|
@@ -1,16 +1,23 @@
|
|
#!/bin/bash
|
|
#!/bin/bash
|
|
|
|
|
|
-git_dir="pki"
|
|
|
|
-branch="master"
|
|
|
|
-log_file="/var/log/letsencrypt/letsencrypt.log"
|
|
|
|
-message_file="/var/log/letsencrypt/letsencrypt_out.log"
|
|
|
|
|
|
+set -e
|
|
|
|
+
|
|
|
|
+ERR_SUBJ='Error during renewal certs and keys!!!'
|
|
|
|
+LOG_FILE=/var/log/letsencrypt/renewal-$(date +%Y-%m-%d).log
|
|
|
|
+branch=master
|
|
|
|
+git_dir=pki
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+. /tmp/err_trap
|
|
|
|
+
|
|
#git_url="git.sdsys.ru/sdsys/pki.git"
|
|
#git_url="git.sdsys.ru/sdsys/pki.git"
|
|
|
|
|
|
if [[ -z ${CERT_SUBDIR} ]];then echo "variable CERT_SUBDIR doesn't set"; exit 1;fi
|
|
if [[ -z ${CERT_SUBDIR} ]];then echo "variable CERT_SUBDIR doesn't set"; exit 1;fi
|
|
[[ ${CERT_SUBDIR} == "dev_iru" ]] && exit 0
|
|
[[ ${CERT_SUBDIR} == "dev_iru" ]] && exit 0
|
|
|
|
|
|
|
|
+
|
|
mail_send() {
|
|
mail_send() {
|
|
- echo "$1"|mail -s "Attention! Certificate status!" \
|
|
|
|
|
|
+ echo "$1"|mail -s "Attention! Certificate renewal status!" \
|
|
-S smtp=${SMTP_SERVER} \
|
|
-S smtp=${SMTP_SERVER} \
|
|
-S smtp-use-starttls \
|
|
-S smtp-use-starttls \
|
|
-S smtp-auth=login \
|
|
-S smtp-auth=login \
|
|
@@ -19,7 +26,7 @@ mail_send() {
|
|
-S smtp-auth-password=$(cat /run/secrets/jenkins-mail-pass) \
|
|
-S smtp-auth-password=$(cat /run/secrets/jenkins-mail-pass) \
|
|
-S nss-config-dir=/etc/pki/nssdb \
|
|
-S nss-config-dir=/etc/pki/nssdb \
|
|
-S from=${JENKINS_MAIL_USER} \
|
|
-S from=${JENKINS_MAIL_USER} \
|
|
- -a ${message_file} \
|
|
|
|
|
|
+ -a ${LOG_FILE} \
|
|
${RECIPIENT_MAIL_BOX}
|
|
${RECIPIENT_MAIL_BOX}
|
|
}
|
|
}
|
|
|
|
|
|
@@ -30,29 +37,29 @@ git_config() {
|
|
}
|
|
}
|
|
|
|
|
|
clear_log() {
|
|
clear_log() {
|
|
- echo -n > ${log_file}
|
|
|
|
- echo -n > ${message_file}
|
|
|
|
|
|
+ echo -n > ${LOG_FILE}
|
|
}
|
|
}
|
|
|
|
|
|
clear_log
|
|
clear_log
|
|
|
|
|
|
|
|
+echo "Delete /${git_dir}"
|
|
[[ -d /${git_dir} ]] && rm -rf /${git_dir}
|
|
[[ -d /${git_dir} ]] && rm -rf /${git_dir}
|
|
-cd / && git clone https://${GIT_USER}:$(cat /run/secrets/provision-pass)@${GIT_URL} && cd /${git_dir} && git checkout ${branch}
|
|
|
|
-if [ $? -ne 0 ];then mail_send "letsencrypt. Can't clone https://${GIT_URL}";exit 1;fi
|
|
|
|
|
|
|
|
|
|
+echo "Git clone ${GIT_URL}"
|
|
|
|
+cd / && git clone https://${GIT_USER}:$(cat /run/secrets/provision-pass)@${GIT_URL} && cd /${git_dir} && git checkout ${branch}
|
|
|
|
|
|
#certbot renew --dry-run --config-dir /${git_dir}/letsencrypt
|
|
#certbot renew --dry-run --config-dir /${git_dir}/letsencrypt
|
|
#if [ $? -ne 0 ];then message="letsencrypt. Can't execute "dry-run" renew procces. Renew certs and keys will be skipped!!!"; mail_send; exit 1;fi
|
|
#if [ $? -ne 0 ];then message="letsencrypt. Can't execute "dry-run" renew procces. Renew certs and keys will be skipped!!!"; mail_send; exit 1;fi
|
|
|
|
|
|
#clear_log
|
|
#clear_log
|
|
|
|
+echo "Renewal certs and keys"
|
|
|
|
+certbot renew --config-dir /${git_dir}/${CERT_SUBDIR}/letsencrypt >> ${LOG_FILE} 2>&1
|
|
|
|
|
|
-certbot renew --config-dir /${git_dir}/${CERT_SUBDIR}/letsencrypt >> ${message_file} 2>&1
|
|
|
|
-if [ $? -ne 0 ];then mail_send "LETSENCRYPT!!! Can't renew certs and keys. See log !!!";exit 1;fi
|
|
|
|
-
|
|
|
|
|
|
+echo "Git push ${GIT_URL}"
|
|
echo "Renew keys and certs" > /tmp/commit.txt
|
|
echo "Renew keys and certs" > /tmp/commit.txt
|
|
git_config && git add -A && git commit -F /tmp/commit.txt
|
|
git_config && git add -A && git commit -F /tmp/commit.txt
|
|
git push https://${GIT_USER}:$(cat /run/secrets/provision-pass)@${GIT_URL} ${branch}
|
|
git push https://${GIT_USER}:$(cat /run/secrets/provision-pass)@${GIT_URL} ${branch}
|
|
-if [ $? -ne 0 ];then mail_send "letsencrypt. Can't push diff to https://${GIT_URL} !!!";exit 1;fi
|
|
|
|
|
|
|
|
|
|
+echo "Send ${LOG_FILE} to ${RECIPIENT_MAIL_BOX}"
|
|
mail_send "LETSENCRYPT!!! Renew Certs and Keys are success!!!"
|
|
mail_send "LETSENCRYPT!!! Renew Certs and Keys are success!!!"
|
|
|
|
|