minute off (${SKEW}s). Consider syncing to a time server. $SYNCTEXT"
fi
fi
checkPrivKey() { checkPrivKey() {
if [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then if [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then
log INFO "Success - private key found." log INFO "Success - private key found."
@ -69,8 +98,6 @@ checkPrivKey() {
log ERROR "Unable to find private key at /etc/bridgehead/pki/${SITE_ID}.priv.pem. To fix, please run\n bridgehead enroll ${PROJECT}\nand follow the instructions." log ERROR "Unable to find private key at /etc/bridgehead/pki/${SITE_ID}.priv.pem. To fix, please run\n bridgehead enroll ${PROJECT}\nand follow the instructions."
return 1 return 1
fi fi
log INFO "Success - all prerequisites are met!"
hc_send log "Success - all prerequisites are met!"
return 0 return 0
} }
@ -80,4 +107,7 @@ else
checkPrivKey || exit 1 checkPrivKey || exit 1
fi fi
log INFO "Success - all prerequisites are met!"
hc_send log "Success - all prerequisites are met!"
exit 0 exit 0