From 1be15e3ee8501473c818c91865af20a02e578650 Mon Sep 17 00:00:00 2001 From: David Schroeder Date: Fri, 10 Nov 2023 09:40:44 -0600 Subject: [PATCH] update --- defaults.inc | 6 +- inc/certs.inc | 13 ++- inc/services.inc | 202 ++++++++++++++++++++++++-------------------- inc/sites.inc | 22 +---- nodemgmt-scripts.sh | 2 +- 5 files changed, 132 insertions(+), 113 deletions(-) diff --git a/defaults.inc b/defaults.inc index 2d9fba4d..a9bb3113 100755 --- a/defaults.inc +++ b/defaults.inc @@ -134,9 +134,9 @@ else done fi # echo "HERE: RUN_NODE_TYPE=$RUN_NODE_TYPE RUN_NODE_IP=$RUN_NODE_IP" -[ "${NM_REPL_NGINX_PATHS[${RUN_NODE_TYPE}]}" != "" ] && NM_NGINXPATH=${NM_REPL_NGINX_PATHS[${RUN_NODE_TYPE}]} || NM_NGINXPATH=/etc/nginx -[ "${NM_CERTPATHS[${RUN_NODE_TYPE}]}" != "" ] && NM_CERTPATH=${NM_CERTPATHS[${RUN_NODE_TYPE}]} || NM_CERTPATH=/etc/letsencrypt -[ "${NM_WWWPATHS[${RUN_NODE_TYPE}]}" != "" ] && NM_WWWPATH=${NM_WWWPATHS[${RUN_NODE_TYPE}]} || NM_WWWPATH=/var/www +[ "${NM_REPL_NGINX_PATHS}" != "" ] && [ "${NM_REPL_NGINX_PATHS[${RUN_NODE_TYPE}]}" != "" ] && NM_NGINXPATH=${NM_REPL_NGINX_PATHS[${RUN_NODE_TYPE}]} || NM_NGINXPATH=/etc/nginx +[ "${NM_CERTPATHS}" != "" ] && [ "${NM_CERTPATHS[${RUN_NODE_TYPE}]}" != "" ] && NM_CERTPATH=${NM_CERTPATHS[${RUN_NODE_TYPE}]} || NM_CERTPATH=/etc/letsencrypt +[ "${NM_WWWPATHS}" != "" ] && [ "${NM_WWWPATHS[${RUN_NODE_TYPE}]}" != "" ] && NM_WWWPATH=${NM_WWWPATHS[${RUN_NODE_TYPE}]} || NM_WWWPATH=/var/www declare -A NM_SRVCOPTS NM_SRVCOPTS['status']='Status' diff --git a/inc/certs.inc b/inc/certs.inc index 1c3ae8f7..e9e1945c 100755 --- a/inc/certs.inc +++ b/inc/certs.inc @@ -1,5 +1,12 @@ #!/usr/bin/env bash NEWCERT(){ + CERTTEST=0 + while [ $# -gt 0 ]; do + case "$1" in + -test) CERTTEST=1;; + esac + shift + done echo if [ -z ${1+x} ]; then echo -e -n "${idsCL[LightCyan]}Create certificate for what name (comma seperated for mutiple) : ${idsCL[Default]}" @@ -20,7 +27,11 @@ NEWCERT(){ # $CERT_DAEMON certonly --webroot -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT} # $CERT_DAEMON certonly --webroot --preferred-chain "ISRG Root X1" -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT} - $CERT_DAEMON certonly --dry-run --webroot --preferred-chain "ISRG Root X1" -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT} + if [ ${CERTTEST} -eq 1 ]; then + $CERT_DAEMON certonly --dry-run --webroot --preferred-chain "ISRG Root X1" -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT} + else + $CERT_DAEMON certonly --webroot --preferred-chain "ISRG Root X1" -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT} + fi # $CERT_DAEMON certonly --dry-run --webroot -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT} chown -R root:le ${NM_CERTPATH} diff --git a/inc/services.inc b/inc/services.inc index b5c90e94..e7ab0018 100755 --- a/inc/services.inc +++ b/inc/services.inc @@ -217,7 +217,7 @@ SERVICE(){ if [ "${1}" = "nginx" ] && ([ "${3}" == "" ] || [ "${3}" == "all" ]); then - if [ "${RUN_NODE_TYPE}" != "" ] && [ "${NM_REPL_NGINX_PATHS[${RUN_NODE_TYPE}]}" != "" ] && ([ "${2}" = "restart" ] || [ "${2}" = "reload" ]); then + if [ "${RUN_NODE_TYPE}" != "" ] && [ "${NM_REPL_NGINX_PATHS}" != "" ] && [ "${NM_REPL_NGINX_PATHS[${RUN_NODE_TYPE}]}" != "" ] && ([ "${2}" = "restart" ] || [ "${2}" = "reload" ]); then if [ "${3}" != "ns" ]; then if [ "${3}" != "q" ]; then echo -en "${idsCL[LightYellow]}Verifying replication across the nodes... ${idsCL[Default]}" @@ -270,103 +270,125 @@ SERVICE(){ echo -e "${idsCL[Green]}Completed${idsCL[Default]}" echo fi - - for NTYPE in "${NTS[@]}"; do - var1=${NTYPE}_SERVICES_CHECK[@] - # if [[ "${!var1}" = *"${1}"* ]]; then - if [[ " ${!var1} " =~ " ${1} " ]]; then - nid=1 - if [ "${3}" != "" ]; then - var2=(${3}) - sethost=true; - else - var2=${NTYPE}_HOSTS[@] - IFS=' ' - var2=(${!var2}) - unset IFS - sethost=false - fi - - for nip in "${var2[@]}"; do - - # if [[ "${RUN_NODE_IP}" == *"${3}"* ]]; then GO=true; - # elif [ ! -z ${3+x} ] || [ "${3}" == "q" ]; then GO=true; - # else GO=false; - # fi - # if [ "${GO}" == "true" ]; then - if [ $sethost == true ]; then - nodename=${NM_HOSTNAMES[${3}]} + + if [ "${NTS}" == "" ]; then + for NTYPE in "${NTS[@]}"; do + var1=${NTYPE}_SERVICES_CHECK[@] + # if [[ "${!var1}" = *"${1}"* ]]; then + if [[ " ${!var1} " =~ " ${1} " ]]; then + nid=1 + if [ "${3}" != "" ]; then + var2=(${3}) + sethost=true; else - nodename="${NM_HOSTNAMES[${nip}]}[${nip}]" + var2=${NTYPE}_HOSTS[@] + IFS=' ' + var2=(${!var2}) + unset IFS + sethost=false fi - if [[ "${RUN_NODE_IP}" == *"${nip}"* ]]; then - nip='localhost ' - NCMD='' + + for nip in "${var2[@]}"; do + + # if [[ "${RUN_NODE_IP}" == *"${3}"* ]]; then GO=true; + # elif [ ! -z ${3+x} ] || [ "${3}" == "q" ]; then GO=true; + # else GO=false; + # fi + # if [ "${GO}" == "true" ]; then + if [ $sethost == true ]; then + nodename=${NM_HOSTNAMES[${3}]} else - NCMD="ssh root@${nip}" + nodename="${NM_HOSTNAMES[${nip}]}[${nip}]" fi + if [[ "${RUN_NODE_IP}" == *"${nip}"* ]]; then + nip='localhost ' + NCMD='' + else + NCMD="ssh root@${nip}" + fi - NOGOCHK=true; - # if [ "${1}" == "gitea" ] || [ "${1}" == "pdnsadmin" ] || [ "${1}" == "pdnsadmin.socket" ]; then - if [ "${1}" == "gitea" ]; then - if [[ $($NCMD ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | head -n 1 | awk '/inet/ {print $2}' | cut -d'/' -f1) != *${NM_SINGLESRVR_IP['WEB']}* ]]; then - NOGOCHK=false; - fi - elif [ "${1}" == "headscale" ]; then - if [[ $($NCMD ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | head -n 1 | awk '/inet/ {print $2}' | cut -d'/' -f1) != *${NM_SINGLESRVR_IP['HS']}* ]]; then - NOGOCHK=false; - fi - fi - - if [ "${NOGOCHK}" == "true" ]; then - if [ "${3}" != "q" ]; then - echo -en "${NM_SRVCOPTS[${2}]}ing on ${nodename} ($nip)... ${idsCL[Default]}" - fi - checkhost=$(CHECK_HOST ${nip}) - if [ "${checkhost}" != "false" ]; then - - if [ "${1}"= = "offsite-power-check" ]; then - if [ "${3}" != "q" ] && [ "${2}" != "status" ]; then - if [ "$(ssh root@${nip} ps -U root | grep "offsite-power-check.sh start" | grep -v "grep" | awk '{print $1}')" != "" ]; then - echo -e "${idsCL[Green]}Done${idsCL[Default]}" - else - echo -e "${idsCL[Red]}Not Running${idsCL[Default]}" - fi - fi - else - [ "${1}" = "pdnsadmin" ] && srva="pdnsadmin.socket pdnsadmin.service" || srva=${1} - if [ "${2}" != "status" ]; then - $NCMD systemctl ${2} ${srva} >/dev/null 2>&1 - else - echo - $NCMD systemctl ${2} ${srva} - echo - fi - if [ "${3}" != "q" ] && [ "${2}" != "status" ]; then - if [[ "enable,disable" = *"${2}"* ]] || [ "${1}" = "daemon-reload" ]; then - echo -e "${idsCL[Green]}Done${idsCL[Default]}" - elif [ "$(${NCMD} systemctl is-active ${1})" = "active" ]; then - echo -e "${idsCL[Green]}Done${idsCL[Default]}" - elif [ "$2" = "stop" ]; then - echo -e "${idsCL[Red]}STOPPED${idsCL[Default]}" - else - echo -e "${idsCL[Red]}ERROR${idsCL[Default]}" - fi - fi + NOGOCHK=true; + if [ "${1}" == "gitea" ]; then + if [[ $($NCMD ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | head -n 1 | awk '/inet/ {print $2}' | cut -d'/' -f1) != *${NM_SINGLESRVR_IP['WEB']}* ]]; then + NOGOCHK=false; + fi + elif [ "${1}" == "headscale" ]; then + if [[ $($NCMD ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | head -n 1 | awk '/inet/ {print $2}' | cut -d'/' -f1) != *${NM_SINGLESRVR_IP['HS']}* ]]; then + NOGOCHK=false; fi - - elif [ "${3}" != "q" ]; then - echo -e "${idsCL[Red]}Node is Down${idsCL[Default]}" fi - fi - # fi - nid=`expr $nid + 1` - # if [ "${1}" = "gitea" ]; then - # break - # fi - done + + if [ "${NOGOCHK}" == "true" ]; then + if [ "${3}" != "q" ]; then + echo -en "${NM_SRVCOPTS[${2}]}ing on ${nodename} ($nip)... ${idsCL[Default]}" + fi + checkhost=$(CHECK_HOST ${nip}) + if [ "${checkhost}" != "false" ]; then + + if [ "${1}"= = "offsite-power-check" ]; then + if [ "${3}" != "q" ] && [ "${2}" != "status" ]; then + if [ "$(ssh root@${nip} ps -U root | grep "offsite-power-check.sh start" | grep -v "grep" | awk '{print $1}')" != "" ]; then + echo -e "${idsCL[Green]}Done${idsCL[Default]}" + else + echo -e "${idsCL[Red]}Not Running${idsCL[Default]}" + fi + fi + else + [ "${1}" = "pdnsadmin" ] && srva="pdnsadmin.socket pdnsadmin.service" || srva=${1} + if [ "${2}" != "status" ]; then + $NCMD systemctl ${2} ${srva} >/dev/null 2>&1 + else + echo + $NCMD systemctl ${2} ${srva} + echo + fi + if [ "${3}" != "q" ] && [ "${2}" != "status" ]; then + if [[ "enable,disable" = *"${2}"* ]] || [ "${1}" = "daemon-reload" ]; then + echo -e "${idsCL[Green]}Done${idsCL[Default]}" + elif [ "$(${NCMD} systemctl is-active ${1})" = "active" ]; then + echo -e "${idsCL[Green]}Done${idsCL[Default]}" + elif [ "$2" = "stop" ]; then + echo -e "${idsCL[Red]}STOPPED${idsCL[Default]}" + else + echo -e "${idsCL[Red]}ERROR${idsCL[Default]}" + fi + fi + fi + + elif [ "${3}" != "q" ]; then + echo -e "${idsCL[Red]}Node is Down${idsCL[Default]}" + fi + fi + # fi + nid=`expr $nid + 1` + # if [ "${1}" = "gitea" ]; then + # break + # fi + done + fi + done + + else #no-nodetypes, standalone setup + echo -en "${NM_SRVCOPTS[${2}]}ing on localhost ... ${idsCL[Default]}" + if [ "${2}" != "status" ]; then + systemctl ${2} ${srva} >/dev/null 2>&1 + else + echo + systemctl ${2} ${srva} + echo fi - done + if [ "${3}" != "q" ] && [ "${2}" != "status" ]; then + if [[ "enable,disable" = *"${2}"* ]] || [ "${1}" = "daemon-reload" ]; then + echo -e "${idsCL[Green]}Done${idsCL[Default]}" + elif [ "$(systemctl is-active ${1})" = "active" ]; then + echo -e "${idsCL[Green]}Done${idsCL[Default]}" + elif [ "$2" = "stop" ]; then + echo -e "${idsCL[Red]}STOPPED${idsCL[Default]}" + else + echo -e "${idsCL[Red]}ERROR${idsCL[Default]}" + fi + fi + fi fi if [ "${3}" != "q" ]; then diff --git a/inc/sites.inc b/inc/sites.inc index 1dcfb295..400f876a 100755 --- a/inc/sites.inc +++ b/inc/sites.inc @@ -195,9 +195,11 @@ LISTSITES(){ } NEWSITE(){ + CERTTEST=0 echo while [ $# -gt 0 ]; do case "$1" in + -test) CERTTEST=1;; -site) NEW_SITE=${2};; -type) SITE_TYPE=${2};; -ssl) CREATE_SSL=${2};; @@ -454,7 +456,7 @@ NEWSITE(){ fi if [ "${CREATE_SSL}" = "yes" ]; then - [ "${ssladd}" != "" ] && NEWCERT ${NEW_SITE},${ssladd} newsite || NEWCERT ${NEW_SITE} newsite + [ "${ssladd}" != "" ] && NEWCERT ${NEW_SITE},${ssladd} newsite ${CERTTEST} || NEWCERT ${NEW_SITE} newsite ${CERTTEST} # if [ "${SITE_TYPE}" == "proxy" ]; then sed -i "s/#ssl_certificate/ssl_certificate/g" ${nginxconfig} # fi @@ -471,27 +473,11 @@ NEWSITE(){ echo echo -e "${idsCL[LightGreen]}The new site for '${idsCL[LightGreen]}${NEW_SITE}${idsCL[Default]}' has been created.${idsCL[Default]}" echo - echo -e -n "${idsCL[LightCyan]}Reload NGINX on LB Nodes (Y/n): ${idsCL[Default]}" + echo -e -n "${idsCL[LightCyan]}Reload NGINX on all Nodes (Y/n): ${idsCL[Default]}" read -n 1 NGINXRELOAD if [[ ${NGINXRELOAD} =~ ^[Nn]$ ]]; then tmp='' else - # echo - # echo -en "${idsCL[LightYellow]}Verifying '${NEW_SITE}' replication across the nodes... ${idsCL[Default]}" - # for nip in "${NM_HOSTS['LB'][@]}"; do - # checkhost=$(CHECK_HOST ${nip}) - # if [ "${checkhost}" != "false" ]; then - # if [[ $(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *"${nip}"* ]]; then - # checked=false - # until [ "${checked}" = "" ]; do - # checked=`ssh root@${nip} "[ ! -f ${nginxconfig} ] && echo '.'"` - # done - # fi - # fi - # done - # rm -f ${NM_CERTPATH}/live/${MAIN_CERT}/newcert - # echo -e "${idsCL[Green]}Completed${idsCL[Default]}" - echo SERVICE nginx restart fi diff --git a/nodemgmt-scripts.sh b/nodemgmt-scripts.sh index e4ef9eeb..61b561dd 100755 --- a/nodemgmt-scripts.sh +++ b/nodemgmt-scripts.sh @@ -900,7 +900,7 @@ GUI(){ DISP_HEADER fi case $action in - newcert) NEWCERT ${2};; + newcert) NEWCERT ${2} ${3};; certrenew) CERTRENEW;; delssl) DEL-SSL ${2};; listcerts) LISTCERTS;;