pavel.muhortov/zimbra-management
1
0
Fork 0
generated from pavel.muhortov/template-bash
Code Issues Pull Requests Projects Releases Wiki Activity

simple code refactoring

Browse Source
This commit is contained in:
Pavel Muhortov 2023-08-27 13:55:04 +03:00
parent f9fa04fa1b
commit d48accac05
2 changed files with 68 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -15,11 +15,10 @@ ____
> >
> * privileged rights > * privileged rights
> * [zimbra zmcontrol, zmqstat, zmcertmgr](https://www.zimbra.com/) (tested version 8.8.15 on [CentOS 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009)) > * [zimbra zmcontrol, zmqstat, zmcertmgr](https://www.zimbra.com/) (tested version 8.8.15 on [CentOS 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009))
> * [curl](https://curl.se/download.html) (tested version 7.29 on [CentOS 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009))
> * [openssl](https://www.openssl.org/) (tested version 1.0.2k on [CentOS 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009))
> * [cerbot](https://certbot.eff.org/) (tested version 2.5.0 on [CentOS 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009)) > * [cerbot](https://certbot.eff.org/) (tested version 2.5.0 on [CentOS 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009))
> * [cert-info.sh](https://git.hmp.today/pavel.muhortov/utils#cert-info-sh)
> * [Python 3](https://www.python.org/downloads/) (tested version 3.9.5 on [CentOS 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009)) > * [Python 3](https://www.python.org/downloads/) (tested version 3.9.5 on [CentOS 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009))
> * existing [/usr/local/bin/sendmail.py](https://git.hmp.today/pavel.muhortov/utils#sendmail-py) > * [sendmail.py](https://git.hmp.today/pavel.muhortov/utils#sendmail-py)
| POSITION | PARAMETERS | DESCRIPTION | DEFAULT | | POSITION | PARAMETERS | DESCRIPTION | DEFAULT |
|-----------|--------------|------------------------|---------------| |-----------|--------------|------------------------|---------------|
@ -74,6 +73,9 @@ sudo chmod +x /usr/local/bin/zimbra-man.sh
sudo tee /usr/local/bin/zimbra-man.conf > /dev/null <<'EOF' sudo tee /usr/local/bin/zimbra-man.conf > /dev/null <<'EOF'
logs=/var/log/zimbra-man.log logs=/var/log/zimbra-man.log
python3=/usr/local/opt/python-3.9/bin/python3.9 python3=/usr/local/opt/python-3.9/bin/python3.9
sendemail=/usr/local/bin/sendmail.py
confemail=/usr/local/bin/sendmail.config
certcheck=/usr/local/bin/cert-info.sh
certfirst=mail.domain.zone certfirst=mail.domain.zone
certalias=smtp.domain.zone pop3.domain.zone imap.domain.zone certalias=smtp.domain.zone pop3.domain.zone imap.domain.zone
certemail=mail@domain.zone certemail=mail@domain.zone

112
zimbra-man.sh
View File

@ -3,16 +3,17 @@
# DESCRIPTION: # DESCRIPTION:
# print length of all zimbra queues # print length of all zimbra queues
# or # or
# print number of stopped services
# or
# letsencrypt update certificate procedure # letsencrypt update certificate procedure
# #
# DEPENDENCIES: # DEPENDENCIES:
# - privileged rights # - privileged rights
# - zimbra zmcontrol, zmqstat, zmcertmgr # - zimbra zmcontrol, zmqstat, zmcertmgr
# - curl
# - openssl
# - cerbot # - cerbot
# - cert-info.sh
# - Python 3 # - Python 3
# - existing /usr/local/bin/sendmail.py # - sendmail.py
# #
# PARAMETERS: # PARAMETERS:
# 1: "qn" - execution without pauses # 1: "qn" - execution without pauses
@ -32,7 +33,7 @@
# 1: message to print and logging # 1: message to print and logging
####################################### #######################################
addtologs() { addtologs() {
echo "$(date +'%Y.%m.%d-%H:%M:%S') $1" | tee -a "${logs}" printf "%s\n" "$(date +'%Y.%m.%d-%H:%M:%S') ${1}" | tee -a "${logs}"
