217 lines
6.4 KiB
Bash
Executable File
217 lines
6.4 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
VERS='4.10.40-07242023'
|
|
|
|
noheader=' service status-check nightlyrephp7.3-fpm,new backup report check checkcerts gitea update-nodes copynpmcerts singleservercheck update-dyndns '
|
|
CERT_DAEMON='/snap/bin/certbot'
|
|
NM_FOLDER=/opt/idssys/nodemgmt
|
|
NM_SCRIPT=${NM_FOLDER}/nodemgmt-scripts.sh
|
|
NM_TMPFOLDER=${NM_FOLDER}/.tmp
|
|
NM_LOGFOLDER=${NM_FOLDER}/logs
|
|
NM_LOGFILE=${NM_LOGFOLDER}/logfile
|
|
|
|
RENOTIFY=1800
|
|
|
|
[ ! -d ${NM_TMPFOLDER} ] && mkdir ${NM_TMPFOLDER}
|
|
[ ! -d ${NM_LOGFOLDER} ] && mkdir ${NM_LOGFOLDER}
|
|
|
|
declare -i errtime
|
|
|
|
NM_SRVCOPT=(start stop restart reload enable disable)
|
|
|
|
if [ -f ${NM_FOLDER}/conf/defaults.local.inc ]; then
|
|
declare -A NM_HOSTS
|
|
declare -A NM_SERVICES_CHECK
|
|
declare -A NM_DOCKERS_CHECK
|
|
declare -A NM_REPL_CHECK
|
|
declare -A NM_REPL_NGINX_PATHS
|
|
declare -A NM_HOSTNAMES
|
|
declare -A NM_NODETYPES
|
|
declare -A NM_SERVICE_DESC
|
|
declare -A NM_DOCKER_DESC
|
|
declare -A NM_DOCKER_COMPOSE_LOC
|
|
declare -A NM_REPL_CHECK_LOC
|
|
declare -A NM_REPL_DESC
|
|
declare -A NM_SINGLESRVR_SERVICES
|
|
declare -A NM_SINGLESRVR_DOCKERS
|
|
declare -A NM_SINGLESRVR_IP
|
|
declare -A NM_CERTPATHS
|
|
declare -A NM_WWWPATHS
|
|
|
|
source ${NM_FOLDER}/conf/defaults.local.inc
|
|
|
|
IFS=,
|
|
LOCAL_SERVICES=(${LOCAL_SERVICES})
|
|
unset IFS
|
|
|
|
NODETYPES=$(for k in "${!NM_NODETYPES[@]}"; do echo "${NM_NODETYPES["$k"]} ${k}"; done | sort -f | while read desc nmtype; do echo ${nmtype}; done)
|
|
IFS=$'\n' NM_NODE_TYPES=(${NODETYPES}); unset IFS
|
|
|
|
# printf "[%s]\n" "${NM_NODE_TYPES[@]}"
|
|
|
|
|
|
for ntype in "${NM_NODE_TYPES[@]}"; do
|
|
arr ${ntype}_HOSTS
|
|
arr ${ntype}_SERVICES_CHECK
|
|
arr ${ntype}_DOCKERS_CHECK
|
|
arr ${ntype}_REPL_CHECK
|
|
arr ${ntype}_SINGLESRVR_SERVICES
|
|
arr ${ntype}_SINGLESRVR_DOCKERS
|
|
arr ${ntype}_SINGLESRVR_IP
|
|
|
|
IFS=,; var=(${NM_HOSTS[${ntype}]}); unset IFS
|
|
for value in "${var[@]}"; do
|
|
arr_insert ${ntype}_HOSTS $value
|
|
done
|
|
|
|
if [ "${NM_SERVICES_CHECK[${ntype}]}" != "" ]; then
|
|
IFS=,; var=(${NM_SERVICES_CHECK[${ntype}]}); unset IFS
|
|
for value in "${var[@]}"; do
|
|
arr_insert ${ntype}_SERVICES_CHECK $value
|
|
done
|
|
fi
|
|
|
|
