self/certupdater
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: self:96a9bd8fc80b9e8877539005b788b45e63397c49
Branches Tags
self:master
self:prod
self:dev
..
compare: self:75a8a5e307569539a1880004045bee2e952097fa
Branches Tags
self:prod
self:dev
self:master

No commits in common. "96a9bd8fc80b9e8877539005b788b45e63397c49" and "75a8a5e307569539a1880004045bee2e952097fa" have entirely different histories.
96a9bd8fc8 ... 75a8a5e307

2 changed files with 29 additions and 78 deletions
Show Stats Expand all files Collapse all files

3
.deploy/deploy-dev.yaml
View File

@ -15,7 +15,6 @@ services:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- configurator
- queues-development
deploy:
mode: replicated
restart_policy:
@ -29,5 +28,3 @@ services:
networks:
configurator:
external: true
queues-development:
external: true

104
main.py
View File

@ -3,8 +3,6 @@ import io
import os
import subprocess
import time
from requests import post
from configurator import configurator
from mongo import mongo
from blob import minio
@ -16,92 +14,60 @@ class Response:
err: str
def send_notification(text: str):
post(
"http://queues:1239/api/v1/put",
headers={"queue": "botalka_mailbox"},
json={
"payload": {
"project": "notifications-bot",
"name": "telegram-bot",
"body": {
"text": text,
"chat_id": 84367486,
},
},
"seconds_to_execute": 1,
"delay": None,
},
)
def call(command: str) -> Response:
p = subprocess.Popen(
command, stderr=subprocess.PIPE, stdout=subprocess.PIPE, shell=True
)
p = subprocess.Popen(command, stderr=subprocess.PIPE, stdout=subprocess.PIPE, shell=True)
resp = p.wait()
response = Response()
response.code = resp
response.out, response.err = p.stdout.read().decode(
"utf-8"
), p.stderr.read().decode("utf-8")
response.out, response.err = p.stdout.read().decode('utf-8'), p.stderr.read().decode('utf-8')
return response
def get_hosts() -> list[str]:
if os.getenv("STAGE") == "development":
return list(set(list(configurator.get_config("hosts"))))
return list(set(list(configurator.get_config("hosts")) + ["platform.develop.sprinthub.ru"]))
else:
return list(set(list(configurator.get_config("hosts"))))
return list(set(list(configurator.get_config("hosts")) + ["platform.sprinthub.ru"]))
def update_host(host: str) -> str | None:
def update_host(host: str) -> bool:
if os.getenv("STAGE") == "development":
container_id_run = call("echo $(docker ps -q -f name=infra-development_nginx)")
container_id_run = call(f"echo $(docker ps -q -f name=infra-development_nginx)")
else:
container_id_run = call("echo $(docker ps -q -f name=infra_nginx)")
container_id_run = call(f"echo $(docker ps -q -f name=infra_nginx)")
if container_id_run.code != 0:
return container_id_run.err
print(f"something wrong {container_id_run.err}")
return False
container_name = container_id_run.out.strip()
if not container_name:
return "no nginx container"
print("No nginx container")
return False
gen_command = f'docker exec {container_name} certbot --nginx --email emmtvv@gmail.com --agree-tos --non-interactive -d "{host}"'
gen_command = f"docker exec {container_name} certbot --nginx --email emmtvv@gmail.com --agree-tos --non-interactive -d \"{host}\""
print(gen_command)
gen_cert = call(gen_command)
if gen_cert.code != 0:
log = call(
f"docker exec {container_name} cat /var/log/letsencrypt/letsencrypt.log"
).out
return f"failed generating certificate: {log}"
print(f"failed generating certificate: {gen_cert.err}")
print("Here is the log")
print(call(f"docker exec {container_name} cat /var/log/letsencrypt/letsencrypt.log").out)
return False
fullchain_command = call(
f"docker exec {container_name} cat /etc/letsencrypt/live/{host}/fullchain.pem"
)
fullchain_command = call(f"docker exec {container_name} cat /etc/letsencrypt/live/{host}/fullchain.pem")
if fullchain_command.code != 0:
return f"failed getting fullchain: {fullchain_command.err}"
print(f"failed getting fullchain: {fullchain_command.err}")
return True
privkey_command = call(
f"docker exec {container_name} cat /etc/letsencrypt/live/{host}/privkey.pem"
)
privkey_command = call(f"docker exec {container_name} cat /etc/letsencrypt/live/{host}/privkey.pem")
if privkey_command.code != 0:
return f"failed getting fullchain: {privkey_command.err}"
print(f"failed getting fullchain: {privkey_command.err}")
return True
fullchain = fullchain_command.out.encode("utf-8")
privkey = privkey_command.out.encode("utf-8")
minio.put_object(
"certupdater",
f"certificates/{host}/fullchain.pem",
io.BytesIO(fullchain),
len(fullchain),
)
minio.put_object(
"certupdater",
f"certificates/{host}/privkey.pem",
io.BytesIO(privkey),
len(privkey),
)
return None
minio.put_object("certupdater", f"certificates/{host}/fullchain.pem", io.BytesIO(fullchain), len(fullchain))
minio.put_object("certupdater", f"certificates/{host}/privkey.pem", io.BytesIO(privkey), len(privkey))
return True
while True:
@ -109,26 +75,15 @@ while True:
mongo_hosts = mongo.hosts
updated = False
for host in get_hosts():
if (
now + datetime.timedelta(days=14)
> mongo_hosts.get(
host, {"expire_time": datetime.datetime.fromtimestamp(1)}
)["expire_time"]
):
if now + datetime.timedelta(days=14) > mongo_hosts.get(host, {"expire_time": datetime.datetime.fromtimestamp(1)})["expire_time"]:
success = update_host(host)
if success:
send_notification(
f"host {host} was not updated with an error: {success}"
)
else:
print(f"Host {host} updated")
mongo.update_date(host)
updated = True
send_notification(f"host {host} updated")
if updated:
if os.getenv("STAGE") == "development":
container_id_run = call(
"echo $(docker ps -q -f name=infra-development_nginx)"
)
container_id_run = call("echo $(docker ps -q -f name=infra-development_nginx)")
else:
container_id_run = call("echo $(docker ps -q -f name=infra_nginx)")
@ -139,6 +94,5 @@ while True:
restart = call(command)
print(restart.code, restart.out, restart.err)
send_notification(f"Balancer for {os.getenv("STAGE")} was restarted")
time.sleep(30)