mirror of
https://github.com/outbackdingo/labca.git
synced 2026-01-27 10:19:34 +00:00
243 lines
7.6 KiB
Bash
Executable File
243 lines
7.6 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
set -euo pipefail
|
|
|
|
LOGFILE=/home/labca/logs/commander.log
|
|
|
|
err_report() {
|
|
echo "ERROR! On line $1 in commander script"
|
|
}
|
|
|
|
trap 'err_report $LINENO' INT TERM ERR
|
|
|
|
dn=$(dirname $0)
|
|
source "$dn/utils.sh"
|
|
|
|
function wait_server() {
|
|
local url="$1"
|
|
|
|
local status=0
|
|
local cnt=0
|
|
|
|
set +e
|
|
res=$(curl -o /dev/null -sSLk --head --write-out '%{http_code}\n' $url 2>&1)
|
|
if [ $? -ne 0 ]; then
|
|
echo -n $res
|
|
fi
|
|
set -e
|
|
while [ $cnt -lt 40 ] && [ "$status" != "200" ]; do
|
|
status=$(curl -o /dev/null -sSL --head --write-out '%{http_code}\n' $url 2>>$LOGFILE)
|
|
let cnt=$cnt+1
|
|
if [ "$status" != "200" ]; then
|
|
sleep 5
|
|
fi
|
|
done
|
|
}
|
|
|
|
|
|
read txt
|
|
case $txt in
|
|
"trust-store")
|
|
cp /home/labca/nginx_data/ssl/labca_cert.pem /usr/local/share/ca-certificates/labca_cert.crt
|
|
cp ~labca/admin/data/root-ca.pem /usr/local/share/ca-certificates/root-ca.crt
|
|
update-ca-certificates &>>$LOGFILE
|
|
echo "Waiting for initial startup of the docker containers..." &>>$LOGFILE
|
|
wait_up $PS_MYSQL &>>$LOGFILE
|
|
wait_up $PS_LABCA &>>$LOGFILE
|
|
wait_up $PS_BOULDER $PS_BOULDER_COUNT &>>$LOGFILE
|
|
;;
|
|
"docker-restart")
|
|
cd /home/labca/boulder
|
|
docker-compose stop &>>$LOGFILE
|
|
wait_down $PS_MYSQL &>>$LOGFILE
|
|
wait_down $PS_LABCA &>>$LOGFILE
|
|
wait_down $PS_BOULDER &>>$LOGFILE
|
|
COMPOSE_HTTP_TIMEOUT=120 docker-compose up -d &>>$LOGFILE
|
|
wait_up $PS_MYSQL &>>$LOGFILE
|
|
wait_up $PS_LABCA &>>$LOGFILE
|
|
wait_up $PS_BOULDER $PS_BOULDER_COUNT &>>$LOGFILE
|
|
;;
|
|
"acme-request")
|
|
cd /home/labca/nginx_data/ssl
|
|
[ -e account.key ] || openssl genrsa 4096 > account.key
|
|
[ -e labca_key.pem ] || openssl genrsa 4096 > labca_key.pem
|
|
san=$(openssl x509 -noout -text -in labca_cert.pem | grep DNS:)
|
|
openssl req -new -utf8 -sha256 -key labca_key.pem -subj "/" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=$san")) > domain.csr
|
|
url=$(grep 'DEFAULT_DIRECTORY_URL =' /home/labca/acme_tiny.py | sed -e 's/.*=[ ]*//' | sed -e 's/\"//g')
|
|
wait_server $url
|
|
sleep 10
|
|
/home/labca/labca/renew
|
|
ln -sf /home/labca/labca/cron_d /etc/cron.d/labca
|
|
ln -sf /home/labca/labca/logrotate_d /etc/logrotate.d/labca
|
|
;;
|
|
"acme-change")
|
|
read fqdn
|
|
cd /home/labca/nginx_data/ssl
|
|
openssl genrsa 4096 > labca_key.pem
|
|
openssl req -new -utf8 -sha256 -key labca_key.pem -subj "/" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:$fqdn")) > domain.csr
