Install certs for Vecton in the TH rotation script

ooni · Jun 30, 2023 · c9f5d7f · c9f5d7f
1 parent 4eb645b
commit c9f5d7f
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 0 deletions.
diff --git a/analysis/debian/changelog b/analysis/debian/changelog
@@ -1,3 +1,9 @@
+analysis (1.10) unstable; urgency=medium
+
+  * Install certs for Vecton in the TH rotation script
+
+ -- Federico Ceratto <[email protected]>  Fri, 30 Jun 2023 13:26:16 +0100
+
 analysis (1.9) unstable; urgency=medium
 
   * Rotation tool: cleanup multiple droplets if needed

diff --git a/analysis/rotation.py b/analysis/rotation.py
@@ -423,6 +423,12 @@ def ssh_restart_netdata(host: str) -> None:
     ssh_restart_service(host, "netdata")
 
 
+@metrics.timer("ssh_restart_vector")
+@retry
+def ssh_restart_vector(host: str) -> None:
+    ssh_restart_service(host, "vector.service")
+
+
 @metrics.timer("ssh_wait_droplet_warmup")
 def ssh_wait_droplet_warmup(ipaddr: str) -> None:
     cmd = ssh_cmd_base + [
@@ -521,6 +527,19 @@ def setup_nginx(host: str, zone: str) -> None:
     ssh_restart_netdata(host)
 
 
+@metrics.timer("setup_vector")
+def setup_vector(host: str) -> None:
+    """Deploy TLS certificates, configure Vector and [re]start it."""
+    fns = [
+        "/etc/vector/oonicacert.pem",
+        "/etc/vector/node-cert.pem",
+        "/etc/vector/node.key",
+    ]
+    for fn in fns:
+        scp_file(fn, host, fn)
+    ssh_restart_vector(host)
+
+
 def assign_rdn(click, dns_zone: str, wanted_droplet_num: int) -> str:
     q = """SELECT rdn FROM test_helper_instances
         FINAL
@@ -635,6 +654,7 @@ def main() -> None:
 
     create_le_do_ssl_cert(dns_zone)
     setup_nginx(f"root@{new_droplet.ip_address}", dns_zone)
+    setup_vector(f"root@{new_droplet.ip_address}")
     end_to_end_test(new_droplet.ip_address, f"{rdn}.{dns_zone}")
 
     # Update DNS A/AAAA records only when a new droplet is deployed