From ad830c6ba6ab141bea84d66f2a1e55b3cf245fce Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sat, 31 May 2025 13:43:40 +0300 Subject: [PATCH 01/30] fix --- .gitea/workflows/deploy-dev.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitea/workflows/deploy-dev.yaml b/.gitea/workflows/deploy-dev.yaml index 9515a0c..5125b84 100644 --- a/.gitea/workflows/deploy-dev.yaml +++ b/.gitea/workflows/deploy-dev.yaml @@ -18,14 +18,14 @@ jobs: with: ref: dev - name: build - run: docker build -t mathwave/sprint-repo:pizda-bot . + run: docker build -t mathwave/sprint-repo:certupdater . push: name: Push runs-on: [ dev ] needs: build steps: - name: push - run: docker push mathwave/sprint-repo:pizda-bot + run: docker push mathwave/sprint-repo:certupdater deploy-dev: name: Deploy dev runs-on: [prod] @@ -40,4 +40,4 @@ jobs: - name: deploy env: MONGO_PASSWORD_DEV: ${{ secrets.MONGO_PASSWORD_DEV }} - run: docker stack deploy --with-registry-auth -c ./.deploy/deploy-dev.yaml pizda-bot-development + run: docker stack deploy --with-registry-auth -c ./.deploy/deploy-dev.yaml certupdater-development -- 2.45.2 From fed8955dd37ce0fb3c1448632388b534b25f3d45 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sat, 31 May 2025 13:48:29 +0300 Subject: [PATCH 02/30] fix --- Dockerfile | 5 +++++ requirements.txt | 11 +++++++++++ 2 files changed, 16 insertions(+) create mode 100644 requirements.txt diff --git a/Dockerfile b/Dockerfile index 274578f..28f3e52 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,4 +6,9 @@ RUN python3 -m venv venv RUN venv/bin/python3 -m ensurepip RUN venv/bin/pip3 install --no-cache --upgrade pip setuptools +RUN mkdir /code +WORKDIR /code +COPY requirements.txt requirements.txt +RUN venv/bin/pip install requirements.txt + ENTRYPOINT [ "venv/bin/python3", "main.py" ] \ No newline at end of file diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..56b9d88 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,11 @@ +argon2-cffi==23.1.0 +argon2-cffi-bindings==21.2.0 +certifi==2025.4.26 +cffi==1.17.1 +dnspython==2.7.0 +minio==7.2.15 +pycparser==2.22 +pycryptodome==3.23.0 +pymongo==4.13.0 +typing_extensions==4.13.2 +urllib3==2.4.0 -- 2.45.2 From 17858ba8680af123e2d6b63591726449e80682a4 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sat, 31 May 2025 13:49:54 +0300 Subject: [PATCH 03/30] fix --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 28f3e52..9ef81f9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,6 +9,6 @@ RUN venv/bin/pip3 install --no-cache --upgrade pip setuptools RUN mkdir /code WORKDIR /code COPY requirements.txt requirements.txt -RUN venv/bin/pip install requirements.txt +RUN venv/bin/pip3 install requirements.txt ENTRYPOINT [ "venv/bin/python3", "main.py" ] \ No newline at end of file -- 2.45.2 From 580eb94ef713c6049e85f1d2161b7f8e33607255 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sun, 1 Jun 2025 01:05:00 +0300 Subject: [PATCH 04/30] fix --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 9ef81f9..70167b4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,6 +9,7 @@ RUN venv/bin/pip3 install --no-cache --upgrade pip setuptools RUN mkdir /code WORKDIR /code COPY requirements.txt requirements.txt +RUN ls venv/bin RUN venv/bin/pip3 install requirements.txt ENTRYPOINT [ "venv/bin/python3", "main.py" ] \ No newline at end of file -- 2.45.2 From 317b371977f09a431b013b3f2fbab15fe2053662 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sun, 1 Jun 2025 01:07:20 +0300 Subject: [PATCH 05/30] fix --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 70167b4..6f8d342 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,14 +2,14 @@ FROM docker:dind ENV PYTHONUNBUFFERED=1 RUN apk add --update --no-cache python3 py3-pip && ln -sf python3 /usr/bin/python +RUN mkdir /code +WORKDIR /code RUN python3 -m venv venv RUN venv/bin/python3 -m ensurepip RUN venv/bin/pip3 install --no-cache --upgrade pip setuptools -RUN mkdir /code -WORKDIR /code COPY requirements.txt requirements.txt -RUN ls venv/bin RUN venv/bin/pip3 install requirements.txt +COPY . . ENTRYPOINT [ "venv/bin/python3", "main.py" ] \ No newline at end of file -- 2.45.2 From 8e193e2e874cba4c25059207234cc199d7f43cdd Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sun, 1 Jun 2025 01:10:28 +0300 Subject: [PATCH 06/30] fix --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 6f8d342..7f1ddd7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,7 @@ RUN venv/bin/python3 -m ensurepip RUN venv/bin/pip3 install --no-cache --upgrade pip setuptools COPY requirements.txt requirements.txt -RUN venv/bin/pip3 install requirements.txt +RUN venv/bin/pip3 install -r requirements.txt COPY . . ENTRYPOINT [ "venv/bin/python3", "main.py" ] \ No newline at end of file -- 2.45.2 From cc0c578cdc4b18b05c6634b5ff12adf0f14c34e5 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sun, 1 Jun 2025 01:12:52 +0300 Subject: [PATCH 07/30] fix --- requirements.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/requirements.txt b/requirements.txt index 56b9d88..ef6527f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,10 +2,13 @@ argon2-cffi==23.1.0 argon2-cffi-bindings==21.2.0 certifi==2025.4.26 cffi==1.17.1 +charset-normalizer==3.4.2 dnspython==2.7.0 +idna==3.10 minio==7.2.15 pycparser==2.22 pycryptodome==3.23.0 pymongo==4.13.0 +requests==2.32.3 typing_extensions==4.13.2 urllib3==2.4.0 -- 2.45.2 From 29e4912a956e362593fea022ca0897a731e0b782 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sun, 1 Jun 2025 13:59:17 +0300 Subject: [PATCH 08/30] fix --- main.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.py b/main.py index fac52d2..e67f6a3 100644 --- a/main.py +++ b/main.py @@ -37,7 +37,7 @@ while True: now = datetime.datetime.now() mongo_hosts = mongo.hosts for host in get_hosts(): - if now() + datetime.timedelta(days=14) > mongo_hosts[host]["expire_time"]: + if now + datetime.timedelta(days=14) > mongo_hosts[host]["expire_time"]: update_host(host) print(f"Host {host} updated") minio.put_object("certupdater", "nginx.conf", ) -- 2.45.2 From 0f4e5096392f5d2baaac54b2e26974c8e0a05196 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sun, 1 Jun 2025 14:01:42 +0300 Subject: [PATCH 09/30] fix --- main.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.py b/main.py index e67f6a3..ba25ea8 100644 --- a/main.py +++ b/main.py @@ -37,7 +37,7 @@ while True: now = datetime.datetime.now() mongo_hosts = mongo.hosts for host in get_hosts(): - if now + datetime.timedelta(days=14) > mongo_hosts[host]["expire_time"]: + if now + datetime.timedelta(days=14) > mongo_hosts.get(host, {"expire_time": datetime.datetime.fromtimestamp(1)})["expire_time"]: update_host(host) print(f"Host {host} updated") minio.put_object("certupdater", "nginx.conf", ) -- 2.45.2 From 8a64bec6fec3de5cc0f9150aa72fc81c733b35ff Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sun, 1 Jun 2025 14:42:31 +0300 Subject: [PATCH 10/30] fix --- main.py | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/main.py b/main.py index ba25ea8..79b808b 100644 --- a/main.py +++ b/main.py @@ -28,9 +28,22 @@ def get_hosts() -> list[str]: def update_host(host: str): gen_cert = call(f"docker exec $(docker ps -q -f name=infra_nginx) certbot --nginx --email emmtvv@gmail.com --agree-tos -d \"{host}\"") if gen_cert.code != 0: - print("failed generating certificate") + print(f"failed generating certificate: {gen_cert.err}") return + fullchain_command = call(f"docker exec $(docker ps -q -f name=infra_nginx) cat /etc/letsencrypt/live/{host}/fullchain.pem") + if fullchain_command.code != 0: + print(f"failed getting fullchain: {fullchain_command.err}") + return + + privkey_command = call(f"docker exec $(docker ps -q -f name=infra_nginx) cat /etc/letsencrypt/live/{host}/privkey.pem") + if privkey_command.code != 