} }
####################################### #######################################
@ -50,15 +51,17 @@ execpause() {
# Exit procedure. # Exit procedure.
# Globals: # Globals:
# show # show
# time
# Arguments: # Arguments:
# None # 1: exit code
####################################### #######################################
execquite() { execquite() {
addtologs "execution time is $(( $(date +%s)-time )) seconds, exit" addtologs "execution time is $(( $(date +%s)-time )) seconds, exit"
if [ "${show}" != "qn" ]; then if [ "${show}" != "qn" ]; then
execpause execpause
fi fi
exit
exit "${1}"
} }
####################################### #######################################
@ -70,23 +73,26 @@ execquite() {
####################################### #######################################
execerror() { execerror() {
addtologs "error: $1" addtologs "error: $1"
execquite execquite 1
} }
####################################### #######################################
# Parsing config file and creating global vars. # Parsing config file and creating global vars.
# Globals: # Globals:
# None # conf
# Arguments: # Arguments:
# None # None
####################################### #######################################
getconfig() { getconfig() {
logs=$(grep "logs=" "${conf}" | cut -d= -f2) logs=$(grep "logs=" "${conf}" | cut -d= -f2)
python3=$(grep "python3=" "${conf}" | cut -d= -f2) python3=$(grep "python3=" "${conf}" | cut -d= -f2)
sendemail=$(grep "sendemail=" "${conf}" | cut -d= -f2)
confemail=$(grep "confemail=" "${conf}" | cut -d= -f2)
certcheck=$(grep "certcheck=" "${conf}" | cut -d= -f2)
certemail=$(grep "certemail=" "${conf}" | cut -d= -f2) certemail=$(grep "certemail=" "${conf}" | cut -d= -f2)
certfirst=$(grep "certfirst=" "${conf}" | cut -d= -f2) certfirst=$(grep "certfirst=" "${conf}" | cut -d= -f2)
IFS=" " read -r -a certalias <<< "$(grep "certalias=" "${conf}" | cut -d= -f2)" IFS=" " read -r -a certalias <<< \
"$(grep "certalias=" "${conf}" | cut -d= -f2)"
} }
####################################### #######################################
@ -118,8 +124,9 @@ checkroot() {
calcqueue(){ calcqueue(){
object=0 object=0
while read -r QUE; do while read -r QUE; do
object=$(( object + $(echo "${QUE}" | cut -d= -f2) )) object=$(( object + $(printf "%s" "${QUE}" | cut -d= -f2) ))
done <<< "$(/opt/zimbra/libexec/zmqstat)" done <<< "$(/opt/zimbra/libexec/zmqstat)"
printf "%s\n" "${object}" printf "%s\n" "${object}"
return "${object}" return "${object}"
} }
@ -142,26 +149,11 @@ isrunning(){
fi fi
fi fi
done <<< "$(su - zimbra -c '/opt/zimbra/bin/zmcontrol status')" done <<< "$(su - zimbra -c '/opt/zimbra/bin/zmcontrol status')"
printf "%s\n" "${counter}" printf "%s\n" "${counter}"
return "${counter}" return "${counter}"
} }
#######################################
# Print certificate expiration date in epoch
# Globals:
# None
# Arguments:
# 1: certificate path or site url
#######################################
certcheck() {
if [ -e "${1}" ]; then
printf '%s\n' "$(date -d "$(openssl x509 -text -noout -in "${1}" | grep 'Not After' | cut -d':' -f2-)" +%s)"
else
export LANG=C
printf '%s\n' "$(date -d "$(curl --insecure -vvI "${1}" 2>&1 | grep "expire date" | cut -d':' -f2-)" +%s)"
fi
}
####################################### #######################################
