Home Explore Help
Register Sign In
iNDivia.net
/
otcerts
7
0
Fork 0
Files Issues 1 Pull Requests 0 Wiki
Browse Source

Cleaned script

jigen 4 years ago
parent
b9fbafc392
commit
6433bbdd1f
1 changed files with 23 additions and 28 deletions
Split View Show Diff Stats
  1. 23 28
      OTcerts.py

+ 23 - 28
OTcerts.py
View File 

@@ -11,9 +11,9 @@ import mysql.connector
 
 # Query for IMAP/POP3 certificate
 
 mbox_list_stmt = "SELECT DISTINCT(name) FROM records WHERE content in ({}) and (name LIKE 'imap.%' or name LIKE 'pop3.%' or name LIKE 'mail.%')"
 
 
-# Query for SMTP certificate  
+# Query for SMTP certificate
 
 smtp_list_stmt = "SELECT DISTINCT(name) FROM records WHERE content in ({}) and (name LIKE 'smtp.%' or name LIKE 'mail.%')"
 
- 
+
 
 
 # Get list of defined domains in vhosts configuration database
 
 domains_list_stmt = """SELECT DISTINCT(SUBSTRING_INDEX(urls.dns_name, '.', -2)) AS domain_names 
@@ -30,8 +30,6 @@ subdomains_list_stmt = "SELECT DISTINCT(urls.dns_name) AS domain_names "\
 
                        "ON (urls.url_id = hosts_urls.url_id and urls.url_id = vhosts.url_id and vhosts.vhost_id = vhosts_features.vhost_id) "\
 
                        "WHERE (hosts_urls.http = 'Y' and hosts.hostname =  %(webserver)s and "\
 
                        "urls.dns_name LIKE %(domain)s)"
 
-                                                                
-
 
 
 default_conf_file="./etc/ot_certs.ini"
 
 logging.basicConfig(level=logging.INFO)
 
@@ -42,7 +40,7 @@ def init_prog(argv):
 
     """
 
     Parse command line args and config file
 
     """
 
-    
+
 
     parser = argparse.ArgumentParser(
 
         description="Manage LetsEncrypt certificates")
 
     parser.add_argument("-c", "--config", type=open,
 
@@ -91,7 +89,7 @@ def get_subdomain_list(config,  domain, ot_conn, ex_subdomains=tuple()):
 
     """
 
     Return a Python list containing subdomain of domain paramer
 
     eg:  ['app.arkiwi.org']
 
-    """ 
+    """
 
     result_dict=dict()
 
 
 
@@ -102,11 +100,8 @@ def get_subdomain_list(config,  domain, ot_conn, ex_subdomains=tuple()):
 
     subdomains_res = ot_cursor.fetchall()
 
     ot_cursor.close()
 
 
-    #if filtered:
 
     subdomains_filtered = [s[0].decode('utf-8') for s in subdomains_res
 
                                if not(s[0].decode('utf-8').startswith(ex_subdomains))]
 
-    # else:
 
-    #     subdomains_filtered = [s[0].decode('utf-8') for s in subdomains_res]
 
 
     return subdomains_filtered
 
 
@@ -121,7 +116,7 @@ def get_domain_list(config,  ot_conn, dns_conn):
 
 
     ot_cursor=ot_conn.cursor()
 
     ot_cursor.execute(domains_list_stmt, {'webserver':config['main']['webserver'].strip(" '\"")})
 
-    
+
 
     dns_cursor=dns_conn.cursor()
 
     for domain_barr, in ot_cursor:
 
         domain_name = domain_barr.decode("utf-8")
 
@@ -137,7 +132,7 @@ def get_domain_list(config,  ot_conn, dns_conn):
 
             result_dict.update({domain_name: {'managed_ns':False, 'domain_id':None}})
 
         else:
 
             logger.error('Unexpected result for domain {}'.format(domain_name))
 
-        
+
 
     dns_cursor.close()
 
     ot_cursor.close()
 
     return result_dict
 
@@ -148,7 +143,7 @@ def  get_alias_list(config, dns_conn, query, aliases):
 
 
     """
 
     result_list = list()
 
-    
+
 
     dns_cursor=dns_conn.cursor()
 
     try:
 
         dns_cursor.execute(query, aliases)
 
@@ -168,7 +163,7 @@ def acme_request(config, domain_name, acme_test='DNS-01', webroot=None, dryrun=F
 
     args += "--server {} ".format(config['certbot']['server'])
 
 
     if dryrun:
 
-        args += "--dry-run "  
+        args += "--dry-run "
 
     if acme_test == 'DNS-01':
 
         args += " --manual certonly "
 
         args += "--preferred-challenges dns-01 "
 
@@ -176,17 +171,17 @@ def acme_request(config, domain_name, acme_test='DNS-01', webroot=None, dryrun=F
 
         args += "--manual-cleanup-hook {} ".format(config['certbot']['cleanup_hook'])
 
         args += "-d {},*.{}".format(domain_name, domain_name)
 
     elif acme_test == 'HTTP-01':
 
-        args += " --webroot certonly "        
+        args += " --webroot certonly "
 
         args += "--preferred-challenges http-01 "
 
         if webroot is None:
 
             args += "-w {}/{}/htdocs ".format(config['apache']['webroot'], domain_name)
 
         else:
 
             args += "-w {} ".format(webroot)
 