if [ "${NM_DOCKERS_CHECK[${ntype}]}" != "" ]; then
|
|
IFS=,; var=(${NM_DOCKERS_CHECK[${ntype}]}); unset IFS
|
|
for value in "${var[@]}"; do
|
|
arr_insert ${ntype}_DOCKERS_CHECK $value
|
|
done
|
|
fi
|
|
|
|
if [ "${NM_REPL_CHECK[${ntype}]}" != "" ]; then
|
|
IFS=,; var=(${NM_REPL_CHECK[${ntype}]}); unset IFS
|
|
for value in "${var[@]}"; do
|
|
arr_insert ${ntype}_REPL_CHECK $value
|
|
done
|
|
fi
|
|
|
|
if [ "${NM_SINGLESRVR_SERVICES[${ntype}]}" != "" ]; then
|
|
IFS=,; var=(${NM_SINGLESRVR_SERVICES[${ntype}]}); unset IFS
|
|
for value in "${var[@]}"; do
|
|
arr_insert ${ntype}_SINGLESRVR_SERVICES $value
|
|
done
|
|
fi
|
|
|
|
if [ "${NM_SINGLESRVR_DOCKERS[${ntype}]}" != "" ]; then
|
|
IFS=,; var=(${NM_SINGLESRVR_DOCKERS[${ntype}]}); unset IFS
|
|
for value in "${var[@]}"; do
|
|
arr_insert ${ntype}_SINGLESRVR_DOCKERS $value
|
|
done
|
|
fi
|
|
|
|
if [ "${NM_SINGLESRVR_IP[${ntype}]}" != "" ]; then
|
|
IFS=,; var=(${NM_SINGLESRVR_IP[${ntype}]}); unset IFS
|
|
for value in "${var[@]}"; do
|
|
arr_insert ${ntype}_SINGLESRVR_IP $value
|
|
done
|
|
# else
|
|
# declare "${ntype}_SINGLESRVR_IP"=""
|
|
fi
|
|
done
|
|
|
|
fi
|
|
|
|
TSI=$(/sbin/ip link | grep tailscale0) && [ ${#TSI} != 0 ] && RUN_NODE_TSIP=$(/sbin/ip -o -4 addr list tailscale0 | awk '{print $4}' | cut -d/ -f1) || RUN_NODE_TSIP=
|
|
RNIP=$(ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | head -n 1 | awk '/inet/ {print $2}' | cut -d'/' -f1)
|
|
|
|
if [ "${RNIP}" == "${NM_NODEMANAGER}" ]; then
|
|
RUN_NODE_TYPE=NM;
|
|
RUN_NODE_IP=${RNIP}
|
|
else
|
|
for NTYPE in "${NM_NODE_TYPES[@]}"; do
|
|
var=${NTYPE}_HOSTS[@]
|
|
RUN_NODE_TYPE=""
|
|
for nip in "${!var}"; do
|
|
# echo "$nip - ${RNIP} - ${RUN_NODE_TSIP}"
|
|
if [[ "${RNIP}" == *"${nip}"* ]]; then
|
|
RUN_NODE_TYPE=${NTYPE};
|
|
RUN_NODE_IP=${RNIP}
|
|
break 2
|
|
elif [[ "${RUN_NODE_TSIP}" == *"${nip}"* ]]; then
|
|
RUN_NODE_TYPE=${NTYPE};
|
|
RUN_NODE_IP=${RUN_NODE_TSIP}
|
|
break 2
|
|
fi
|
|
done
|
|
done
|
|
fi
|
|
[ "${NM_REPL_NGINX_PATHS[${RUN_NODE_TYPE}]}" != "" ] && NM_NGINXPATH=${NM_REPL_NGINX_PATHS[${RUN_NODE_TYPE}]} || NM_NGINXPATH=/etc/nginx
|
|
[ "${NM_CERTPATHS[${RUN_NODE_TYPE}]}" != "" ] && NM_CERTPATH=${NM_CERTPATHS[${RUN_NODE_TYPE}]} || NM_CERTPATH=/etc/letsencrypt
|
|
[ "${NM_WWWPATHS[${RUN_NODE_TYPE}]}" != "" ] && NM_WWWPATH=${NM_WWWPATHS[${RUN_NODE_TYPE}]} || NM_WWWPATH=/var/www
