self/certupdater
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
21d1008abe
certupdater/main.py
Egor Matveev 21d1008abe
All checks were successful
Deploy Dev / Build (pull_request) Successful in 5s
Details
Deploy Dev / Push (pull_request) Successful in 8s
Details
Deploy Dev / Deploy dev (pull_request) Successful in 8s
Details
fix
2025-06-02 00:19:08 +03:00

75 lines
2.6 KiB
Python
Raw Blame History

import datetime
import io
import subprocess
import time
from configurator import configurator
from mongo import mongo
from blob import minio
class Response:
code: int
out: str
err: str
def call(command: str) -> Response:
p = subprocess.Popen(command, stderr=subprocess.PIPE, stdout=subprocess.PIPE, shell=True)
resp = p.wait()
response = Response()
response.code = resp
response.out, response.err = p.stdout.read().decode('utf-8'), p.stderr.read().decode('utf-8')
return response
def get_hosts() -> list[str]:
return list(set(configurator.get_config("hosts") + ["platform.develop.sprinthub.ru"]))
def update_host(host: str) -> bool:
container_id_run = call(f"echo $(docker ps -q -f name=infra-development_nginx)")
if container_id_run.code != 0:
print(f"something wrong {container_id_run.err}")
return False
container_name = container_id_run.out.strip()
if not container_name:
print("Not correct node")
return False
gen_command = f"docker exec {container_name} certbot --nginx --email emmtvv@gmail.com --agree-tos --non-interactive -d \"{host}\""
print(gen_command)
gen_cert = call(gen_command)
if gen_cert.code != 0:
print(f"failed generating certificate: {gen_cert.err}")
print("Here is the log")
print(call(f"docker exec {container_name} cat /var/log/letsencrypt/letsencrypt.log").out)
return False
fullchain_command = call(f"docker exec {container_name} cat /etc/letsencrypt/live/{host}/fullchain.pem")
if fullchain_command.code != 0:
print(f"failed getting fullchain: {fullchain_command.err}")
return True
privkey_command = call(f"docker exec {container_name} cat /etc/letsencrypt/live/{host}/privkey.pem")
if privkey_command.code != 0:
print(f"failed getting fullchain: {privkey_command.err}")
return True
fullchain = fullchain_command.out.encode("utf-8")
privkey = privkey_command.out.encode("utf-8")
minio.put_object("certupdater", f"certificates/{host}/fullchain.pem", io.BytesIO(fullchain), len(fullchain))
minio.put_object("certupdater", f"certificates/{host}/privkey.pem", io.BytesIO(privkey), len(privkey))
return True
while True:
now = datetime.datetime.now()
mongo_hosts = mongo.hosts
for host in get_hosts():
if now + datetime.timedelta(days=14) > mongo_hosts.get(host, {"expire_time": datetime.datetime.fromtimestamp(1)})["expire_time"]:
success = update_host(host)
if success:
print(f"Host {host} updated")
mongo.update_date(host)
time.sleep(5 * 60)
Reference in New Issue View Git Blame Copy Permalink