# Renew and deploy certificate # Renew and deploy certificate
# Globals: # Globals:
@ -180,17 +172,28 @@ certrenew() {
certarray+=" -d ${domain}" certarray+=" -d ${domain}"
done done
fi fi
certbot certonly --standalone --email "${certemail}" --key-type rsa --rsa-key-size 2048 --preferred-chain "ISRG Root X1" "${certarray}" certbot certonly --standalone --email "${certemail}" \
wget -O - https://letsencrypt.org/certs/isrgrootx1.pem.txt --no-check-certificate >> "/etc/letsencrypt/live/${certfirst}/chain.pem" --key-type rsa --rsa-key-size 2048 \
--preferred-chain "ISRG Root X1" "${certarray}"
wget -O - https://letsencrypt.org/certs/isrgrootx1.pem.txt \
--no-check-certificate >> "/etc/letsencrypt/live/${certfirst}/chain.pem"
su - zimbra -c "/opt/zimbra/bin/zmcontrol start" su - zimbra -c "/opt/zimbra/bin/zmcontrol start"
# zimbra cert deploy # zimbra cert deploy
cp "/etc/letsencrypt/live/${certfirst}/privkey.pem" /opt/zimbra/ssl/zimbra/commercial/commercial.key cp "/etc/letsencrypt/live/${certfirst}/privkey.pem" \
cp "/etc/letsencrypt/live/${certfirst}/chain.pem" /opt/zimbra/ssl/zimbra/commercial/chain.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
cp "/etc/letsencrypt/live/${certfirst}/cert.pem" /opt/zimbra/ssl/zimbra/commercial/cert.pem cp "/etc/letsencrypt/live/${certfirst}/chain.pem" \
/opt/zimbra/ssl/zimbra/commercial/chain.pem
cp "/etc/letsencrypt/live/${certfirst}/cert.pem" \
/opt/zimbra/ssl/zimbra/commercial/cert.pem
chown -R zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/ chown -R zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/
su - zimbra -c "/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/cert.pem /opt/zimbra/ssl/zimbra/commercial/chain.pem" su - zimbra -c "/opt/zimbra/bin/zmcertmgr verifycrt comm \
su - zimbra -c "/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/cert.pem /opt/zimbra/ssl/zimbra/commercial/chain.pem" /opt/zimbra/ssl/zimbra/commercial/commercial.key \
/opt/zimbra/ssl/zimbra/commercial/cert.pem \
/opt/zimbra/ssl/zimbra/commercial/chain.pem"
su - zimbra -c "/opt/zimbra/bin/zmcertmgr deploycrt comm \
/opt/zimbra/ssl/zimbra/commercial/cert.pem \
/opt/zimbra/ssl/zimbra/commercial/chain.pem"
su - zimbra -c "/opt/zimbra/bin/zmcontrol restart" su - zimbra -c "/opt/zimbra/bin/zmcontrol restart"
} }
@ -198,6 +201,8 @@ certrenew() {
# Send email information about deployed certificate # Send email information about deployed certificate
# Globals: # Globals:
# python3 # python3
# sendemail
# confemail
# certfirst # certfirst
# Arguments: # Arguments:
# None # None
@ -205,15 +210,15 @@ certrenew() {
startsendmail() { startsendmail() {
subj="[SSL Status] $(cat /etc/hostname): certificates renewed" subj="[SSL Status] $(cat /etc/hostname): certificates renewed"
( (
"${python3}" /usr/local/bin/sendmail.py \ "${python3}" "${sendemail}" \
-u "$(grep "from=" /usr/local/bin/sendmail.config | cut -d= -f2)" \ -u "$(grep "from=" "${confemail}" | cut -d= -f2)" \
-p "$(grep "pass=" /usr/local/bin/sendmail.config | cut -d= -f2)" \ -p "$(grep "pass=" "${confemail}" | cut -d= -f2)" \
-d "$(grep "dest=" /usr/local/bin/sendmail.config | cut -d= -f2)" \ -d "$(grep "dest=" "${confemail}" | cut -d= -f2)" \
--smtp "$(grep "smtp=" /usr/local/bin/sendmail.config | cut -d= -f2)" \ --smtp "$(grep "smtp=" "${confemail}" | cut -d= -f2)" \
