跳至正文
  • 14 views
  • 2 min read

openwrt/esxi证书自动更新脚本

新浪微博 豆瓣 QQ 百度贴吧 QQ空间

#!/usr/bin/env python3
# _*_ encoding:utf-8 _*_

import time
import subprocess
import paramiko
import sys
import datetime

def execute_cmd (cmd):
    p = subprocess.Popen(
        cmd,
        shell=True,
        stdin=subprocess.PIPE,
        stdout=subprocess.PIPE,
        stderr=subprocess.PIPE
    )
    stdout, stderr = p.communicate()
    if p.returncode != 0:
        return p.returncode, stderr
    return p.returncode, stdout, stderr


def chk_cert (chktime):
    cmd = """
    openssl x509 -in /etc/letsencrypt/live/ginux.cn/fullchain.pem -noout -dates|awk -F '=' '/notAfter/ {print $NF}'
    """
    cert_end_time = execute_cmd(cmd)[1].decode().replace('\r', '').replace('\n', '')

    end_Time = int(time.mktime(time.strptime(cert_end_time, '%b %d %H:%M:%S %Y %Z')))
    curr_Time = int(time.time())
    one_Day_time = 24 * 60 * 60

    if ( end_Time - curr_Time ) < one_Day_time:
        return True
    else:
        rest_days = int(( end_Time - curr_Time ) / one_Day_time)
        print('[INFO]:{0}:Certification files are still over {1} days.'.format(chktime, rest_days))
        return False


def main():
    chktime = datetime.datetime.now().strftime('%Y/%m/%d-%H:%M')
    ip_list = ['192.168.0.1', '192.168.0.6', '192.168.0.10']
    new_Cert = '/etc/letsencrypt/live/ginux.cn/fullchain.pem'
    new_Key = '/etc/letsencrypt/live/ginux.cn/privkey.pem'
    if chk_cert(chktime):
        for ip in ip_list:
            p_key = paramiko.RSAKey.from_private_key_file('/root/.ssh/id_rsa')
            ssh = paramiko.SSHClient()
            ssh.load_system_host_keys()
            ssh.connect(hostname=ip, port=22, username='root', pkey=p_key, timeout=300)
            sftp = paramiko.SFTPClient.from_transport(ssh.get_transport())
            if ip == '192.168.0.1':
                des_cert_file = '/etc/config/uhttpd.crt'
                des_key_file = '/etc/config/uhttpd.key'
            elif ip == '192.168.0.6' or ip == '192.168.0.10':
                des_cert_file = '/etc/vmware/ssl/rui.crt'
                des_key_file = '/etc/vmware/ssl/rui.key'
            else:
                des_cert_file = ''
                des_key_file = ''
            if des_cert_file and des_key_file:
                try:
                    sftp.put(new_Cert, des_cert_file)
                    sftp.put(new_Key, des_key_file)
                    time.sleep(3)
                    if ip == '192.168.0.1':
                        stdin, stdout, stderr = ssh.exec_command('/etc/init.d/uhttpd restart')
                    else:
                        stdin, stdout, stderr = ssh.exec_command('/etc/init.d/hostd restart;/etc/init.d/vpxa restart')
                except Exception as e:
                    print(e)
        print('{0}:openWRT/ESXI SSL Certification updated success.'.format(chktime))
                    
    else:
        print('[INFO]:{0}:No Actions is needed.'.format(chktime))
        
    sys.exit(0)
    
    
if __name__ == '__main__':
    main()

发表回复