-            
+
 
         if domains_list is None:
 
             args += "-d {}".format(domain_name)
 
         else:
 
-            args += "--expand --cert-name {} ".format(domain_name)        
+            args += "--expand --cert-name {} ".format(domain_name)
 
             args += "-d {}".format(",".join(domains_list))
 
     else:
 
         logger.error('acme test {} not supported'.format(acme_test))
 
@@ -195,7 +190,7 @@ def acme_request(config, domain_name, acme_test='DNS-01', webroot=None, dryrun=F
 
         logging.info("{} {}".format(config['certbot']['bin'], args))
 
     else:
 
         os.system("{} {}".format(config['certbot']['bin'], args))
 
-        
+
 
     return True
 
 
 def symlink_force(target, link_name):
 
@@ -217,25 +212,25 @@ def link_cert(config, source, dest, dryrun=False):
 
     else:
 
         symlink_force(src_name, link_name)
 
 
-        
+
 
 if __name__ == '__main__':
 
     args, config = init_prog(sys.argv)
 
 
     dryrun=config['main'].getboolean('dryrun')
 
-    
+
 
     ot_conn=connect_db(dict(config['ot_db']))
 
     dns_conn=connect_db(dict(config['dns_db']))
 
 
     if  dryrun:
 
         print("DRYRUN, nessun certificato verra' richiesto, nessun link/file creato o modificato")
 
 
-    
+
 
     # Caso speciale per le webmail
 
     if args.webmail:
 
         logging.info('Asking certificates for webmail')
 
         vhost_name = config['webmail']['vhost'].strip()
 
         webmails_list = ["webmail.{}".format(d.strip()) for d in config['webmail']['domains'].split(',') if len(d.strip())>0]
 
-        if acme_request(config, vhost_name, acme_test='HTTP-01', dryrun=dryrun, domains_list=webmails_list):           
+        if acme_request(config, vhost_name, acme_test='HTTP-01', dryrun=dryrun, domains_list=webmails_list):
 
             link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
 
         else:
 
             logger.error('Error asking certificate for {}'.format(vhost_name))
 
@@ -251,7 +246,7 @@ if __name__ == '__main__':
 
         # Per usi futuri, aggiungo l'alias 'mail.indivia.net'
 
         alias_list.append('mail.indivia.net')
 
         if acme_request(config, vhost_name, acme_test='HTTP-01', webroot=config['mail']['mbox_webroot'].strip(),
 
-                        dryrun=dryrun, domains_list=alias_list):           
+                        dryrun=dryrun, domains_list=alias_list):
 
             # non e' richiesto il link, punto direttamente le configurazioni alle dir di letsencrypt
 
             # link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
 
             pass
 
@@ -273,21 +268,21 @@ if __name__ == '__main__':
 
             pass
 
         else:
 
             logger.error('Error asking certificate for {}'.format(vhost_name))
 
-             
-    # Caso speciale per l'hosting 
+
 
+    # Caso speciale per l'hosting
 
     if args.hosting:
 
         logging.info('Asking certificates for hosted web domains')
 
         # Subdomains da escludere
 
         ex_subdomains = tuple([s.strip() for s in config['main']['special_subdomains'].split(',') if len(s.strip())>0])
 
         domains_dict = get_domain_list(config, ot_conn, dns_conn)
 
-    
+
 
         for domain_name, domain_feat in domains_dict.items():
 
             domain_feat['subdomains']=get_subdomain_list(config, domain_name, ot_conn, ex_subdomains=ex_subdomains)
 
             # Controlla se i nameserver sono gestiti da noi
 
             if domain_feat['managed_ns']:
 
                 # Nel caso il nameserver sia gestito, chiedi certificati per il dominio e la wildcard
 
                 if acme_request(config, domain_name, acme_test='DNS-01', dryrun=dryrun):
 
-                    link_cert(config, domain_name, domain_name, dryrun=dryrun)     
+                    link_cert(config, domain_name, domain_name, dryrun=dryrun)
 
                     # Crea il link per ogni subdomain
 
                     for subdomain in domain_feat['subdomains']:
 
                         link_cert(config, domain_name, subdomain, dryrun=dryrun)
 
@@ -300,12 +295,12 @@ if __name__ == '__main__':
 
         ot_conn.close()
 
         dns_conn.close()
 
 
-    # Genero il certificato per l'interfaccia di mailman 
+    # Genero il certificato per l'interfaccia di mailman
 
     if args.liste:
 
         logging.info('Asking certificates for liste.indivia.net')
 
         vhost_name = config['mailman']['vhost'].strip()
 
         liste_list = ["liste.{}".format(d.strip()) for d in config['mailman']['domains'].split(',') if len(d.strip())>0]
 
-        if acme_request(config, vhost_name, acme_test='HTTP-01', dryrun=dryrun, domains_list=liste_list):           
+        if acme_request(config, vhost_name, acme_test='HTTP-01', dryrun=dryrun, domains_list=liste_list):
 
             link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
 
         else:
 
             logger.error('Error asking certificate for {}'.format(vhost_name))