robin.thoni
/
sitegen
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 7 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23 Commits
2 Branches
Tree: 1e1ed0cef1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1e1ed0cef1'
${ noResults }
sitegen/sitegen.py

sitegen.py 11KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280 
  1. #! /usr/bin/env python3

  2. 

  3. import json

  4. import argparse

  5. import os

  6. import subprocess

  7. 

  8. from os import path

  9. 

  10. 

  11. class SiteGenException(Exception):

  12.     error = None

  13.     code = None

  14. 

  15.     def __init__(self, error, code):

  16.         self.error = error

  17.         self.code = code

  18. 

  19. 

  20. class SiteGen:

  21.     siteConfDir = ""

  22.     siteDir = ""

  23.     confDir = ""

  24.     hooksEnabledDir = ""

  25.     hooksAvailableDir = ""

  26.     templatesDir = ""

  27.     certRenewTime = ""

  28.     letsencryptCommand = ""

  29.     letsencryptDir = ""

  30.     certDir = ""

  31. 

  32.     def __init__(self, config):

  33.         self.siteConfDir = config["siteConfDir"]

  34.         self.siteDir = config["siteDir"]

  35.         self.confDir = config["confDir"]

  36.         self.hooksEnabledDir = path.join(self.confDir, "hooks-enabled")

  37.         self.hooksAvailableDir = path.join(self.confDir, "hooks-available")

  38.         self.templatesDir = path.join(self.confDir, "templates")

  39.         self.certRenewTime = config["certRenewTime"]

  40.         self.letsencryptCommand = config["letsencryptCommand"]

  41.         self.letsencryptDir = config["letsencryptDir"]

  42.         self.certDir = config["certDir"]

  43. 

  44.     def make_dirs(self):

  45.         if not path.isdir(self.certDir):

  46.             os.makedirs(self.certDir)

  47. 

  48.     def get_hook_dir(self, hook_type, is_enabled):

  49.         return path.join(self.hooksEnabledDir if is_enabled else self.hooksAvailableDir, hook_type)

  50. 

  51.     def get_hook_file(self, hook_type, hook_name, is_enabled):

  52.         return path.join(self.get_hook_dir(hook_type, is_enabled), hook_name)

  53. 

  54.     def get_hook_files(self, hook_type, is_enabled):

  55.         hook_dir = self.get_hook_dir(hook_type, is_enabled)

  56.         files = os.listdir(hook_dir)

  57.         files.sort()

  58.         return files

  59. 

  60.     def is_hook_present(self, hook_type, hook_name, is_enabled):

  61.         return path.isfile(self.get_hook_file(hook_type, hook_name, is_enabled))

  62. 

  63.     def is_hook_enabled(self, hook_type, hook_name):

  64.         return self.is_hook_present(hook_type, hook_name, True)

  65. 

  66.     def get_letsencrypt_dir(self, domain):

  67.         return path.join(self.letsencryptDir, domain)

  68. 

  69.     def symlink_letsencrypt_file(self, domain, file, outfile):

  70.         letsencrypt_cert_file = path.abspath(self.get_letsencrypt_dir(domain))

  71.         my_cert_file = path.join(self.certDir, outfile)

  72.         if path.lexists(my_cert_file):

  73.             os.remove(my_cert_file)

  74.         os.symlink(path.join(letsencrypt_cert_file, file), my_cert_file)

  75. 

  76.     def get_cert_files(self, domain):

  77.         return [path.abspath(path.join(self.certDir, domain + ".crt")),

  78.                 path.abspath(path.join(self.certDir, domain + ".key")),

  79.                 path.abspath(path.join(self.certDir, domain + "-chain.crt"))]

  80. 

  81.     def execute(self, exe, args, get_output):

  82.         args.insert(0, exe)

  83.         proc = subprocess.Popen(args, stdout=(subprocess.PIPE if get_output else None))

  84.         out = proc.communicate()

  85.         return proc.returncode, out[0]

  86. 

  87.     def execute_hooks(self, hook_type, args):

  88.         for hook_name in self.get_hook_files(hook_type, True):

  89.             self.execute(self.get_hook_file(hook_type, hook_name, True), args, False)

  90. 

  91.     def is_cert_present(self, domain):

  92.         cert_files = self.get_cert_files(domain)

  93.         for cert_file in cert_files:

  94.             if not path.isfile(cert_file):

  95.                 return False

  96.         return True

  97. 