|
|
url=$(grep 'DEFAULT_DIRECTORY_URL =' /home/labca/acme_tiny.py | sed -e 's/.*=[ ]*//' | sed -e 's/\"//g')
|
|
wait_server $url
|
|
sleep 10
|
|
/home/labca/labca/renew
|
|
;;
|
|
"nginx-remove-redirect")
|
|
perl -i -p0e 's/\n # BEGIN temporary redirect\n location = \/ \{\n return 302 \/admin\/;\n }\n # END temporary redirect\n//igs' /home/labca/nginx_data/conf.d/labca.conf
|
|
;;
|
|
"nginx-reload")
|
|
cd /home/labca/boulder
|
|
docker-compose exec -T nginx nginx -s reload &>>$LOGFILE
|
|
;;
|
|
"nginx-restart")
|
|
cd /home/labca/boulder
|
|
docker-compose restart nginx &>>$LOGFILE
|
|
;;
|
|
"log-cert")
|
|
[ -f /home/labca/nginx_data/ssl/acme_tiny.log ] && tail -200 /home/labca/nginx_data/ssl/acme_tiny.log || /bin/true
|
|
exit 0
|
|
;;
|
|
"log-commander")
|
|
[ -f $LOGFILE ] && tail -200 $LOGFILE || /bin/true
|
|
exit 0
|
|
;;
|
|
"log-boulder")
|
|
cd /home/labca/boulder
|
|
docker-compose logs -f --no-color --tail=50 boulder
|
|
;;
|
|
"log-boulder-notail")
|
|
cd /home/labca/boulder
|
|
docker-compose logs --no-color --tail=50 boulder
|
|
;;
|
|
"log-audit")
|
|
cd /home/labca/boulder
|
|
docker-compose logs --no-color boulder | grep "\[AUDIT\]" | grep -v "grpc: parseServiceConfig error unmarshaling due to unexpected end of JSON input" | tail -50
|
|
docker-compose logs -f --no-color --tail=0 boulder | grep "\[AUDIT\]"
|
|
;;
|
|
"log-activity")
|
|
cd /home/labca/boulder
|
|
echo "GMT"
|
|
docker-compose logs --no-color boulder | grep "\[AUDIT\]" | grep -v "grpc: parseServiceConfig error unmarshaling due to unexpected end of JSON input" | tail -15
|
|
exit 0
|
|
;;
|
|
"log-labca")
|
|
cd /home/labca/boulder
|
|
docker-compose logs -f --no-color --tail=50 labca
|
|
;;
|
|
"log-labca-notail")
|
|
cd /home/labca/boulder
|
|
docker-compose logs --no-color --tail=50 labca
|
|
;;
|
|
"log-labca-err")
|
|
[ -f /var/log/labca.err ] && tail -200 /var/log/labca.err || /bin/true
|
|
exit 0
|
|
;;
|
|
"log-web")
|
|
cd /home/labca/boulder
|
|
docker-compose logs -f --no-color --tail=50 nginx
|
|
;;
|
|
"log-components")
|
|
timezone=$(cat /etc/timezone)
|
|
nginx=$(ps -eo lstart,args | grep nginx | grep master | grep -v grep | cut -c 5-24)
|
|
svc=$(ps -eo lstart,args | grep tcpserver | grep sudo | grep -v grep | cut -c 5-24)
|
|
boulder=$(ps -eo lstart,args | grep bin/boulder-wfe2 | grep -v grep | cut -c 5-24)
|
|
labca=$(ps -eo lstart,args | grep bin/labca | grep -v grep | head -1 | cut -c 5-24)
|
|
echo "$timezone|$nginx|$svc|$boulder|$labca"
|
|
exit 0
|
|
;;
|
|
"log-stats")
|
|
timezone=$(cat /etc/timezone)
|
|
uptime=$(uptime -s)
|
|
procs=$(ps -ef --no-headers | wc -l)
|
|