0: + print(f"failed getting fullchain: {privkey_command.err}") + return + fullchain = fullchain_command.out.encode("utf-8") + privkey = privkey_command.out.encode("utf-8") + minio.put_object("certupdater", f"certificates/{host}/fullchain.pem", fullchain, len(fullchain)) + minio.put_object("certupdater", f"certificates/{host}/privkey.pem", privkey, len(privkey)) while True: @@ -40,5 +53,5 @@ while True: if now + datetime.timedelta(days=14) > mongo_hosts.get(host, {"expire_time": datetime.datetime.fromtimestamp(1)})["expire_time"]: update_host(host) print(f"Host {host} updated") - minio.put_object("certupdater", "nginx.conf", ) + mongo.update_date(host) time.sleep(5 * 60) \ No newline at end of file -- 2.45.2 From b718b17f93e800a4bd57fd21ed89ecefb6d5a06a Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sun, 1 Jun 2025 14:49:01 +0300 Subject: [PATCH 11/30] fix --- .deploy/deploy-dev.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.deploy/deploy-dev.yaml b/.deploy/deploy-dev.yaml index 6549e29..5f96b4c 100644 --- a/.deploy/deploy-dev.yaml +++ b/.deploy/deploy-dev.yaml @@ -9,6 +9,8 @@ services: MONGO_HOST: "mongo.develop.sprinthub.ru" MONGO_PASSWORD: $MONGO_PASSWORD_DEV STAGE: "development" + volumes: + - /var/run/docker.sock:/var/run/docker.sock networks: - configurator deploy: -- 2.45.2 From 2abffabca8fd6fddb77f1700671167cef10d46a4 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sun, 1 Jun 2025 14:50:44 +0300 Subject: [PATCH 12/30] fix --- main.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/main.py b/main.py index 79b808b..1337cfe 100644 --- a/main.py +++ b/main.py @@ -26,17 +26,17 @@ def get_hosts() -> list[str]: def update_host(host: str): - gen_cert = call(f"docker exec $(docker ps -q -f name=infra_nginx) certbot --nginx --email emmtvv@gmail.com --agree-tos -d \"{host}\"") + gen_cert = call(f"docker exec $(docker ps -q -f name=infra_nginx) -it certbot --nginx --email emmtvv@gmail.com --agree-tos -d \"{host}\"") if gen_cert.code != 0: print(f"failed generating certificate: {gen_cert.err}") return - fullchain_command = call(f"docker exec $(docker ps -q -f name=infra_nginx) cat /etc/letsencrypt/live/{host}/fullchain.pem") + fullchain_command = call(f"docker exec $(docker ps -q -f name=infra_nginx) -it cat /etc/letsencrypt/live/{host}/fullchain.pem") if fullchain_command.code != 0: print(f"failed getting fullchain: {fullchain_command.err}") return - privkey_command = call(f"docker exec $(docker ps -q -f name=infra_nginx) cat /etc/letsencrypt/live/{host}/privkey.pem") + privkey_command = call(f"docker exec $(docker ps -q -f name=infra_nginx) -it cat /etc/letsencrypt/live/{host}/privkey.pem") if privkey_command.code != 0: print(f"failed getting fullchain: {privkey_command.err}") return -- 2.45.2 From e00c2f7f7116df111d5e83d18055a363d02fc292 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sun, 1 Jun 2025 14:57:54 +0300 Subject: [PATCH 13/30] fix --- .deploy/deploy-dev.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.deploy/deploy-dev.yaml b/.deploy/deploy-dev.yaml index 5f96b4c..7a79063 100644 --- a/.deploy/deploy-dev.yaml +++ b/.deploy/deploy-dev.yaml @@ -6,6 +6,8 @@ services: image: mathwave/sprint-repo:certupdater command: worker environment: + MINIO_HOST: "minio.develop.sprinthub.ru" + MINIO_SECRET_KEY: $MINIO_SECRET_KEY_DEV MONGO_HOST: "mongo.develop.sprinthub.ru" MONGO_PASSWORD: $MONGO_PASSWORD_DEV STAGE: "development" -- 2.45.2 From 707bf34f8a8a0b32bf3b981c9c16fd4eaff0cd25 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sun, 1 Jun 2025 15:02:30 +0300 Subject: [PATCH 14/30] fix --- .gitea/workflows/deploy-dev.