--port "$(grep "port=" /usr/local/bin/sendmail.config | cut -d= -f2)" \ --port "$(grep "port=" "${confemail}" | cut -d= -f2)" \
--stls "True" \ --stls "True" \
--subj "${subj}" \ --subj "${subj}" \
--text "$(curl --insecure -vvI "${certfirst}" 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }')" \ --text "$("${certcheck}" "/opt/zimbra/ssl/zimbra/commercial/cert.pem")" \
>> /dev/null 2>&1 & >> /dev/null 2>&1 &
) )
addtologs "sent mail with subject '${subj}'" addtologs "sent mail with subject '${subj}'"
@ -243,13 +248,12 @@ elif [ ! -e "${logs}" ]; then
touch "${logs}" touch "${logs}"
fi fi
if ! command -v curl &> /dev/null || \ if ! command -v certbot &> /dev/null || \
! command -v openssl &> /dev/null || \
! command -v certbot &> /dev/null || \
! command -v /opt/zimbra/bin/zmcontrol &> /dev/null || \ ! command -v /opt/zimbra/bin/zmcontrol &> /dev/null || \
! command -v /opt/zimbra/bin/zmcertmgr &> /dev/null || \ ! command -v /opt/zimbra/bin/zmcertmgr &> /dev/null || \
! command -v /opt/zimbra/libexec/zmqstat &> /dev/null || \ ! command -v /opt/zimbra/libexec/zmqstat &> /dev/null || \
! command -v /usr/local/bin/sendmail.py &> /dev/null || \ ! command -v "${sendemail}" &> /dev/null || \
! command -v "${certcheck}" &> /dev/null || \
! command -v "${python3}" &> /dev/null; then ! command -v "${python3}" &> /dev/null; then
execerror "Not found dependencies" execerror "Not found dependencies"
fi fi
@ -259,31 +263,39 @@ fi
# #
if checkroot; then if checkroot; then
if [ "${does}" = "ssl" ]; then if [ "${does}" = "ssl" ]; then
expired=$(certcheck "/etc/letsencrypt/live/${certfirst}/cert.pem") expired=$("${certcheck}" "/opt/zimbra/ssl/zimbra/commercial/cert.pem" -e)
humaned=$(date -d "1970-01-01 UTC ${expired} seconds" +"%Y.%m.%d %T")
targets=$(( expired - 2592000 )) targets=$(( expired - 2592000 ))
if [[ "${time}" -le "${targets}" ]]; then if [[ "${time}" -le "${targets}" ]]; then
addtologs "${certfirst} expired $(date -d "1970-01-01 UTC $expired seconds" +"%Y.%m.%d %T")" addtologs "${certfirst} expired ${humaned}"
addtologs "${certfirst} certificates renew delayed" addtologs "${certfirst} certificates renew delayed"
else else
certrenew && addtologs "${certfirst} certificates renewed" certrenew && addtologs "${certfirst} certificates renewed"
startsendmail startsendmail
fi fi
elif [ "${does}" = "que" ]; then elif [ "${does}" = "que" ]; then
result=$(calcqueue) result=$(calcqueue)
addtologs "Zimbra queue has ${result} objects" > /dev/null addtologs "Zimbra queue has ${result} objects" > /dev/null
printf "%s\n" "${result}" printf "%s\n" "${result}"
execquite > /dev/null execquite 0 > /dev/null
elif [ "${does}" = "svc" ]; then elif [ "${does}" = "svc" ]; then
result=$(isrunning) result=$(isrunning)
addtologs "Zimbra has ${result} stopped services" > /dev/null addtologs "Zimbra has ${result} stopped services" > /dev/null
printf "%s\n" "${result}" printf "%s\n" "${result}"
execquite > /dev/null execquite 0 > /dev/null
else else
printf "%s\n" "Usage example: $0 qn ssl" printf "%s\n" "Usage example: $0 qn ssl"
printf "%s\n" "Usage example: $0 - que" printf "%s\n" "Usage example: $0 - que"
fi fi
execquite
execquite 0
else else
execerror "Restart this as root!" execerror "Restart this as root!"
fi fi