[sysadmin-bin] Land Let's Encrypt DNS01 hooks
- From: Andrea Veri <averi src gnome org>
- To: gnome-sysadmin gnome org,commits-list gnome org
- Subject: [sysadmin-bin] Land Let's Encrypt DNS01 hooks
- Date: Thu, 29 Mar 2018 13:41:23 +0000 (UTC)
commit 18db46e34e476a0913d4bfb9eccbd6f981c9c785
Author: Andrea Veri <averi redhat com>
Date: Thu Mar 29 15:40:57 2018 +0200
Land Let's Encrypt DNS01 hooks
letsencrypt/letsencrypt_dns_add.py | 75 ++++++++++++++++++++++++++++++++++++++
letsencrypt/letsencrypt_dns_del.sh | 49 +++++++++++++++++++++++++
2 files changed, 124 insertions(+)
---
diff --git a/letsencrypt/letsencrypt_dns_add.py b/letsencrypt/letsencrypt_dns_add.py
new file mode 100644
index 0000000..8155669
--- /dev/null
+++ b/letsencrypt/letsencrypt_dns_add.py
@@ -0,0 +1,75 @@
+#!/usr/bin/python
+
+import os
+import sys
+import re
+import git
+import shutil
+
+domain = sys.argv[1]
+token = sys.argv[2]
+extracted_tld = '.'.join(domain.split('.')[-2:])
+git_url = '/git/dns.git'
+git_local_path = '/tmp/dns'
+
+try:
+ sans = os.environ['SANS']
+
+ sansl = sans.split(',')
+except KeyError:
+ print 'SANS variable on the domain getssl.cfg missing'
+ sys.exit(1)
+
+if domain in (sansl[0] or extracted_tld):
+ try:
+ cloned_repo = git.Repo.clone_from(git_url, git_local_path)
+ except git.exc.GitCommandError as e:
+ if e.status == 128:
+ cloned_repo = git.Repo(git_local_path)
+ else:
+ print '\n'
+ print 'Exit status is %s' % e.status
+ print 'Executed command was: %s' % e.command
+ print '\n'
+ sys.exit(e.status)
+else:
+ cloned_repo = git.Repo(git_local_path)
+
+if cloned_repo.__class__ is git.Repo:
+ os.chdir(git_local_path)
+
+ with open('master/%s' % extracted_tld, 'a+') as f:
+ # No needs to f.seek as append mode takes care
+ # of that on our behalf
+
+ print 'Landing DNS RR:'
+ print ' _acme-challenge.%s. IN TXT "%s"' % (domain, token)
+ print '\n'
+ f.write('_acme-challenge.%s. IN TXT "%s"' % (domain, token))
+ f.write('\n')
+
+ if domain == sansl[-1:][0].strip('\*.'):
+ cloned_repo.git.commit('-a', '-m', "Let's Encrypt Automatic Commit", \
+ author="Let's Encrypt <gnome-sysadmin gnome org>")
+
+ print 'Running do-domains'
+ import subprocess
+
+ with open(os.devnull, 'w') as devnull:
+ proc = subprocess.Popen('%s/do-domains' % git_local_path, cwd=git_local_path, \
+ stdout=devnull, stderr=subprocess.PIPE)
+ err = proc.communicate()[1]
+ proc.wait()
+
+ if proc.returncode != 0:
+ print err
+ sys.exit(proc.returncode)
+ else:
+ print 'Success!'
+
+ cloned_repo.git.commit('-a', '-m', "Let's Encrypt Automatic Commit (do-domains)", \
+ author="Let's Encrypt <gnome-sysadmin gnome org>")
+
+ cloned_repo.remotes.origin.push()
+
+ shutil.rmtree(git_local_path)
diff --git a/letsencrypt/letsencrypt_dns_del.sh b/letsencrypt/letsencrypt_dns_del.sh
new file mode 100644
index 0000000..fdcf003
--- /dev/null
+++ b/letsencrypt/letsencrypt_dns_del.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+domain=$1
+token=$2
+sansl=(${SANS//,/ })
+arraylen=${#sansl[@]}
+
+cd /tmp
+git clone /git/dns.git
+
+if [ -d /tmp/dns ]; then
+ cd /tmp/dns
+
+ for d in `ls master/`; do
+ if [[ $domain =~ "${d}" ]]; then
+ extracted_domain=$d
+ fi
+ done
+
+ ln=`grep -n "_acme-challenge.${domain}." master/$extracted_domain \
+ | grep "${token}" | cut -d: -f 1`
+
+ if [[ -n "${ln}" ]]; then
+ sed -i "${ln}d" "master/${extracted_domain}"
+ else
+ echo "The ln variable is empty"
+ rm -rf /tmp/dns
+ exit 1
+ fi
+
+ git commit --author="Let's Encrypt <gnome-sysadmin gnome org>" -a -m "Let's Encrypt Token has been
deleted: ${domain}"
+ git push
+
+ if [[ "${sansl[${arraylen} - 1]//\*./}" == "${domain}" ]]; then
+ ./do-domains > /dev/null 2>&1
+ if [[ "$?" -eq 0 ]]; then
+ git commit --author "Let's Encrypt <gnome-sysadmin gnome org>" -a -m "Let's Encrypt Token has
been deleted: ${domain} (do-domains)"
+ git push
+ else
+ echo 'do-domains failed'
+ fi
+ fi
+
+ rm -rf /tmp/dns
+
+else
+ echo "Unable to access the directory. Exiting."
+ exit 1
+fi
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