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitea/workflows/deploy-dev.yaml b/.gitea/workflows/deploy-dev.yaml index 5125b84..cb40437 100644 --- a/.gitea/workflows/deploy-dev.yaml +++ b/.gitea/workflows/deploy-dev.yaml @@ -40,4 +40,5 @@ jobs: - name: deploy env: MONGO_PASSWORD_DEV: ${{ secrets.MONGO_PASSWORD_DEV }} + MINIO_SECRET_KEY_DEV: ${{ secrets.MINIO_SECRET_KEY_DEV }} run: docker stack deploy --with-registry-auth -c ./.deploy/deploy-dev.yaml certupdater-development -- 2.45.2 From ba8c2292a6c1fa934732f11359c4d393a56e43fb Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sun, 1 Jun 2025 15:04:46 +0300 Subject: [PATCH 15/30] fix --- main.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/main.py b/main.py index 1337cfe..00587bf 100644 --- a/main.py +++ b/main.py @@ -26,17 +26,17 @@ def get_hosts() -> list[str]: def update_host(host: str): - gen_cert = call(f"docker exec $(docker ps -q -f name=infra_nginx) -it certbot --nginx --email emmtvv@gmail.com --agree-tos -d \"{host}\"") + gen_cert = call(f"docker exec -it $(docker ps -q -f name=infra_nginx) certbot --nginx --email emmtvv@gmail.com --agree-tos -d \"{host}\"") if gen_cert.code != 0: print(f"failed generating certificate: {gen_cert.err}") return - fullchain_command = call(f"docker exec $(docker ps -q -f name=infra_nginx) -it cat /etc/letsencrypt/live/{host}/fullchain.pem") + fullchain_command = call(f"docker exec -it $(docker ps -q -f name=infra_nginx) -it cat /etc/letsencrypt/live/{host}/fullchain.pem") if fullchain_command.code != 0: print(f"failed getting fullchain: {fullchain_command.err}") return - privkey_command = call(f"docker exec $(docker ps -q -f name=infra_nginx) -it cat /etc/letsencrypt/live/{host}/privkey.pem") + privkey_command = call(f"docker exec -it $(docker ps -q -f name=infra_nginx) -it cat /etc/letsencrypt/live/{host}/privkey.pem") if privkey_command.code != 0: print(f"failed getting fullchain: {privkey_command.err}") return -- 2.45.2 From 224fb045e9973e0ea5d95c9aad63cc39d6c7f0a3 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sun, 1 Jun 2025 15:06:22 +0300 Subject: [PATCH 16/30] fix --- main.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main.py b/main.py index 00587bf..6161356 100644 --- a/main.py +++ b/main.py @@ -22,11 +22,11 @@ def call(command: str) -> Response: def get_hosts() -> list[str]: - return list(set(configurator.get_config("hosts") + ["platform.chocomarsh.com"])) + return list(set(configurator.get_config("hosts") + ["platform.develop.chocomarsh.com"])) def update_host(host: str): - gen_cert = call(f"docker exec -it $(docker ps -q -f name=infra_nginx) certbot --nginx --email emmtvv@gmail.com --agree-tos -d \"{host}\"") + gen_cert = call(f"docker exec -it $(docker ps -q -f name=infra-development_nginx) certbot --nginx --email emmtvv@gmail.com --agree-tos -d \"{host}\"") if gen_cert.code != 0: print(f"failed generating certificate: {gen_cert.err}") return -- 2.45.2 From eaf5cbfa55b6a916ec4ef5e31ac1a85cd00cf650 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sun, 1 Jun 2025 15:12:27 +0300 Subject: [PATCH 17/30] fix --- main.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main.py b/main.py index 6161356..cf1f994 100644 --- a/main.py +++ b/main.py @@ -31,12 +31,12 @@ def update_host(host: str): print(f"failed generating certificate: {gen_cert.err}") return - fullchain_command = call(f"docker exec -it $(docker ps -q -f name=infra_nginx) -it cat /etc/letsencrypt/live/{host}/fullchain.pem") + fullchain_command = call(f"docker exec -it $(docker ps -q -f name=infra_nginx) cat /etc/letsencrypt/live/{host}/fullchain.pem") if fullchain_command.code != 0: print(f"failed getting fullchain: {fullchain_command.err}") return - privkey_command = call(f"docker exec -it $(docker ps -q -f name=infra_nginx) -it cat /etc/letsencrypt/live/{host}/privkey.pem") + privkey_command = call(f"docker exec -it $(docker ps -q -f name=infra_nginx) cat /etc/letsencrypt/live/{host}/privkey.pem") if privkey_command.code != 0: print(f"failed getting fullchain: {privkey_command.err}") return -- 2.45.2 From 7abedce009148b659a9c6047b1128f0550748f0d Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sun, 