|
|
|
|
declare -A NM_SRVCOPTS
|
|
NM_SRVCOPTS['status']='Status'
|
|
NM_SRVCOPTS['start']='Start'
|
|
NM_SRVCOPTS['stop']='Stopp'
|
|
NM_SRVCOPTS['restart']='Restart'
|
|
NM_SRVCOPTS['reload']='Reload'
|
|
NM_SRVCOPTS['enable']='Enabl'
|
|
NM_SRVCOPTS['disable']='Disabl'
|
|
NM_SRVCOPTS['daemon-reload']='Daemon-Reload'
|
|
|
|
declare -A NM_BACKUP_ITEMS
|
|
NM_BACKUP_ITEMS['nginx-settings']=${NM_NGINXPATH}
|
|
NM_BACKUP_ITEMS['nginx-logs']=/var/log/nginx
|
|
NM_BACKUP_ITEMS['letsencrypt-certs']=${NM_CERTPATH}
|
|
NM_BACKUP_ITEMS['webserver-files']=/var/www
|
|
NM_BACKUP_ITEMS['haproxy']=/etc/haproxy
|
|
NM_BACKUP_ITEMS['keepalived']=/etc/keepalived
|
|
NM_BACKUP_ITEMS['fail2ban']=/etc/fail2ban
|
|
# NM_BACKUP_ITEMS[nginx]=/
|
|
|
|
|
|
|
|
|
|
GET-CHECKCERT-DOMAINS(){
|
|
declare -A CHECKCERT_DOMAINS
|
|
IFS=$'\n'
|
|
for LINE in `egrep -v '(^#|^$)' ${NM_FOLDER}/conf/ssl-domain-checks.conf`; do
|
|
HOST=${LINE%% *}
|
|
PORT=${LINE#* }
|
|
IFS=" "
|
|
CHECKCERT_DOMAINS[${HOST}]=${PORT}
|
|
done
|
|
unset IFS
|
|
}
|
|
|
|
DISP_HEADER(){
|
|
declare -i cw; declare -i spc1; declare -i c
|
|
if [ "$1" = true ]; then
|
|
clear
|
|
fi
|
|
echo
|
|
echo -e "${idsCL[LightGreen]} NodeMgmt - Node Monitoring & Management${idsCL[Default]} ${idsCL[DarkGray]}(ver-${VERS})${idsCL[Default]}"
|
|
DIVIDER . lightGreen
|
|
echo
|
|
}
|
|
|
|
CERT-CHECK(){
|
|
TARGET="mysite.example.net";
|
|
RECIPIENT="hostmaster@mysite.example.net";
|
|
DAYS=7;
|
|
echo "checking if $TARGET expires in less than $DAYS days";
|
|
expirationdate=$(date -d "$(: | openssl s_client -connect $TARGET:443 -servername $TARGET 2>/dev/null \
|
|
| openssl x509 -text \
|
|
| grep 'Not After' \
|
|
|awk '{print $4,$5,$7}')" '+%s');
|
|
in7days=$(($(date +%s) + (86400*$DAYS)));
|
|
if [ $in7days -gt $expirationdate ]; then
|
|
echo "KO - Certificate for $TARGET expires in less than $DAYS days, on $(date -d @$expirationdate '+%Y-%m-%d')" \
|
|
| mail -s "Certificate expiration warning for $TARGET" $RECIPIENT ;
|
|
else
|
|
echo "OK - Certificate expires on $expirationdate";
|
|
fi
|
|
}
|
|
|
|
SENDNOTICE(){
|
|
[ "${PUSHOVER_USER_TOKEN}" != "" ] && PUSH_TO_MOBILE "${2}
|
|
|
|
$(date)" "${1}" ${3} &
|
|
|
|
[ "${EMAIL_NOTICE}" != "" ] && echo -e "${1}\n\n$(date)" | mail -s "${2}" ${EMAIL_NOTICE}
|
|
|
|
}
|
|
|
|
|
|
|
|
|