Mutually exclusive service flag

Refactor renew
2020-02-26 02:01:37 +01:00 · 2020-02-26 01:59:03 +01:00
1 changed files with 141 additions and 118 deletions
--- a/OTcerts.py
+++ b/OTcerts.py
@ -47,18 +47,21 @@ def init_prog(argv):
                        required=False,
                        default=default_conf_file,
                        help="Specifity config file (default: {})".format(default_conf_file))
-    parser.add_argument("--liste", default=False, action='store_true', required=False,
-                        help="Richiedi i certificati per liste.indivia.net")
-    parser.add_argument("--hosting", default=False, action='store_true', required=False,
-                        help="Richiedi i certificati per i siti in hosting")
-    parser.add_argument("--webmail", default=False, action='store_true', required=False,
-                        help="Richiedi i certificati per le webmail")
-    parser.add_argument("--smtp", default=False, action='store_true', required=False,
-                        help="Richiedi i certificati per il server SMTP")
-    parser.add_argument("--mbox", default=False, action='store_true', required=False,
-                        help="Richiedi i certificati per il server POP/IMAP")
    parser.add_argument("--renew", default=False, action='store_true', required=False,
                        help="Invoca solamente il renew per i certificati gia' presenti")
+    
+    service_group = parser.add_mutually_exclusive_group(required=True)
+    service_group.add_argument("--liste", default=False, action='store_true', required=False,
+                        help="Richiedi i certificati per liste.indivia.net")
+    service_group.add_argument("--hosting", default=False, action='store_true', required=False,
+                        help="Richiedi i certificati per i siti in hosting")
+    service_group.add_argument("--webmail", default=False, action='store_true', required=False,
+                        help="Richiedi i certificati per le webmail")
+    service_group.add_argument("--smtp", default=False, action='store_true', required=False,
+                        help="Richiedi i certificati per il server SMTP")
+    service_group.add_argument("--mbox", default=False, action='store_true', required=False,
+                        help="Richiedi i certificati per il server POP/IMAP")
+
    args = parser.parse_args()
    try:
        config = configparser.ConfigParser()
@ -246,136 +249,156 @@ if __name__ == '__main__':
    dryrun=config['main'].getboolean('dryrun')
    service_reload = dict()

-    ot_conn=connect_db(dict(config['ot_db']))
-    dns_conn=connect_db(dict(config['dns_db']))
-
    if  dryrun:
        print("DRYRUN, nessun certificato verra' richiesto, nessun link/file creato o modificato")

-
-    # Caso speciale per le webmail
-    if args.webmail:
-        logging.info('Asking certificates for webmail')
-        vhost_name = config['webmail']['vhost'].strip()
-        webmails_list = ["webmail.{}".format(d.strip()) for d in config['webmail']['domains'].split(',') if len(d.strip())>0]
-        logging.info('vhost {}, domains_list {}'.format(vhost_name, webmails_list))
-        if acme_request(config, vhost_name, acme_test='HTTP-01', dryrun=dryrun, domains_list=webmails_list):
-            link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
-            service_reload['webmail'] = True
-        else:
-            logger.error('Error asking certificate for {}'.format(vhost_name))
-
-    # Caso speciale per il server POP/IMAP
-    if args.mbox:
-        logging.info('Asking certificates for POP/IMAP server')
-        vhost_name = config['mail']['mbox_vhost'].strip()
-        server_addresses = [s.strip() for s in config['mail']['mbox_server_addresses'].split(',') if len(s.strip())>0]
-        mbox_fmt = ','.join(['%s'] * len(server_addresses))
-        mbox_query = mbox_list_stmt.format(mbox_fmt)
-        alias_list = get_alias_list(config, dns_conn, mbox_query, server_addresses)
-        # Per usi futuri, aggiungo l'alias 'mail.indivia.net'
-        alias_list.append('mail.indivia.net')
-        logging.info('vhost {}, domains_list {}'.format(vhost_name, alias_list))
