diff --git a/README.md b/README.md index 1a353e4..4af6267 100644 --- a/README.md +++ b/README.md @@ -15,11 +15,10 @@ ____ > > * privileged rights > * [zimbra zmcontrol, zmqstat, zmcertmgr](https://www.zimbra.com/) (tested version 8.8.15 on [CentOS 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009)) -> * [curl](https://curl.se/download.html) (tested version 7.29 on [CentOS 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009)) -> * [openssl](https://www.openssl.org/) (tested version 1.0.2k on [CentOS 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009)) > * [cerbot](https://certbot.eff.org/) (tested version 2.5.0 on [CentOS 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009)) +> * [cert-info.sh](https://git.hmp.today/pavel.muhortov/utils#cert-info-sh) > * [Python 3](https://www.python.org/downloads/) (tested version 3.9.5 on [CentOS 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009)) -> * existing [/usr/local/bin/sendmail.py](https://git.hmp.today/pavel.muhortov/utils#sendmail-py) +> * [sendmail.py](https://git.hmp.today/pavel.muhortov/utils#sendmail-py) | POSITION | PARAMETERS | DESCRIPTION | DEFAULT | |-----------|--------------|------------------------|---------------| @@ -74,6 +73,9 @@ sudo chmod +x /usr/local/bin/zimbra-man.sh sudo tee /usr/local/bin/zimbra-man.conf > /dev/null <<'EOF' logs=/var/log/zimbra-man.log python3=/usr/local/opt/python-3.9/bin/python3.9 +sendemail=/usr/local/bin/sendmail.py +confemail=/usr/local/bin/sendmail.config +certcheck=/usr/local/bin/cert-info.sh certfirst=mail.domain.zone certalias=smtp.domain.zone pop3.domain.zone imap.domain.zone certemail=mail@domain.zone diff --git a/zimbra-man.sh b/zimbra-man.sh index 5ea0f26..c900de2 100644 --- a/zimbra-man.sh +++ b/zimbra-man.sh @@ -3,16 +3,17 @@ # DESCRIPTION: # print length of all zimbra queues # or +# print number of stopped services +# or # letsencrypt update certificate procedure # # DEPENDENCIES: # - privileged rights # - zimbra zmcontrol, zmqstat, zmcertmgr -# - curl -# - openssl # - cerbot +# - cert-info.sh # - Python 3 -# - existing /usr/local/bin/sendmail.py +# - sendmail.py # # PARAMETERS: # 1: "qn" - execution without pauses @@ -32,7 +33,7 @@ # 1: message to print and logging ####################################### addtologs() { - echo "$(date +'%Y.%m.%d-%H:%M:%S') $1" | tee -a "${logs}" + printf "%s\n" "$(date +'%Y.%m.%d-%H:%M:%S') ${1}" | tee -a "${logs}" } ####################################### @@ -50,15 +51,17 @@ execpause() { # Exit procedure. # Globals: # show +# time # Arguments: -# None +# 1: exit code ####################################### execquite() { - addtologs "execution time is $(($(date +%s)-time)) seconds, exit" + addtologs "execution time is $(( $(date +%s)-time )) seconds, exit" if [ "${show}" != "qn" ]; then execpause fi - exit + + exit "${1}" } ####################################### @@ -70,23 +73,26 @@ execquite() { ####################################### execerror() { addtologs "error: $1" - execquite + execquite 1 } ####################################### # Parsing config file and creating global vars. # Globals: -# None +# conf # Arguments: # None ####################################### getconfig() { logs=$(grep "logs=" "${conf}" | cut -d= -f2) python3=$(grep "python3=" "${conf}" | cut -d= -f2) + sendemail=$(grep "sendemail=" "${conf}" | cut -d= -f2) + confemail=$(grep "confemail=" "${conf}" | cut -d= -f2) + certcheck=$(grep "certcheck=" "${conf}" | cut -d= -f2) certemail=$(grep "certemail=" "${conf}" | cut -d= -f2) certfirst=$(grep "certfirst=" "${conf}" | cut -d= -f2) - IFS=" " read -r -a certalias <<< "$(grep "certalias=" "${conf}" | cut -d= -f2)" - + IFS=" " read -r -a certalias <<< \ + "$(grep "certalias=" "${conf}" | cut -d= -f2)" } ####################################### @@ -118,8 +124,9 @@ checkroot() { calcqueue(){ object=0 while read -r QUE; do - object=$(( object + $(echo "${QUE}" | cut -d= -f2) )) + object=$(( object + $(printf "%s" "${QUE}" | cut -d= -f2) )) done <<< "$(/opt/zimbra/libexec/zmqstat)" + printf "%s\n" "${object}" return "${object}" } @@ -142,26 +149,11 @@ isrunning(){ fi fi done <<< "$(su - zimbra -c '/opt/zimbra/bin/zmcontrol status')" + printf "%s\n" "${counter}" return "${counter}" } -####################################### -# Print certificate expiration date in epoch -# Globals: -# None -# Arguments: -# 1: certificate path or site url -####################################### -certcheck() { - if [ -e "${1}" ]; then - printf '%s\n' "$(date -d "$(openssl x509 -text -noout -in "${1}" | grep 'Not After' | cut -d':' -f2-)" +%s)" - else - export LANG=C - printf '%s\n' "$(date -d "$(curl --insecure -vvI "${1}" 2>&1 | grep "expire date" | cut -d':' -f2-)" +%s)" - fi -} - ####################################### # Renew and deploy certificate # Globals: @@ -180,17 +172,28 @@ certrenew() { certarray+=" -d ${domain}" done fi - certbot certonly --standalone --email "${certemail}" --key-type rsa --rsa-key-size 2048 --preferred-chain "ISRG Root X1" "${certarray}" - wget -O - https://letsencrypt.org/certs/isrgrootx1.pem.txt --no-check-certificate >> "/etc/letsencrypt/live/${certfirst}/chain.pem" + certbot certonly --standalone --email "${certemail}" \ + --key-type rsa --rsa-key-size 2048 \ + --preferred-chain "ISRG Root X1" "${certarray}" + wget -O - https://letsencrypt.org/certs/isrgrootx1.pem.txt \ + --no-check-certificate >> "/etc/letsencrypt/live/${certfirst}/chain.pem" su - zimbra -c "/opt/zimbra/bin/zmcontrol start" # zimbra cert deploy - cp "/etc/letsencrypt/live/${certfirst}/privkey.pem" /opt/zimbra/ssl/zimbra/commercial/commercial.key - cp "/etc/letsencrypt/live/${certfirst}/chain.pem" /opt/zimbra/ssl/zimbra/commercial/chain.pem - cp "/etc/letsencrypt/live/${certfirst}/cert.pem" /opt/zimbra/ssl/zimbra/commercial/cert.pem + cp "/etc/letsencrypt/live/${certfirst}/privkey.pem" \ + /opt/zimbra/ssl/zimbra/commercial/commercial.key + cp "/etc/letsencrypt/live/${certfirst}/chain.pem" \ + /opt/zimbra/ssl/zimbra/commercial/chain.pem + cp "/etc/letsencrypt/live/${certfirst}/cert.pem" \ + /opt/zimbra/ssl/zimbra/commercial/cert.pem chown -R zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/ - su - zimbra -c "/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/cert.pem /opt/zimbra/ssl/zimbra/commercial/chain.pem" - su - zimbra -c "/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/cert.pem /opt/zimbra/ssl/zimbra/commercial/chain.pem" + su - zimbra -c "/opt/zimbra/bin/zmcertmgr verifycrt comm \ + /opt/zimbra/ssl/zimbra/commercial/commercial.key \ + /opt/zimbra/ssl/zimbra/commercial/cert.pem \ + /opt/zimbra/ssl/zimbra/commercial/chain.pem" + su - zimbra -c "/opt/zimbra/bin/zmcertmgr deploycrt comm \ + /opt/zimbra/ssl/zimbra/commercial/cert.pem \ + /opt/zimbra/ssl/zimbra/commercial/chain.pem" su - zimbra -c "/opt/zimbra/bin/zmcontrol restart" } @@ -198,6 +201,8 @@ certrenew() { # Send email information about deployed certificate # Globals: # python3 +# sendemail +# confemail # certfirst # Arguments: # None @@ -205,15 +210,15 @@ certrenew() { startsendmail() { subj="[SSL Status] $(cat /etc/hostname): certificates renewed" ( - "${python3}" /usr/local/bin/sendmail.py \ - -u "$(grep "from=" /usr/local/bin/sendmail.config | cut -d= -f2)" \ - -p "$(grep "pass=" /usr/local/bin/sendmail.config | cut -d= -f2)" \ - -d "$(grep "dest=" /usr/local/bin/sendmail.config | cut -d= -f2)" \ - --smtp "$(grep "smtp=" /usr/local/bin/sendmail.config | cut -d= -f2)" \ - --port "$(grep "port=" /usr/local/bin/sendmail.config | cut -d= -f2)" \ + "${python3}" "${sendemail}" \ + -u "$(grep "from=" "${confemail}" | cut -d= -f2)" \ + -p "$(grep "pass=" "${confemail}" | cut -d= -f2)" \ + -d "$(grep "dest=" "${confemail}" | cut -d= -f2)" \ + --smtp "$(grep "smtp=" "${confemail}" | cut -d= -f2)" \ + --port "$(grep "port=" "${confemail}" | cut -d= -f2)" \ --stls "True" \ --subj "${subj}" \ - --text "$(curl --insecure -vvI "${certfirst}" 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }')" \ + --text "$("${certcheck}" "/opt/zimbra/ssl/zimbra/commercial/cert.pem")" \ >> /dev/null 2>&1 & ) addtologs "sent mail with subject '${subj}'" @@ -243,13 +248,12 @@ elif [ ! -e "${logs}" ]; then touch "${logs}" fi -if ! command -v curl &> /dev/null || \ - ! command -v openssl &> /dev/null || \ - ! command -v certbot &> /dev/null || \ +if ! command -v certbot &> /dev/null || \ ! command -v /opt/zimbra/bin/zmcontrol &> /dev/null || \ ! command -v /opt/zimbra/bin/zmcertmgr &> /dev/null || \ ! command -v /opt/zimbra/libexec/zmqstat &> /dev/null || \ - ! command -v /usr/local/bin/sendmail.py &> /dev/null || \ + ! command -v "${sendemail}" &> /dev/null || \ + ! command -v "${certcheck}" &> /dev/null || \ ! command -v "${python3}" &> /dev/null; then execerror "Not found dependencies" fi @@ -259,31 +263,39 @@ fi # if checkroot; then + if [ "${does}" = "ssl" ]; then - expired=$(certcheck "/etc/letsencrypt/live/${certfirst}/cert.pem") + expired=$("${certcheck}" "/opt/zimbra/ssl/zimbra/commercial/cert.pem" -e) + humaned=$(date -d "1970-01-01 UTC ${expired} seconds" +"%Y.%m.%d %T") targets=$(( expired - 2592000 )) if [[ "${time}" -le "${targets}" ]]; then - addtologs "${certfirst} expired $(date -d "1970-01-01 UTC $expired seconds" +"%Y.%m.%d %T")" + addtologs "${certfirst} expired ${humaned}" addtologs "${certfirst} certificates renew delayed" else certrenew && addtologs "${certfirst} certificates renewed" startsendmail fi + elif [ "${does}" = "que" ]; then result=$(calcqueue) addtologs "Zimbra queue has ${result} objects" > /dev/null + printf "%s\n" "${result}" - execquite > /dev/null + execquite 0 > /dev/null + elif [ "${does}" = "svc" ]; then result=$(isrunning) addtologs "Zimbra has ${result} stopped services" > /dev/null + printf "%s\n" "${result}" - execquite > /dev/null + execquite 0 > /dev/null + else printf "%s\n" "Usage example: $0 qn ssl" printf "%s\n" "Usage example: $0 - que" fi - execquite + + execquite 0 else execerror "Restart this as root!" fi