Home Explore Help
Sign In
iru
/
letsencrypt
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Перевод renewal в jenkins. See Redmine 110155

tomishinets.v 6 years ago
parent
d34fdcbf9d
commit
3a05c8d5e2
2 changed files with 65 additions and 14 deletions
Unified View Show Diff Stats
  1. 44 0
      err_trap
  2. 21 14
      renewal.sh

+ 44 - 0
err_trap
View File 

@@ -0,0 +1,44 @@
 
+# Set mode: e - exit on any error, x - write all commands to log
 
+#set -e
 
+
 
+# Address of admin
 
+__TMP__=${ADM_MAIL:=admin@sdsys.ru}
 
+# Create temp file for logging
 
+__TMP__=${LOG_FILE:=$(mktemp)}
 
+# Error mail subject
 
+__TMP__=${ERR_SUBJ="Error on "$1}
 
+
 
+exec 2>&1
 
+exec &> >(tee -a "$LOG_FILE")
 
+
 
+
 
+function __cleanup()
 
+{
 
+    if [[ $LOG_FILE == /tmp/tmp.* ]]; then
 
+	rm -f $LOG_FILE
 
+    fi
 
+}
 
+function __error_report()
 
+{
 
+      err_h="======================== Trap Handler =========================================="
 
+      MYSELF="$0"              # equals to my script name
 
+      LASTLINE="$1"            # argument 1: last line of error occurence
 
+      LASTERR="$2"             # argument 2: error code of last command
 
+      echo "${MYSELF}: line ${LASTLINE}: exit status of last command: ${LASTERR}"
 
+
 
+      # do additional processing: send email
 
+          cat $LOG_FILE|mail -s "$ERR_SUBJ" \
 
+                -S smtp=${SMTP_SERVER} \
 
+                -S smtp-use-starttls \
 
+                -S smtp-auth=login \
 
+                -S ssl-verify=ignore \
 
+                -S smtp-auth-user=${JENKINS_MAIL_USER} \
 
+                -S smtp-auth-password=$(cat /run/secrets/jenkins-mail-pass) \
 
+                -S nss-config-dir=/etc/pki/nssdb \
 
+                -S from=${JENKINS_MAIL_USER} \
 
+                -a ${LOG_FILE} \
 
+                ${RECIPIENT_MAIL_BOX}
 
+}
 
+trap '__cleanup' SIGHUP SIGINT SIGTERM EXIT
 
+trap '__error_report ${LINENO} ${?}' ERR
 
+err_h="======================== Trap Handler =========================================="

+ 21 - 14
renewal.sh
View File 

@@ -1,16 +1,23 @@
 
 #!/bin/bash
 
 #!/bin/bash
 
 
 
-git_dir="pki"
 
-branch="master"
 
-log_file="/var/log/letsencrypt/letsencrypt.log"
 
-message_file="/var/log/letsencrypt/letsencrypt_out.log"
 
+set -e
 
+
 
+ERR_SUBJ='Error during renewal certs and keys!!!'
 
+LOG_FILE=/var/log/letsencrypt/renewal-$(date +%Y-%m-%d).log
 
+branch=master
 
+git_dir=pki
 
+
 
+
 
+. /tmp/err_trap
 
+
 
 #git_url="git.sdsys.ru/sdsys/pki.git"
 
 #git_url="git.sdsys.ru/sdsys/pki.git"
 
 
 
 if [[ -z ${CERT_SUBDIR} ]];then echo "variable CERT_SUBDIR doesn't set"; exit 1;fi
 
 if [[ -z ${CERT_SUBDIR} ]];then echo "variable CERT_SUBDIR doesn't set"; exit 1;fi
 
 [[ ${CERT_SUBDIR} == "dev_iru" ]] && exit 0
 
 [[ ${CERT_SUBDIR} == "dev_iru" ]] && exit 0
 
 
 