1 Jun 2025 19:24:11 +0300 Subject: [PATCH 18/30] fix --- .deploy/deploy-dev.yaml | 2 +- main.py | 29 +++++++++++++++++++---------- 2 files changed, 20 insertions(+), 11 deletions(-) diff --git a/.deploy/deploy-dev.yaml b/.deploy/deploy-dev.yaml index 7a79063..ab92259 100644 --- a/.deploy/deploy-dev.yaml +++ b/.deploy/deploy-dev.yaml @@ -16,7 +16,7 @@ services: networks: - configurator deploy: - mode: replicated + mode: global restart_policy: condition: any update_config: diff --git a/main.py b/main.py index cf1f994..d7f56f2 100644 --- a/main.py +++ b/main.py @@ -25,25 +25,33 @@ def get_hosts() -> list[str]: return list(set(configurator.get_config("hosts") + ["platform.develop.chocomarsh.com"])) -def update_host(host: str): - gen_cert = call(f"docker exec -it $(docker ps -q -f name=infra-development_nginx) certbot --nginx --email emmtvv@gmail.com --agree-tos -d \"{host}\"") +def update_host(host: str) -> bool: + container_id_run = call(f"echo $(docker ps -q -f name=infra-development_nginx)") + if container_id_run.code != 0: + print(f"something wrong {container_id_run.err}") + return False + container_name = container_id_run.out + + gen_cert = call(f"docker exec -it {container_name} certbot --nginx --email emmtvv@gmail.com --agree-tos -d \"{host}\"") if gen_cert.code != 0: print(f"failed generating certificate: {gen_cert.err}") - return + return False - fullchain_command = call(f"docker exec -it $(docker ps -q -f name=infra_nginx) cat /etc/letsencrypt/live/{host}/fullchain.pem") + fullchain_command = call(f"docker exec -it {container_name} cat /etc/letsencrypt/live/{host}/fullchain.pem") if fullchain_command.code != 0: print(f"failed getting fullchain: {fullchain_command.err}") - return + return True - privkey_command = call(f"docker exec -it $(docker ps -q -f name=infra_nginx) cat /etc/letsencrypt/live/{host}/privkey.pem") + privkey_command = call(f"docker exec -it {container_name} cat /etc/letsencrypt/live/{host}/privkey.pem") if privkey_command.code != 0: print(f"failed getting fullchain: {privkey_command.err}") - return + return True + fullchain = fullchain_command.out.encode("utf-8") privkey = privkey_command.out.encode("utf-8") minio.put_object("certupdater", f"certificates/{host}/fullchain.pem", fullchain, len(fullchain)) minio.put_object("certupdater", f"certificates/{host}/privkey.pem", privkey, len(privkey)) + return True while True: @@ -51,7 +59,8 @@ while True: mongo_hosts = mongo.hosts for host in get_hosts(): if now + datetime.timedelta(days=14) > mongo_hosts.get(host, {"expire_time": datetime.datetime.fromtimestamp(1)})["expire_time"]: - update_host(host) - print(f"Host {host} updated") - mongo.update_date(host) + success = update_host(host) + if success: + print(f"Host {host} updated") + mongo.update_date(host) time.sleep(5 * 60) \ No newline at end of file -- 2.45.2 From 510bf7f2e645251353ada3595fe636bab471b595 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sun, 1 Jun 2025 19:25:26 +0300 Subject: [PATCH 19/30] fix --- main.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/main.py b/main.py index d7f56f2..610b125 100644 --- a/main.py +++ b/main.py @@ -31,6 +31,9 @@ def update_host(host: str) -> bool: print(f"something wrong {container_id_run.err}") return False container_name = container_id_run.out + if not container_name: + print("Not correct node") + return False gen_cert = call(f"docker exec -it {container_name} certbot --nginx --email emmtvv@gmail.com --agree-tos -d \"{host}\"") if gen_cert.code != 0: -- 2.45.2 From 096506b9dd25fefabf17e6971e1dd319e8e5ad3a Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sun, 1 Jun 2025 19:44:31 +0300 Subject: [PATCH 20/30] fix --- main.py | 1 + 1 file changed, 1 insertion(+) diff --git a/main.py b/main.py index 610b125..e33f889 100644 --- a/main.py +++ b/main.py @@ -34,6 +34,7 @@ def update_host(host: str) -> bool: if not container_name: print("Not correct node") return False + print(f"Container name: {container_name}") gen_cert = call(f"docker exec -it {container_name} certbot --nginx --email emmtvv@gmail.com --agree-tos -d \"{host}\"") if gen_cert.code != 0: -- 2.45.2 From 62a57137d1c9ce00cb8572e773a0666b313afc69 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sun, 1 Jun 2025 19:48:06 +0300 Subject: [PATCH 21/30] fix --- main.