  98.     def get_cert_end_date(self, domain):

  99.         cert_files = self.get_cert_files(domain)

  100.         res, out = self.execute("openssl", ["x509", "-noout", "-in", cert_files[0], "-enddate"], True)

  101.         if res == 0:

  102.             return out.decode("UTF-8").split("=")[1][:-1]

  103.         return None

  104. 

  105.     def is_cert_gonna_expire(self, domain, checkend):

  106.         cert_files = self.get_cert_files(domain)

  107.         res, out = self.execute("openssl", ["x509", "-noout", "-in", cert_files[0], "-checkend", str(checkend)], True)

  108.         return res == 1

  109. 

  110.     def get_all_domains(self):

  111.         files = os.listdir(self.certDir)

  112.         files.sort()

  113.         domains = []

  114.         for file in files:

  115.             if file.endswith(".crt") and self.is_cert_present(file[:-4]):

  116.                 domains.append(file[:-4])

  117.         return domains

  118. 

  119.     def cert_request(self, domain, logger):

  120.         logger("Requesting: %s" % domain)

  121. 

  122.         res, out = self.execute(self.letsencryptCommand, [domain], False)

  123.         if res != 0:

  124.             raise SiteGenException("Certificate request failed with code %i" % res, res)

  125. 

  126.         self.symlink_letsencrypt_file(domain, "cert.pem", domain + ".crt")

  127.         self.symlink_letsencrypt_file(domain, "privkey.pem", domain + ".key")

  128.         self.symlink_letsencrypt_file(domain, "chain.pem", domain + "-chain.crt")

  129. 

  130.         cert_files = self.get_cert_files(domain)

  131.         cert_files.insert(0, domain)

  132.         self.execute_hooks("cert", cert_files)

  133. 

  134.     def certs_request(self, domains, logger):

  135.         for domain in domains:

  136.             self.cert_request(domain, logger)

  137. 

  138.     def cert_check(self, domain, logger):

  139.         if not self.is_cert_present(domain):

  140.             raise SiteGenException("Certificate not present: %s" % domain, 1)

  141.         if self.is_cert_gonna_expire(domain, self.certRenewTime):

  142.             logger("%s: %s" % (domain, self.get_cert_end_date(domain)))

  143.             return True

  144.         return False

  145. 

  146.     def certs_check(self, domains, logger):

  147.         for domain in domains:

  148.             self.cert_check(domain, logger)

  149. 

  150.     def cert_enddate(self, domain, logger):

  151.         if not self.is_cert_present(domain):

  152.             raise SiteGenException("Certificate not present: %s" % domain, 1)

  153.         logger("%s: %s" % (domain, self.get_cert_end_date(domain)))

  154. 

  155.     def certs_enddate(self, domains, logger):

  156.         for domain in domains:

  157.             self.cert_enddate(domain, logger)

  158. 

  159.     def cert_renew(self, domain, logger):

  160.         if self.cert_check(domain, logger):

  161.             self.cert_request(domain, logger)

  162. 

  163.     def certs_renew(self, domains, logger):

  164.         for domain in domains:

  165.             self.cert_renew(domain, logger)

  166. 

  167.     def site_create(self, domain, logger):

  168.         pass

  169. 

  170.     def site_remove(self, domain, logger):

  171.         pass

  172. 

  173.     def hook_enable(self, hook_type, hook_name, logger):

  174.         if not self.is_hook_present(hook_type, hook_name, False):

  175.             raise SiteGenException("Hook is not present", 1)

  176.         if self.is_hook_enabled(hook_type, hook_name):

  177.             raise SiteGenException("Hook is already enabled", 0)

  178.         logger("Enabling %s %s" % (hook_type, hook_name))

  179.         hook_dir = self.get_hook_dir(hook_type, hook_name)

  180.         if not path.isdir(hook_dir):

  181.             os.makedirs(hook_dir)

  182.         hook_file_available = self.get_hook_file(hook_type, hook_name, False)

  183.         hook_file_enabled = self.get_hook_file(hook_type, hook_name, True)

  184.         hook_relative_file = path.relpath(hook_file_available, self.get_hook_dir(hook_type, True))

  185. 

  186.         os.symlink(hook_relative_file, hook_file_enabled)

  187. 

