self/certupdater
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix #19

Merged
emmatveev merged 1 commits from master into dev 2025-06-01 19:24:37 +03:00
Conversation 0 Commits 1 Files Changed 2 +20 -11
2 changed files with 20 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.deploy/deploy-dev.yaml
View File

@ -16,7 +16,7 @@ services:
networks: networks:
- configurator - configurator
deploy: deploy:
mode: replicated mode: global
restart_policy: restart_policy:
condition: any condition: any
update_config: update_config:

29
main.py
View File

@ -25,25 +25,33 @@ def get_hosts() -> list[str]:
return list(set(configurator.get_config("hosts") + ["platform.develop.chocomarsh.com"])) return list(set(configurator.get_config("hosts") + ["platform.develop.chocomarsh.com"]))
def update_host(host: str): def update_host(host: str) -> bool:
gen_cert = call(f"docker exec -it $(docker ps -q -f name=infra-development_nginx) certbot --nginx --email emmtvv@gmail.com --agree-tos -d \"{host}\"") container_id_run = call(f"echo $(docker ps -q -f name=infra-development_nginx)")
if container_id_run.code != 0:
print(f"something wrong {container_id_run.err}")
return False
container_name = container_id_run.out
gen_cert = call(f"docker exec -it {container_name} certbot --nginx --email emmtvv@gmail.com --agree-tos -d \"{host}\"")
if gen_cert.code != 0: if gen_cert.code != 0:
print(f"failed generating certificate: {gen_cert.err}") print(f"failed generating certificate: {gen_cert.err}")
return return False
fullchain_command = call(f"docker exec -it $(docker ps -q -f name=infra_nginx) cat /etc/letsencrypt/live/{host}/fullchain.pem") fullchain_command = call(f"docker exec -it {container_name} cat /etc/letsencrypt/live/{host}/fullchain.pem")
if fullchain_command.code != 0: if fullchain_command.code != 0:
print(f"failed getting fullchain: {fullchain_command.err}") print(f"failed getting fullchain: {fullchain_command.err}")
return return True
privkey_command = call(f"docker exec -it $(docker ps -q -f name=infra_nginx) cat /etc/letsencrypt/live/{host}/privkey.pem") privkey_command = call(f"docker exec -it {container_name} cat /etc/letsencrypt/live/{host}/privkey.pem")
if privkey_command.code != 0: if privkey_command.code != 0:
print(f"failed getting fullchain: {privkey_command.err}") print(f"failed getting fullchain: {privkey_command.err}")
return return True
fullchain = fullchain_command.out.encode("utf-8") fullchain = fullchain_command.out.encode("utf-8")
privkey = privkey_command.out.encode("utf-8") privkey = privkey_command.out.encode("utf-8")
minio.put_object("certupdater", f"certificates/{host}/fullchain.pem", fullchain, len(fullchain)) minio.put_object("certupdater", f"certificates/{host}/fullchain.pem", fullchain, len(fullchain))
minio.put_object("certupdater", f"certificates/{host}/privkey.pem", privkey, len(privkey)) minio.put_object("certupdater", f"certificates/{host}/privkey.pem", privkey, len(privkey))
return True
while True: while True:
@ -51,7 +59,8 @@ while True:
mongo_hosts = mongo.hosts mongo_hosts = mongo.hosts
for host in get_hosts(): for host in get_hosts():
if now + datetime.timedelta(days=14) > mongo_hosts.get(host, {"expire_time": datetime.datetime.fromtimestamp(1)})["expire_time"]: if now + datetime.timedelta(days=14) > mongo_hosts.get(host, {"expire_time": datetime.datetime.fromtimestamp(1)})["expire_time"]:
update_host(host) success = update_host(host)
print(f"Host {host} updated") if success:
mongo.update_date(host) print(f"Host {host} updated")
mongo.update_date(host)
time.sleep(5 * 60) time.sleep(5 * 60)