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/main.py b/main.py index e33f889..b9c52d3 100644 --- a/main.py +++ b/main.py @@ -34,9 +34,11 @@ def update_host(host: str) -> bool: if not container_name: print("Not correct node") return False - print(f"Container name: {container_name}") - gen_cert = call(f"docker exec -it {container_name} certbot --nginx --email emmtvv@gmail.com --agree-tos -d \"{host}\"") + gen_command = f"docker exec -it {container_name} certbot --nginx --email emmtvv@gmail.com --agree-tos -d \"{host}\"" + print(gen_command) + + gen_cert = call(gen_command) if gen_cert.code != 0: print(f"failed generating certificate: {gen_cert.err}") return False -- 2.45.2 From 9778a5168b6ef4ff429cd6a7ded65bc4308b06c1 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sun, 1 Jun 2025 19:50:14 +0300 Subject: [PATCH 22/30] fix --- main.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.py b/main.py index b9c52d3..ae661bf 100644 --- a/main.py +++ b/main.py @@ -30,7 +30,7 @@ def update_host(host: str) -> bool: if container_id_run.code != 0: print(f"something wrong {container_id_run.err}") return False - container_name = container_id_run.out + container_name = container_id_run.out.strip() if not container_name: print("Not correct node") return False -- 2.45.2 From 683320dc449571bad949befe065ce8bd9f5d59ad Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sun, 1 Jun 2025 19:53:14 +0300 Subject: [PATCH 23/30] fix --- main.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/main.py b/main.py index ae661bf..7963c12 100644 --- a/main.py +++ b/main.py @@ -35,7 +35,7 @@ def update_host(host: str) -> bool: print("Not correct node") return False - gen_command = f"docker exec -it {container_name} certbot --nginx --email emmtvv@gmail.com --agree-tos -d \"{host}\"" + gen_command = f"docker exec {container_name} certbot --nginx --email emmtvv@gmail.com --agree-tos -d \"{host}\"" print(gen_command) gen_cert = call(gen_command) @@ -43,12 +43,12 @@ def update_host(host: str) -> bool: print(f"failed generating certificate: {gen_cert.err}") return False - fullchain_command = call(f"docker exec -it {container_name} cat /etc/letsencrypt/live/{host}/fullchain.pem") + fullchain_command = call(f"docker exec {container_name} cat /etc/letsencrypt/live/{host}/fullchain.pem") if fullchain_command.code != 0: print(f"failed getting fullchain: {fullchain_command.err}") return True - privkey_command = call(f"docker exec -it {container_name} cat /etc/letsencrypt/live/{host}/privkey.pem") + privkey_command = call(f"docker exec {container_name} cat /etc/letsencrypt/live/{host}/privkey.pem") if privkey_command.code != 0: print(f"failed getting fullchain: {privkey_command.err}") return True -- 2.45.2 From 671f414e4530b123c896f5e090cb790d15cc86bc Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sun, 1 Jun 2025 19:54:59 +0300 Subject: [PATCH 24/30] fix --- main.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.py b/main.py index 7963c12..48df673 100644 --- a/main.py +++ b/main.py @@ -35,7 +35,7 @@ def update_host(host: str) -> bool: print("Not correct node") return False - gen_command = f"docker exec {container_name} certbot --nginx --email emmtvv@gmail.com --agree-tos -d \"{host}\"" + gen_command = f"docker exec {container_name} certbot --nginx --email emmtvv@gmail.com --agree-tos --non-interactive -d \"{host}\"" print(gen_command) gen_cert = call(gen_command) -- 2.45.2 From 81db99d44d61e4e3b7605c209f6d71b3a57f4213 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sun, 1 Jun 2025 19:58:18 +0300 Subject: [PATCH 25/30] fix --- main.