symbiosis-ssl 3.26 KB
Newer Older
1
#!/usr/bin/ruby
2
#
3
# NAME
4
#   symbiosis-ssl - Manage and generate SSL certificates
5
6
#
# SYNOPSIS
7
#   symbiosis-ssl [ --threshold N ] [ --no-generate ] [ --no-rollover ] [ --verbose ] [ --manual ]
8
9
10
#     [ --help ] [ DOMAIN DOMAIN ...]
#
# OPTIONS
11
#  --force          Re-generate certificates, and roll over to the new set even
12
#                   if they're not due to be renewed.  Implies --verbose.
13
#
14
#  --threshold N    Number days before expiry that certificates should be renewed.  Defaults to 21.
15
#
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#  --no-generate    Do not try and generate keys or certificates.
#
#  --no-rollover    Do not try and generate keys or certificates.
#
#  --prefix PREFIX  Set the directory prefix for Symbiosis.  Defaults to /srv.
#
#   --help        Show the help information for this script.
#
#   --manual      Show the manual for this script
#
#   --verbose     Show debugging information.
#
# AUTHOR
#   Patrick J. Cherry <patrick@bytemark.co.uk>
#

#
#  Modules we require
#

require 'getoptlong'

opts = GetoptLong.new(
    [ '--help', '-h', GetoptLong::NO_ARGUMENT ],
    [ '--manual', '-m', GetoptLong::NO_ARGUMENT ],
    [ '--verbose', '-v', GetoptLong::NO_ARGUMENT ],
42
    [ '--force', '-f', GetoptLong::NO_ARGUMENT ],
43
    [ '--threshold', '-t', GetoptLong::REQUIRED_ARGUMENT ],
44
45
46
47
48
49
50
    [ '--no-generate', '-G', GetoptLong::NO_ARGUMENT ],
    [ '--no-rollover', '-R', GetoptLong::NO_ARGUMENT ],
    [ '--prefix', '-p', GetoptLong::REQUIRED_ARGUMENT ]
)

manual = help = false
$VERBOSE = false
51
prefix = "/srv"
52
do_generate = do_rollover = nil
53
threshold = 21
54
55
56

opts.each do |opt,arg|
  case opt
57
58
59
60
    when '--no-generate'
      do_generate = false
    when '--no-rollover'
      do_rollover = false
61
    when '--force'
62
      do_generate = do_rollover = true
63
      $VERBOSE = true
64
65
66
67
68
69
    when '--threshold'
      begin
        threshold = Integer(arg)
      rescue ArgumentError
        warn "** Could not parse #{arg.inspect} as an integer for --threshold"
      end
70
71
72
73
    when '--help'
      help = true
    when '--manual'
      manual = true
74
75
    when '--prefix'
      prefix = arg
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
    when '--verbose'
      $VERBOSE = true
  end
end

#
# Output help as required.
#
if help or manual
  require 'symbiosis/utils'
  Symbiosis::Utils.show_help(__FILE__) if help
  Symbiosis::Utils.show_manual(__FILE__) if manual
  exit 0
end

91
92
93
94
95
96
97
98
#
# The required spawn a massive stack of warnings in verbose mode.  So let's
# hide them.
#
v = $VERBOSE
$VERBOSE = false

require 'symbiosis/domains'
99
100
require 'symbiosis/domain/ssl'
require 'symbiosis/ssl'
101
102
103
104
105
106
107
108
require 'symbiosis/ssl/letsencrypt'
require 'symbiosis/ssl/selfsigned'

#
# And unhide.  Ugh.
#
$VERBOSE = v

109
110
111
112
113
114
115

domains = []

ARGV.each do |arg|
  domain = Symbiosis::Domains.find(arg.to_s, prefix)

  if domain.nil?
116
    warn "** Unable to find/parse domain #{arg.inspect}"
117
118
119
120
121
122
123
124
125
126
    next
  end

  domains << domain
end

if ARGV.empty?
  domains = Symbiosis::Domains.all(prefix)
end

127
exit_code = 0
128

129
%w(INT TERM).each do |sig|
130
  trap(sig) do
131

132
133
134
    if 0 == Process.uid
      Process.euid = 0
      Process.egid = 0
135
136
    end

137
    exit 1
138
  end
139
end
140

141
now = Time.now
142

143
144
domains.each do |domain|
  begin
145
    domain.ssl_magic(threshold, do_generate, do_rollover, now)
146
147
148
149
  rescue StandardError => err
    puts "\t!! Failed: #{err.to_s.gsub($/,'')}" if $VERBOSE
    puts err.backtrace.join("\n") if $DEBUG
    exit_code = 1
150
151
152
  end
end

153
154
exit exit_code