zimbra-management/zimbra-man.sh

259 lines
7.0 KiB
Bash
Raw Normal View History

2023-05-01 17:01:49 +03:00
#!/usr/bin/env bash
2023-05-01 11:48:30 +03:00
# DESCRIPTION:
# print length of all zimbra queues
# or
# letsencrypt update certificate procedure
#
# DEPENDENCIES:
# - privileged rights
# - zimbra zmcontrol, zmqstat, zmcertmgr
# - curl
# - openssl
# - cerbot
# - Python 3
# - existing /usr/local/bin/sendmail.py
#
# PARAMETERS:
# 1: "qn" - execution without pauses
# 2: "que" - print length of all zimbra queues
# 2: "ssl" - letsencrypt certificate update procedure
# 3: custom configuration file path
#
# FUNCTIONS:
#
#######################################
# Print message and add to log.
# Globals:
# logs
# Arguments:
# 1: message to print and logging
#######################################
addtologs() {
echo "$(date +'%Y.%m.%d-%H:%M:%S') $1" | tee -a "${logs}"
}
#######################################
# Waiting for press [ENTER].
# Globals:
# None
# Arguments:
# None
#######################################
execpause() {
read -r -p "Press [ENTER] to continue... "
}
#######################################
# Exit procedure.
# Globals:
# show
# Arguments:
# None
#######################################
execquite() {
addtologs "execution time is $(($(date +%s)-time)) seconds, exit"
if [ "${show}" != "qn" ]; then
execpause
fi
exit
}
#######################################
# Error exit procedure
# Globals:
# None
# Arguments:
# 1: message to print and logging
#######################################
execerror() {
addtologs "error: $1"
execquite
}
#######################################
# Parsing config file and creating global vars.
# Globals:
# None
# Arguments:
# None
#######################################
getconfig() {
logs=$(grep "logs=" "${conf}" | cut -d= -f2)
python3=$(grep "python3=" "${conf}" | cut -d= -f2)
certemail=$(grep "certemail=" "${conf}" | cut -d= -f2)
certfirst=$(grep "certfirst=" "${conf}" | cut -d= -f2)
IFS=" " read -r -a certalias <<< "$(grep "certalias=" "${conf}" | cut -d= -f2)"
}
#######################################
# Checking user rights.
# Globals:
# None
# Arguments:
# None
# return:
# 0 - if privileged rights, 1 - if not privileged rights
#######################################
checkroot() {
if [ "${EUID}" -ne 0 ]; then
return 1 # false
else
return 0 # true
fi
}
#######################################
# Counting zimbra queues.
# Globals:
# None
# Arguments:
# None
# return:
# length of all queues
#######################################
calcqueue(){
object=0
while read -r QUE; do
object=$(( object + $(echo "${QUE}" | cut -d= -f2) ))
done <<< "$(/opt/zimbra/libexec/zmqstat)"
printf "%s\n" "${object}"
return "${object}"
}
#######################################
# Print certificate expiration date in epoch
# Globals:
# None
# Arguments:
# 1: certificate path or site url
#######################################
certcheck() {
if [ -e "${1}" ]; then
printf '%s\n' "$(date -d "$(openssl x509 -text -noout -in "${1}" | grep 'Not After' | cut -d':' -f2-)" +%s)"
else
export LANG=C
printf '%s\n' "$(date -d "$(curl --insecure -vvI "${1}" 2>&1 | grep "expire date" | cut -d':' -f2-)" +%s)"
fi
}
#######################################
# Renew and deploy certificate
# Globals:
# certfirst
# certalias
# certemail
# Arguments:
# None
#######################################
certrenew() {
# letsencrypt request
su - zimbra -c "/opt/zimbra/bin/zmcontrol stop"