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/main.py b/main.py index 48df673..84c719f 100644 --- a/main.py +++ b/main.py @@ -41,6 +41,8 @@ def update_host(host: str) -> bool: gen_cert = call(gen_command) if gen_cert.code != 0: print(f"failed generating certificate: {gen_cert.err}") + print("Here is the log") + print(call(f"docker exec {container_name} cat /var/log/letsencrypt/letsencrypt.log").out) return False fullchain_command = call(f"docker exec {container_name} cat /etc/letsencrypt/live/{host}/fullchain.pem") -- 2.45.2 From 08fd556c2c37baa943cc5e78536a76f790590ad3 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sun, 1 Jun 2025 20:04:26 +0300 Subject: [PATCH 26/30] fix --- main.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.py b/main.py index 84c719f..5337e2b 100644 --- a/main.py +++ b/main.py @@ -22,7 +22,7 @@ def call(command: str) -> Response: def get_hosts() -> list[str]: - return list(set(configurator.get_config("hosts") + ["platform.develop.chocomarsh.com"])) + return list(set(configurator.get_config("hosts") + ["platform.develop.sprinthub.ru"])) def update_host(host: str) -> bool: -- 2.45.2 From 21d1008abe1689e0055262a3953a7a44a57258f3 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Mon, 2 Jun 2025 00:19:08 +0300 Subject: [PATCH 27/30] fix --- main.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/main.py b/main.py index 5337e2b..9774e2c 100644 --- a/main.py +++ b/main.py @@ -1,4 +1,5 @@ import datetime +import io import subprocess import time from configurator import configurator @@ -57,8 +58,8 @@ def update_host(host: str) -> bool: fullchain = fullchain_command.out.encode("utf-8") privkey = privkey_command.out.encode("utf-8") - minio.put_object("certupdater", f"certificates/{host}/fullchain.pem", fullchain, len(fullchain)) - minio.put_object("certupdater", f"certificates/{host}/privkey.pem", privkey, len(privkey)) + minio.put_object("certupdater", f"certificates/{host}/fullchain.pem", io.BytesIO(fullchain), len(fullchain)) + minio.put_object("certupdater", f"certificates/{host}/privkey.pem", io.BytesIO(privkey), len(privkey)) return True -- 2.45.2 From d1d23165fa6d157c0789c298c7f712682edfa1a4 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Tue, 3 Jun 2025 22:43:30 +0300 Subject: [PATCH 28/30] fix --- .deploy/deploy-dev.yaml | 4 +++- .deploy/deploy-prod.yaml | 31 ++++++++----------------------- .gitea/workflows/deploy-prod.yaml | 3 ++- main.py | 17 ++++++++++++++--- 4 files changed, 27 insertions(+), 28 deletions(-) diff --git a/.deploy/deploy-dev.yaml b/.deploy/deploy-dev.yaml index ab92259..aa87cc6 100644 --- a/.deploy/deploy-dev.yaml +++ b/.deploy/deploy-dev.yaml @@ -16,9 +16,11 @@ services: networks: - configurator deploy: - mode: global + mode: replicated restart_policy: condition: any + placement: + constraints: [node.labels.stage == development] update_config: parallelism: 1 order: start-first diff --git a/.deploy/deploy-prod.yaml b/.deploy/deploy-prod.yaml index d4fe2b4..245b25f 100644 --- a/.deploy/deploy-prod.yaml +++ b/.deploy/deploy-prod.yaml @@ -2,44 +2,29 @@ version: "3.4" services: - worker: - image: mathwave/sprint-repo:pizda-bot + certupdater: + image: mathwave/sprint-repo:certupdater command: worker environment: + MINIO_HOST: "minio.sprinthub.ru" + MINIO_SECRET_KEY: $MINIO_SECRET_KEY_PROD MONGO_HOST: "mongo.sprinthub.ru" MONGO_PASSWORD: $MONGO_PASSWORD_PROD STAGE: "production" + volumes: + - /var/run/docker.sock:/var/run/docker.sock networks: - - queues - configurator deploy: mode: replicated restart_policy: condition: any - update_config: - parallelism: 1 - order: start-first - - pizda-bot-nginx: - image: mathwave/sprint-repo:pizda-bot - command: api - environment: - MONGO_HOST: "mongo.sprinthub.ru" - MONGO_PASSWORD: $MONGO_PASSWORD_PROD - networks: - - common-infra-nginx - deploy: - mode: replicated - restart_policy: - condition: any + placement: + constraints: [node.labels.stage == production] update_config: parallelism: 1 order: start-first networks: - common-infra-nginx: - external: true - queues: - external: true configurator: external: true diff --git a/.gitea/workflows/deploy-prod.yaml b/.gitea/workflows/deploy-prod.yaml index cd6e772..e487206 100644 --- a/.gitea/workflows/deploy-prod.yaml +++ b/.gitea/workflows/deploy-prod.yaml @@ -40,4 +40,5 @@ jobs: - name: deploy env: MONGO_PASSWORD_PROD: ${{ secrets.MONGO_PASSWORD_PROD }} - run: docker stack deploy --with-registry-auth -c ./.deploy/deploy-prod.yaml pizda-bot + MINIO_SECRET_KEY_PROD: ${{ secrets.MINIO_SECRET_KEY_PROD }} + run: docker stack deploy --with-registry-auth -c ./.deploy/deploy-prod.yaml certupdater diff --git a/main.py b/main.py index 9774e2c..a187ef1 100644 --- a/main.py +++ b/main.py @@ -1,5 +1,6 @@ import datetime import io +import os import subprocess import time from configurator import configurator @@ -27,13 +28,16 @@ def get_hosts() -> list[str]: def update_host(host: str) -> bool: - container_id_run = call(f"echo $(docker ps -q -f name=infra-development_nginx)") + if os.getenv("STAGE") == "development": + container_id_run = call(f"echo $(docker ps -q -f name=infra-development_nginx)") + else: + container_id_run = call(f"echo $(docker ps -q -f name=infra_nginx)") if container_id_run.code != 0: print(f"something wrong {container_id_run.err}") return False container_name = container_id_run.out.strip() if not container_name: - print("Not correct node") + print("No nginx container") return False gen_command = f"docker exec {container_name} certbot --nginx --email emmtvv@gmail.com --agree-tos --non-interactive -d \"{host}\"" @@ -66,10 +70,17 @@ def update_host(host: str) -> bool: while True: now = datetime.datetime.now() mongo_hosts = mongo.hosts + updated = False for host in get_hosts(): if now + datetime.timedelta(days=14) > mongo_hosts.get(host, {"expire_time": datetime.datetime.fromtimestamp(1)})["expire_time"]: success = update_host(host) if success: print(f"Host {host} updated") mongo.update_date(host) - time.sleep(5 * 60) \ No newline at end of file + updated = True + if updated: + if os.getenv("STAGE") == "development": + call("docker service update --force infra-development_nginx") + else: + call("docker service update --force infra_nginx") + time.sleep(30) -- 2.45.2 From 965175be5a4a3839db346fb2fa77203f167b61e0 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Tue, 3 Jun 2025 22:53:25 +0300 Subject: [PATCH 29/30] fix --- main.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/main.py b/main.py index a187ef1..4bd857a 100644 --- a/main.py +++ b/main.py @@ -80,7 +80,9 @@ while True: updated = True if updated: if os.getenv("STAGE") == "development": - call("docker service update --force infra-development_nginx") + result = call("docker service update --force infra-development_nginx") else: - call("docker service update --force infra_nginx") + result = call("docker service update --force infra_nginx") + + print(result.err, result.out) time.sleep(30) -- 2.45.2 From 080f84477f0f5ed9121b006d86aa8e059e87aee3 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Wed, 4 Jun 2025 02:34:14 +0300 Subject: [PATCH 30/30] fix --- main.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/main.py b/main.py index 4bd857a..b46e7dc 100644 --- a/main.py +++ b/main.py @@ -80,9 +80,10 @@ while True: updated = True if updated: if os.getenv("STAGE") == "development": - result = call("docker service update --force infra-development_nginx") + container_id_run = call(f"echo $(docker ps -q -f name=infra-development_nginx)") + result = call(f"docker restart {container_id_run.out}") else: result = call("docker service update --force infra_nginx") - + print(result.err, result.out) time.sleep(30) -- 2.45.2