-        if acme_request(config, vhost_name, acme_test='HTTP-01', webroot=config['mail']['mbox_webroot'].strip(),
-                        dryrun=dryrun, domains_list=alias_list):
-            # non e' richiesto il link, punto direttamente le configurazioni alle dir di letsencrypt
-            # link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
-            service_reload['mbox'] = True
-            pass
-        else:
-            logger.error('Error asking certificate for {}'.format(vhost_name))
-
-    # Caso speciale per il server SMTP
-    if args.smtp:
-        logging.info('Asking certificates for SMTP server')
-        vhost_name = config['mail']['smtp_vhost'].strip()
-        server_addresses = [s.strip() for s in config['mail']['smtp_server_addresses'].split(',') if len(s.strip())>0]
-        smtp_fmt = ','.join(['%s'] * len(server_addresses))
-        smtp_query = smtp_list_stmt.format(smtp_fmt)
-        alias_list = get_alias_list(config, dns_conn, smtp_query, server_addresses)
-        logging.info('vhost {}, domains_list {}'.format(vhost_name, alias_list))
-        if acme_request(config, vhost_name, acme_test='HTTP-01', webroot=config['mail']['smtp_webroot'].strip(),
-                        dryrun=dryrun, domains_list=alias_list):
-            # non e' richiesto il link, punto direttamente le configurazioni alle dir di letsencrypt
-            # link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
-            service_reload['smtp'] = True
-            pass
-        else:
-            logger.error('Error asking certificate for {}'.format(vhost_name))
-
-    # Caso speciale per l'hosting
-    if args.hosting:
-        logging.info('Asking certificates for hosted web domains')
-        # Subdomains da escludere
-        ex_subdomains = tuple([s.strip() for s in config['main']['special_subdomains'].split(',') if len(s.strip())>0])
-        domains_dict = get_domain_list(config, ot_conn, dns_conn)
-
-        for domain_name, domain_feat in domains_dict.items():
-            domain_feat['subdomains']=get_subdomain_list(config, domain_name, ot_conn, ex_subdomains=ex_subdomains)
-            # Controlla se i nameserver sono gestiti da noi
-            if domain_feat['managed_ns']:
-                # Nel caso il nameserver sia gestito, chiedi certificati per il dominio e la wildcard
-                logger.info('Get certificates for {}, *.{}'.format(domain_name, domain_name))
-                if acme_request(config, domain_name, acme_test='DNS-01', dryrun=dryrun):
-                    link_cert(config, domain_name, domain_name, dryrun=dryrun)
-                    # Crea il link per ogni subdomain
-                    for subdomain in domain_feat['subdomains']:
-                        link_cert(config, domain_name, subdomain, dryrun=dryrun)
-                    service_reload['hosting'] = True
-
-            else:
-                # Nel caso i nameserver NON siano gestiti, allora chiedi un certificato per ogni sottodominio
-                # Crea il link per ogni subdomain
-                for subdomain in domain_feat['subdomains']:
-                    logger.info('Get certificates for {}'.format(subdomain))
-                    if acme_request(config, subdomain, acme_test='HTTP-01', dryrun=dryrun):
-                        link_cert(config, subdomain, subdomain, dryrun=dryrun)
-                        service_reload['hosting'] = True
-        ot_conn.close()
-        dns_conn.close()
-
-    # Genero il certificato per l'interfaccia di mailman
-    if args.liste:
-        logging.info('Asking certificates for liste.indivia.net')
-        vhost_name = config['mailman']['vhost'].strip()
-        liste_list = ["liste.{}".format(d.strip()) for d in config['mailman']['domains'].split(',') if len(d.strip())>0]
-        if acme_request(config, vhost_name, acme_test='HTTP-01', dryrun=dryrun, domains_list=liste_list):
-            link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
-            service_reload['liste'] = True
-        else:
-            logger.error('Error asking certificate for {}'.format(vhost_name))
-
    if args.renew:
        pre_hook_cmd = None
        post_hook_cmd = None
        logging.info('Renewing certificates ')
