add initial session ticket key synchronization

2025-11-24 16:53:07 -05:00 · 2025-10-30 14:12:24 -04:00 · 2025-10-30 14:12:24 -04:00 · 9fde84c877
commit 9fde84c877
parent f9430a1aeb
7 changed files with 121 additions and 1 deletions
--- a/44
+++ b/44
@ -0,0 +1,44 @@
+#!/bin/bash
+
+set -o errexit -o nounset -o pipefail
+
+status=0
+
+cd /etc/session-ticket-keys
+
+if [[ ! -f syncing ]]; then
+    for mirror in $(cat /etc/mirrors); do
+        echo
+        echo Syncing from $mirror
+        echo
+
+        ssh $mirror "bash -c [[ -f /etc/session-ticket-keys/synced ]]" || continue
+
+        rm -rf sync
+        mkdir sync
+        rsync -aI $mirror:/etc/session-ticket-keys/{{next,1,2,3,4}.key,keys} sync/ || continue
+        rsync -aIv sync/{{next,1,2,3,4}.key,keys} . || continue
+        rm -r sync
+
+        if systemctl is-active --quiet nginx.service; then
+            nginx -s reload || true
+        fi
+
+        if systemctl is-active --quiet dnsdist.service; then
+            dnsdist -c -e 'reloadAllCertificates()' || true
+        fi
+
+        touch syncing
+        break
+    done
+fi
+
+for mirror in $(cat /etc/mirrors); do
+    echo
+    echo Syncing to $mirror
+    echo
+
+    ssh $mirror "rm -rf /etc/session-ticket-keys/sync && mkdir /etc/session-ticket-keys/sync" || continue
+    rsync -aI {{next,1,2,3,4}.key,keys} $mirror:/etc/session-ticket-keys/sync || continue
+    ssh $mirror session-ticket-keys-sync-deploy || continue
+done