  188.     def hook_disable(self, hook_type, hook_name, logger):

  189.         if not self.is_hook_present(hook_type, hook_name, False):

  190.             raise SiteGenException("Hook is not present", 1)

  191.         if not self.is_hook_enabled(hook_type, hook_name):

  192.             raise SiteGenException("Hook is not enabled", 0)

  193.         logger("Disabling %s %s" % (hook_type, hook_name))

  194.         os.remove(self.get_hook_file(hook_type, hook_name, True))

  195. 

  196. 

  197. def main():

  198.     parser = argparse.ArgumentParser(description='Manage apache websites and SSL certificates')

  199.     parser.add_argument('--config', dest='config', default='/etc/sitegen/sitegen.json', help='Configuration file path')

  200. 

  201.     parser.add_argument('--cert-request', metavar='cert_request', const='', nargs='?',

  202.                         help='Request/renew a certificate. Request/renew all certificates if no domain is specified')

  203.     parser.add_argument('--cert-check', metavar='cert_check', const='', nargs='?',

  204.                         help='Check if certificate needs to be renewed. Check all if no domain is specified')

  205.     parser.add_argument('--cert-renew', metavar='cert_renew', const='', nargs='?',

  206.                         help='Renew certificate if it needs to be. Renew all that needs to be if no domain is specified')

  207.     parser.add_argument('--cert-enddate', metavar='cert_enddate', const='', nargs='?',

  208.                         help='Print certificate enddate. Print all certificates enddate if no domain is specified')

  209. 

  210.     parser.add_argument('--site-create', help='Create a site configuration', metavar='site_create')

  211.     parser.add_argument('--site-remove', help='Remove a site configuration', metavar='site_remove')

  212. 

  213.     parser.add_argument('--hook-site-enable', help='Enable a site hook', dest='site_hook_enable', metavar='hook')

  214.     parser.add_argument('--hook-site-disable', help='Disable a site hook', dest='site_hook_disable', metavar='hook')

  215. 

  216.     parser.add_argument('--hook-cert-enable', help='Enable a certificate hook', dest='hook_cert_enable', metavar='hook')

  217.     parser.add_argument('--hook-cert-disable', help='Disable a certificate hook', dest='hook_cert_disable', metavar='hook')

  218. 

  219.     args = parser.parse_args()

  220. 

  221.     with open(args.config, "r") as f:

  222.         config = json.load(f)

  223. 

  224.     site_gen = SiteGen(config)

  225. 

  226.     site_gen.make_dirs()

  227. 

  228.     logger = print

  229. 

  230.     try:

  231.         if args.cert_request is not None:

  232.             if args.cert_request == "":

  233.                 site_gen.certs_request(site_gen.get_all_domains(), logger)

  234.             else:

  235.                 site_gen.cert_request(args.cert_request, logger)

  236. 

  237.         elif args.cert_check is not None:

  238.             if args.cert_check == "":

  239.                 site_gen.certs_check(site_gen.get_all_domains(), logger)

  240.             else:

  241.                 site_gen.cert_check(args.cert_check, logger)

  242. 

  243.         elif args.cert_renew is not None:

  244.             if args.cert_renew == "":

  245.                 site_gen.certs_renew(site_gen.get_all_domains(), logger)

  246.             else:

  247.                 site_gen.cert_renew(args.cert_renew, logger)

  248. 

  249.         elif args.cert_enddate is not None:

  250.             if args.cert_enddate == "":

  251.                 site_gen.certs_enddate(site_gen.get_all_domains(), logger)

  252.             else:

  253.                 site_gen.cert_enddate(args.cert_enddate, logger)

  254. 

  255.         elif args.site_create is not None:

  256.             site_gen.site_create(args.site_create, logger)

  257. 

  258.         elif args.site_remove is not None:

  259.             site_gen.site_remove(args.site_remove, logger)

  260. 

  261.         elif args.site_hook_enable is not None:

  262.             site_gen.hook_enable("site", args.site_hook_enable, logger)

  263. 

  264.         elif args.site_hook_disable is not None:

  265.             site_gen.hook_disable("site", args.site_hook_disable, logger)

  266. 

  267.         elif args.hook_cert_enable is not None:

  268.             site_gen.hook_enable("cert", args.hook_cert_enable, logger)

  269. 

  270.         elif args.hook_cert_disable is not None:

  271.             site_gen.hook_disable("cert", args.hook_cert_disable, logger)

  272. 

  273.         else:

  274.             parser.print_help()

  275.     except SiteGenException as e:

  276.         print(e.error)

  277.         exit(e.code)

  278. 

  279. if __name__ == "__main__":

  280.     main()