-        if set(['webmail','hosting','liste']) & set(service_reload.keys()):
+        if args.webmail or args.hosting or args.liste:
            post_hook_cmd = "systemctl reload apache2"
-        elif set(['smtp',]) & set(service_reload.keys()):
+        elif args.smtp: 
            post_hook_cmd = "systemctl reload postfix"
-        elif set(['mbox',]) & set(service_reload.keys()):
+        elif args.mbox:
            post_hook_cmd = "systemctl restart dovecot"

        logger.debug("post_hook_cmd: {}".format(post_hook_cmd))

        if acme_renew(config, pre_hook_cmd, post_hook_cmd, dryrun=dryrun):
            logger.info("Done renew")
-    else: 
-        if set(['webmail','hosting','liste']) & set(service_reload.keys()):
+            
+    else:  
+        # Fai le nuove richieste per i certificati
+        
+        # Caso speciale per le webmail
+        if args.webmail:
+            logging.info('Asking certificates for webmail')
+            vhost_name = config['webmail']['vhost'].strip()
+            webmails_list = ["webmail.{}".format(d.strip()) for d in config['webmail']['domains'].split(',') if len(d.strip())>0]
+            logging.info('vhost {}, domains_list {}'.format(vhost_name, webmails_list))
+            if acme_request(config, vhost_name, acme_test='HTTP-01', dryrun=dryrun, domains_list=webmails_list):
+                link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
+            else:
+                logger.error('Error asking certificate for {}'.format(vhost_name))
+                
            # reload apache
-            logger.info("Restarting apache")
+            logger.info("Reloading apache")
            # ret = subprocess.run("systemctl reload apache2")
            ret = os.system("systemctl reload apache2")
            logger.info(ret)
-        if set(['smtp',]) & set(service_reload.keys()):
-            # reload postfix
-            logger.info("Restarting postfix")
-            # ret = subprocess.run("systemctl reload postfix")
-            ret = os.system("systemctl reload postfix")
+
+        # Caso speciale per l'hosting
+        if args.hosting:
+            logging.info('Asking certificates for hosted web domains')
+            ot_conn=connect_db(dict(config['ot_db']))
+            dns_conn=connect_db(dict(config['dns_db']))
+            # Subdomains da escludere
+            ex_subdomains = tuple([s.strip() for s in config['main']['special_subdomains'].split(',') if len(s.strip())>0])
+            domains_dict = get_domain_list(config, ot_conn, dns_conn)
+
+            for domain_name, domain_feat in domains_dict.items():
+                domain_feat['subdomains']=get_subdomain_list(config, domain_name, ot_conn, ex_subdomains=ex_subdomains)
+                # Controlla se i nameserver sono gestiti da noi
+                if domain_feat['managed_ns']:
+                    # Nel caso il nameserver sia gestito, chiedi certificati per il dominio e la wildcard
+                    logger.info('Get certificates for {}, *.{}'.format(domain_name, domain_name))
+                    if acme_request(config, domain_name, acme_test='DNS-01', dryrun=dryrun):
+                        link_cert(config, domain_name, domain_name, dryrun=dryrun)
+                        # Crea il link per ogni subdomain
+                        for subdomain in domain_feat['subdomains']:
+                            link_cert(config, domain_name, subdomain, dryrun=dryrun)
+
+                else:
+                    # Nel caso i nameserver NON siano gestiti, allora chiedi un certificato per ogni sottodominio
+                    # Crea il link per ogni subdomain
+                    for subdomain in domain_feat['subdomains']:
+                        logger.info('Get certificates for {}'.format(subdomain))
+                        if acme_request(config, subdomain, acme_test='HTTP-01', dryrun=dryrun):
+                            link_cert(config, subdomain, subdomain, dryrun=dryrun)
+
+            ot_conn.close()
+            dns_conn.close()
+
+            # reload apache
+            logger.info("Reloading apache")
+            # ret = subprocess.run("systemctl reload apache2")
+            ret = os.system("systemctl reload apache2")
            logger.info(ret)