total=$(free -b --si | grep 'Mem:' | perl -p0e 's/.*?\s+(\d+)\s+.*/$1/')
|
|
avail=$(free -b --si | grep 'Mem:' | perl -p0e 's/.*\s+(\d+)$/$1/')
|
|
let used=$total-$avail
|
|
echo "$timezone|$uptime|$procs|$used|$avail"
|
|
exit 0
|
|
;;
|
|
"revoke-cert")
|
|
read serial
|
|
read reasonCode
|
|
cd /home/labca/boulder
|
|
docker-compose exec -T boulder bin/admin-revoker serial-revoke --config labca/config/admin-revoker.json $serial $reasonCode 2>&1
|
|
;;
|
|
"test-email")
|
|
read recipient
|
|
cd /home/labca/boulder
|
|
docker-compose exec -T boulder bin/mail-tester --config labca/config/expiration-mailer.json $recipient 2>&1
|
|
;;
|
|
"boulder-start")
|
|
cd /home/labca/boulder
|
|
COMPOSE_HTTP_TIMEOUT=120 docker-compose up -d bmysql
|
|
COMPOSE_HTTP_TIMEOUT=120 docker-compose up -d boulder
|
|
wait_up $PS_MYSQL &>>$LOGFILE
|
|
wait_up $PS_BOULDER $PS_BOULDER_COUNT &>>$LOGFILE
|
|
;;
|
|
"boulder-stop")
|
|
cd /home/labca/boulder
|
|
docker-compose stop boulder
|
|
docker-compose stop bmysql
|
|
wait_down $PS_MYSQL &>>$LOGFILE
|
|
wait_down $PS_BOULDER &>>$LOGFILE
|
|
;;
|
|
"boulder-restart")
|
|
cd /home/labca/boulder
|
|
docker-compose stop boulder
|
|
docker-compose stop bmysql
|
|
wait_down $PS_MYSQL &>>$LOGFILE
|
|
wait_down $PS_BOULDER &>>$LOGFILE
|
|
COMPOSE_HTTP_TIMEOUT=120 docker-compose up -d bmysql
|
|
COMPOSE_HTTP_TIMEOUT=120 docker-compose up -d boulder
|
|
wait_up $PS_MYSQL &>>$LOGFILE
|
|
wait_up $PS_BOULDER $PS_BOULDER_COUNT &>>$LOGFILE
|
|
;;
|
|
"labca-restart")
|
|
cd /home/labca/boulder
|
|
docker-compose stop labca
|
|
wait_down $PS_LABCA &>>$LOGFILE
|
|
COMPOSE_HTTP_TIMEOUT=120 docker-compose up -d labca
|
|
wait_up $PS_LABCA &>>$LOGFILE
|
|
;;
|
|
"svc-restart")
|
|
service labca stop
|
|
wait_down $PS_SERVICE &>>$LOGFILE
|
|
service labca start
|
|
wait_up $PS_SERVICE &>>$LOGFILE
|
|
;;
|
|
"log-backups")
|
|
ls -1tr /home/labca/backup || /bin/true
|
|
exit 0
|
|
;;
|
|
"log-server-backup")
|
|
/home/labca/labca/backup
|
|
exit 0
|
|
;;
|
|
"backup-delete")
|
|
read backup
|
|
rm -f /home/labca/backup/$backup
|
|
;;
|
|
"backup-restore")
|
|
read backup
|
|
/home/labca/labca/restore $backup
|
|
;;
|
|
"server-restart")
|
|
reboot
|
|
;;
|
|
"server-shutdown")
|
|
halt
|
|
;;
|
|
"version-update")
|
|
cd $dn
|
|
branch="$(git symbolic-ref --short HEAD 2>/dev/null)" || branch="(none)"
|
|
if [ "$branch" == "master" ] || [ "$branch" == "main" ] || [ "$branch" == "(none)" ]; then
|
|
nohup /home/labca/labca/install &>>$LOGFILE
|
|
else
|
|
nohup /home/labca/labca/install -b $branch &>>$LOGFILE
|
|
fi
|
|
;;
|
|
*)
|
|
echo "Unknown command '$txt'. ERROR!"
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
echo "ok"
|