add status check

2022-10-14 10:52:09 -04:00 · 2022-10-14 10:52:09 -04:00 · b29e0308d4
commit b29e0308d4
parent a4e16f4cb1
2 changed files with 77 additions and 32 deletions
--- a/ssl-update.py
+++ b/ssl-update.py
@ -76,37 +76,6 @@ def firewall_mod(state, service, decrypt_pp):
  log.info(f'Turned {state_print} HTTP for {service}')


-def get_cert_dates(url, port=443):
-  cmd = (
-     f'printf "" | /usr/bin/openssl s_client -servername {url} -connect '
-     f'{url}:{port} | openssl x509 -noout -dates')
-
-  ps = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE,
-                        stderr=subprocess.PIPE)
-  bstdout, bstderr = ps.communicate()
-  exit_code = ps.returncode
-  stdout = bstdout.decode('UTF-8').splitlines()
-  stderr = bstderr.decode('UTF-8')
-  if exit_code > 0:
-    sys.exit(f'Error checking state of SSL cert at {url}:{port}: {stderr}')
-  start_str = ''
-  finish_str = ''
-  for line in stdout:
-    if 'notBefore' in line:
-      start_str = line.split('=')[1]
-    if 'notAfter' in line:
-      finish_str = line.split('=')[1]
-  
-  ts = datetime.datetime.now()
-  start = datetime.datetime.strptime(start_str, '%b %d %H:%M:%S %Y %Z')
-  finish = datetime.datetime.strptime(finish_str, '%b %d %H:%M:%S %Y %Z')
-  if ts > start and ts < finish:
-    print('Cert is valid')
-  else:
-    print('Cert is not valid')
-  print(f'start: {start}\nnow: {ts}\nfinish: {finish}')
-
-
 def recurse_rmdir(directory):
  directory = pathlib.Path(directory)
  for item in directory.iterdir():
--- a/ul-status.py
+++ b/ul-status.py
@ -0,0 +1,76 @@
+#!/usr/bin/env python3
+"""Automation for cert renewal.
+
+assumptions:
+    * firewall has access configured for specified key
+    * firewall sshd config contains: `AcceptEnv ssl_service state`
+    * firewall has `ssl-update.sh` copied to /usr/local/bin and chmod +x
+"""
+
+import datetime
+import logging
+import getpass
+import os
+import pathlib
+import pexpect
+import pwd
+import subprocess
+import sys
+import time
+
+supported_services = [
+  'git', 'plex', 'jellyfin', 'photoprism', 'nextcloud', 'read']
+
+def get_cert_dates(url, port=443):
+  cmd = (
+     f'printf "" | /usr/bin/openssl s_client -servername {url} -connect '
+     f'{url}:{port} | openssl x509 -noout -dates')
+
+  ps = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE,
+                        stderr=subprocess.PIPE)
+  bstdout, bstderr = ps.communicate()
+  exit_code = ps.returncode
+  stdout = bstdout.decode('UTF-8').splitlines()
+  stderr = bstderr.decode('UTF-8')
+  if exit_code > 0:
+    sys.exit(f'Error checking state of SSL cert at {url}:{port}: {stderr}')
+  start_str = ''
+  finish_str = ''
+  for line in stdout:
+    if 'notBefore' in line:
+      start_str = line.split('=')[1]
+    if 'notAfter' in line:
+      finish_str = line.split('=')[1]
+  
+  ts = datetime.datetime.now()
+  start = datetime.datetime.strptime(start_str, '%b %d %H:%M:%S %Y %Z')
+  finish = datetime.datetime.strptime(finish_str, '%b %d %H:%M:%S %Y %Z')
+  if ts > start and ts < finish:
+    print('Cert is valid')
+  else:
+    print('Cert is not valid')
+  print(f'start: {start}\nnow: {ts}\nfinish: {finish}')
+
+
+def main(args):
+  logging.basicConfig(level=os.environ.get("LOGLEVEL", "INFO"))
+
+  log.info(f'program start: {sys.argv}')
+  if len(args) == 0:
+    check = supported_services
+  else:
+    check = args
+
+  for service in check:
+    if not '.' in service:
+      url = f'{service}.drheck.dev'
+    else:
+      url = service
+    print(80*'-')
+    print(url)
+    get_cert_dates(url)
+
+
+log = logging.getLogger(__name__)
+if __name__ == '__main__':
+  main(sys.argv[1:])