-        if set(['mbox',]) & set(service_reload.keys()):
+
+            
+        # Caso speciale per l'interfaccia di mailman
+        if args.liste:
+            logging.info('Asking certificates for liste.indivia.net')
+            vhost_name = config['mailman']['vhost'].strip()
+            liste_list = ["liste.{}".format(d.strip()) for d in config['mailman']['domains'].split(',') if len(d.strip())>0]
+            if acme_request(config, vhost_name, acme_test='HTTP-01', dryrun=dryrun, domains_list=liste_list):
+                link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
+            else:
+                logger.error('Error asking certificate for {}'.format(vhost_name))
+                
+            # reload apache
+            logger.info("Reloading apache")
+            # ret = subprocess.run("systemctl reload apache2")
+            ret = os.system("systemctl reload apache2")
+            logger.info(ret)    
+
+        
+        # Caso speciale per il server POP/IMAP
+        if args.mbox:
+            dns_conn=connect_db(dict(config['dns_db']))
+            logging.info('Asking certificates for POP/IMAP server')
+            vhost_name = config['mail']['mbox_vhost'].strip()
+            server_addresses = [s.strip() for s in config['mail']['mbox_server_addresses'].split(',') if len(s.strip())>0]
+            mbox_fmt = ','.join(['%s'] * len(server_addresses))
+            mbox_query = mbox_list_stmt.format(mbox_fmt)
+            alias_list = get_alias_list(config, dns_conn, mbox_query, server_addresses)
+            # Per usi futuri, aggiungo l'alias 'mail.indivia.net'
+            alias_list.append('mail.indivia.net')
+            logging.info('vhost {}, domains_list {}'.format(vhost_name, alias_list))
+            if acme_request(config, vhost_name, acme_test='HTTP-01', webroot=config['mail']['mbox_webroot'].strip(),
+                            dryrun=dryrun, domains_list=alias_list):
+                # non e' richiesto il link, punto direttamente le configurazioni alle dir di letsencrypt
+                # link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
+                service_reload['mbox'] = True
+                pass
+            else:
+                logger.error('Error asking certificate for {}'.format(vhost_name))
+
+            dns_conn.close()
+
            # restart dovecot
            logger.info("Restarting dovecot")
            # ret = subprocess.run("systemctl restart dovecot")
            ret = os.system("systemctl restart dovecot")
            logger.info(ret)
+
+
+        # Caso speciale per il server SMTP
+        if args.smtp:
+            logging.info('Asking certificates for SMTP server')
+            dns_conn=connect_db(dict(config['dns_db']))
+            vhost_name = config['mail']['smtp_vhost'].strip()
+            server_addresses = [s.strip() for s in config['mail']['smtp_server_addresses'].split(',') if len(s.strip())>0]
+            smtp_fmt = ','.join(['%s'] * len(server_addresses))
+            smtp_query = smtp_list_stmt.format(smtp_fmt)
+            alias_list = get_alias_list(config, dns_conn, smtp_query, server_addresses)
+            logging.info('vhost {}, domains_list {}'.format(vhost_name, alias_list))
+            if acme_request(config, vhost_name, acme_test='HTTP-01', webroot=config['mail']['smtp_webroot'].strip(),
+                            dryrun=dryrun, domains_list=alias_list):
+                # non e' richiesto il link, punto direttamente le configurazioni alle dir di letsencrypt
+                # link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
+                service_reload['smtp'] = True
+                pass
+            else:
+                logger.error('Error asking certificate for {}'.format(vhost_name))
+
+            dns_conn.close()
+                
+            # reload postfix
+            logger.info("Restarting postfix")
+            # ret = subprocess.run("systemctl reload postfix")
+            ret = os.system("systemctl reload postfix")
+            logger.info(ret)
+
+
Author	SHA1	Message	Date
jigen	7871a3302c	Mutually exclusive service flag	2020-02-26 02:01:37 +01:00
jigen	3c849560ac	Refactor renew	2020-02-26 01:59:03 +01:00