+
 
 mail_send() {
 
 mail_send() {
 
-                echo "$1"|mail -s "Attention! Certificate status!" \
 
+                echo "$1"|mail -s "Attention! Certificate renewal status!" \
 
                 -S smtp=${SMTP_SERVER} \
 
                 -S smtp=${SMTP_SERVER} \
 
                 -S smtp-use-starttls \
 
                 -S smtp-use-starttls \
 
                 -S smtp-auth=login \
 
                 -S smtp-auth=login \
 
@@ -19,7 +26,7 @@ mail_send() {
 
                 -S smtp-auth-password=$(cat /run/secrets/jenkins-mail-pass) \
 
                 -S smtp-auth-password=$(cat /run/secrets/jenkins-mail-pass) \
 
                 -S nss-config-dir=/etc/pki/nssdb \
 
                 -S nss-config-dir=/etc/pki/nssdb \
 
                 -S from=${JENKINS_MAIL_USER} \
 
                 -S from=${JENKINS_MAIL_USER} \
 
-                -a ${message_file} \
 
+                -a ${LOG_FILE} \
 
                 ${RECIPIENT_MAIL_BOX}
 
                 ${RECIPIENT_MAIL_BOX}
 
 }
 
 }
 
 
 
@@ -30,29 +37,29 @@ git_config() {
 
 }
 
 }
 
 
 
 clear_log() {
 
 clear_log() {
 
-              echo -n > ${log_file}
 
-              echo -n > ${message_file}
 
+              echo -n > ${LOG_FILE}
 
 }
 
 }
 
 
 
 clear_log
 
 clear_log
 
 
 
+echo "Delete /${git_dir}"
 
 [[ -d /${git_dir} ]] && rm -rf /${git_dir}
 
 [[ -d /${git_dir} ]] && rm -rf /${git_dir}
 
-cd / && git clone https://${GIT_USER}:$(cat /run/secrets/provision-pass)@${GIT_URL} && cd /${git_dir} && git checkout ${branch}
 
-if [ $? -ne 0 ];then mail_send "letsencrypt. Can't clone https://${GIT_URL}";exit 1;fi
 
 
 
+echo "Git clone ${GIT_URL}"
 
+cd / && git clone https://${GIT_USER}:$(cat /run/secrets/provision-pass)@${GIT_URL} && cd /${git_dir} && git checkout ${branch}
 
 
 
 #certbot renew --dry-run --config-dir /${git_dir}/letsencrypt
 
 #certbot renew --dry-run --config-dir /${git_dir}/letsencrypt
 
 #if [ $? -ne 0 ];then message="letsencrypt. Can't execute "dry-run" renew procces. Renew certs and keys will be skipped!!!"; mail_send; exit 1;fi
 
 #if [ $? -ne 0 ];then message="letsencrypt. Can't execute "dry-run" renew procces. Renew certs and keys will be skipped!!!"; mail_send; exit 1;fi
 
 
 
 #clear_log
 
 #clear_log
 
+echo "Renewal certs and keys"
 
+certbot renew --config-dir /${git_dir}/${CERT_SUBDIR}/letsencrypt >> ${LOG_FILE} 2>&1
 
 
 
-certbot renew --config-dir /${git_dir}/${CERT_SUBDIR}/letsencrypt >> ${message_file} 2>&1
 
-if [ $? -ne 0 ];then mail_send "LETSENCRYPT!!! Can't renew certs and keys. See log !!!";exit 1;fi
 
-
 
+echo "Git push ${GIT_URL}"
 
 echo "Renew keys and certs" > /tmp/commit.txt
 
 echo "Renew keys and certs" > /tmp/commit.txt
 
 git_config && git add -A && git commit -F /tmp/commit.txt
 
 git_config && git add -A && git commit -F /tmp/commit.txt
 
 git push https://${GIT_USER}:$(cat /run/secrets/provision-pass)@${GIT_URL} ${branch}
 
 git push https://${GIT_USER}:$(cat /run/secrets/provision-pass)@${GIT_URL} ${branch}
 
-if [ $? -ne 0 ];then mail_send "letsencrypt. Can't push diff to https://${GIT_URL} !!!";exit 1;fi
 
 
 
+echo "Send ${LOG_FILE} to ${RECIPIENT_MAIL_BOX}"
 
 mail_send "LETSENCRYPT!!! Renew Certs and Keys are success!!!"
 
 mail_send "LETSENCRYPT!!! Renew Certs and Keys are success!!!"