certarray="-d ${certfirst}"
if [ ${#certalias[@]} -ne 0 ]; then
for domain in "${certalias[@]}"; do
certarray+=" -d ${domain}"
done
fi
certbot certonly --standalone --email "${certemail}" --preferred-chain "ISRG Root X1" "${certarray}"
wget -O - https://letsencrypt.org/certs/isrgrootx1.pem.txt --no-check-certificate >> "/etc/letsencrypt/live/${certfirst}/chain.pem"
su - zimbra -c "/opt/zimbra/bin/zmcontrol start"
# zimbra cert deploy
cp "/etc/letsencrypt/live/${certfirst}/privkey.pem" /opt/zimbra/ssl/zimbra/commercial/commercial.key
cp "/etc/letsencrypt/live/${certfirst}/chain.pem" /opt/zimbra/ssl/zimbra/commercial/chain.pem
cp "/etc/letsencrypt/live/${certfirst}/cert.pem" /opt/zimbra/ssl/zimbra/commercial/cert.pem
chown -R zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/
su - zimbra -c "/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/cert.pem /opt/zimbra/ssl/zimbra/commercial/chain.pem"
su - zimbra -c "/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/cert.pem /opt/zimbra/ssl/zimbra/commercial/chain.pem"
su - zimbra -c "/opt/zimbra/bin/zmcontrol restart"
}
#######################################
# Send email information about deployed certificate
# Globals:
# python3
# certfirst
# Arguments:
# None
#######################################
startsendmail() {
subj="[SSL Status] $(cat /etc/hostname): certificates did renew"
(
"${python3}" /usr/local/bin/sendmail.py \
-u "$(grep "from=" /usr/local/bin/sendmail.config | cut -d= -f2)" \
-p "$(grep "pass=" /usr/local/bin/sendmail.config | cut -d= -f2)" \
-d "$(grep "dest=" /usr/local/bin/sendmail.config | cut -d= -f2)" \
--smtp "$(grep "smtp=" /usr/local/bin/sendmail.config | cut -d= -f2)" \
--port "$(grep "port=" /usr/local/bin/sendmail.config | cut -d= -f2)" \
--stls "True" \
--subj "${subj}" \
--text "$(curl --insecure -vvI "${certfirst}" 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }')" \
>> /dev/null 2>&1 &
)
addtologs "sent mail with subject '${subj}'"
}
#
# VARIABLES:
#
show=$1
does=$2
conf=$3
if [ -z "${conf}" ] || [ "${conf}" == "-" ]; then
conf="$(dirname "$(realpath "$0")")/$(basename -s .sh "$0").conf"
fi
time=$(date +%s)
cd "$(dirname "$(realpath "$0")")" || execerror
if [ ! -e "${conf}" ]; then
:
else
getconfig
fi
if [ -z "${logs}" ]; then
logs=/dev/null
elif [ ! -e "${logs}" ]; then
touch "${logs}"
fi
if ! command -v curl &> /dev/null || \
! command -v openssl &> /dev/null || \
! command -v certbot &> /dev/null || \
! command -v /opt/zimbra/bin/zmcontrol &> /dev/null || \
! command -v /opt/zimbra/bin/zmcertmgr &> /dev/null || \
! command -v /opt/zimbra/libexec/zmqstat &> /dev/null || \
! command -v /usr/local/bin/sendmail.py &> /dev/null || \
! command -v "${python3}" &> /dev/null; then
execerror "Not found dependencies"
fi
#
# MAIN:
#
if checkroot; then
if [ "${does}" = "que" ]; then
calcqueue && exit 0
elif [ "${does}" = "ssl" ]; then
expired=$(certcheck "/etc/letsencrypt/live/${certfirst}/cert.pem")
targets=$(( expired - 2592000 ))
if [[ "${time}" -le "${targets}" ]]; then
addtologs "${certfirst} expired $(date -d "1970-01-01 UTC $expired seconds" +"%Y.%m.%d %T")"
addtologs "${certfirst} certificates renew delayed"
else
certrenew && addtologs "${certfirst} certificates renewed"
startsendmail
fi
else
printf "%s\n" "Usage example: $0 qn ssl"
printf "%s\n" "Usage example: $0 - que"
fi
execquite
else
execerror "Restart this as root!"
fi