new sslproxy xai cli commands cerbot info and renewal

2020-06-02 09:10:48 -04:00
parent 73ad921e3b
commit 764aa9c8ed
14 changed files with 196 additions and 53 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -14,3 +14,5 @@ roles/vendor/
 !.idea/
 password.txt
 !/dockerfiles/services/sslproxy/letsencrypt/live/
--- a/.idea/sshConfigs.xml
+++ b/.idea/sshConfigs.xml
@@ -5,7 +5,7 @@
      <sshConfig host="192.168.2.11" id="70bdbabf-db45-47a0-b2da-6be7a975b6fa" keyPath="$USER_HOME$/.ssh/id_rsa" port="22" customName="home.xai-corp.net" nameFormat="CUSTOM" username="ansible" />
      <sshConfig host="192.168.2.22" id="c31798ce-5b4f-4118-bdf5-5cb9558d855a" keyPath="$USER_HOME$/.ssh/id_rsa" port="22" customName="home02.xai-corp.net" nameFormat="CUSTOM" username="ansible" />
      <sshConfig host="192.168.2.18" id="3d088a15-cbe4-479f-9805-05b8a7059f5a" keyPath="$USER_HOME$/.ssh/id_rsa" port="22" customName="web01.xai-corp.net" nameFormat="CUSTOM" username="ansible" />
-      <sshConfig host="192.168.2.18" id="0b324960-0566-4103-bd7d-a290a70ceddc" keyPath="$USER_HOME$/.ssh/id_rsa" port="22" customName="web01.xai-corp.net" nameFormat="CUSTOM" username="ansible" />
+      <sshConfig host="192.168.2.18" id="0cb617df-eee4-4433-ba5c-874ed3d6cb97" keyPath="$USER_HOME$/.ssh/id_rsa" port="22" customName="web01.xai-corp.net" nameFormat="CUSTOM" username="ansible" />
    </configs>
  </component>
 </project>
--- a/dockerfiles/services/sslproxy/cli/certbot/certbot
+++ b/dockerfiles/services/sslproxy/cli/certbot/certbot
@@ -0,0 +1,31 @@
 #!/usr/bin/env bash
 set -e
 #set -x
 LETSENCRYPT_IMAGE=dkregistry.xai-corp.net:5000/xaicorp/acme-certbot
 LETSENCRYPT_MOUNT=/opt/shared/letsencrypt-2-staging
 export DOCKER_HOST=${DOCKER_HOST:-'dkhost:2376'}
 export LETSENCRYPT_MOUNT
 export LETSENCRYPT_IMAGE
 run() {
  docker-compose \
    -f docker-compose.tools.yml \
    run test $@
 }
 run_help() {
    docker-compose \
    -f docker-compose.tools.yml \
    run test --help $@
 }
 while getopts h name
 do
    case $name in
    h) run_help $@;;
    *) run $@;;
    esac
 done
--- a/dockerfiles/services/sslproxy/cli/certbot/certbot.help
+++ b/dockerfiles/services/sslproxy/cli/certbot/certbot.help
@@ -0,0 +1,3 @@
 ARGS  - The arguments you wish to provide to this command
 TODO: Fill out the help information for this command.
--- a/dockerfiles/services/sslproxy/cli/certbot/certbot.usage
+++ b/dockerfiles/services/sslproxy/cli/certbot/certbot.usage
@@ -0,0 +1 @@
 ARGS...
--- a/dockerfiles/services/sslproxy/cli/certbot/info
+++ b/dockerfiles/services/sslproxy/cli/certbot/info
@@ -0,0 +1,22 @@
 #!/usr/bin/env bash
 echo -e TODO: make this work!
 set -e
 set -x
 LETSENCRYPT_IMAGE=dkregistry.xai-corp.net:5000/xaicorp/acme-certbot
 LETSENCRYPT_MOUNT=/opt/shared/letsencrypt-2-staging
 if [ "$1" == 'prod' ]; then
  LETSENCRYPT_MOUNT=/opt/shared/letsencrypt-2
 fi
 export LETSENCRYPT_MOUNT
 export LETSENCRYPT_IMAGE
 export DOCKER_HOST=${DOCKER_HOST:-'dkhost:2376'}
 # shellcheck disable=SC2068
 docker-compose \
  -f docker-compose.tools.yml \
  run certificates
--- a/dockerfiles/services/sslproxy/cli/certbot/info.help
+++ b/dockerfiles/services/sslproxy/cli/certbot/info.help
@@ -0,0 +1,3 @@
 ARGS  - The arguments you wish to provide to this command
 TODO: Fill out the help information for this command.
--- a/dockerfiles/services/sslproxy/cli/certbot/info.usage
+++ b/dockerfiles/services/sslproxy/cli/certbot/info.usage
@@ -0,0 +1 @@
 ARGS...
--- a/dockerfiles/services/sslproxy/cli/certbot/renew
+++ b/dockerfiles/services/sslproxy/cli/certbot/renew
@@ -0,0 +1,83 @@
 #!/usr/bin/env bash
 set -e
 #set -x
 LETSENCRYPT_IMAGE=dkregistry.xai-corp.net:5000/xaicorp/acme-certbot
 LETSENCRYPT_MOUNT=/opt/shared/letsencrypt-2-staging
 LOG=$(mktemp)
 ##export LOCAL_IMAGE
 #export REMOTE_IMAGE
 ##export TAG
 ###
 run() {
  if [ "$ENVIRONMENT" == 'prod' ]; then
    LETSENCRYPT_MOUNT=/opt/shared/letsencrypt-2
  fi
  update
 }
 update() {
  export DOCKER_HOST=${DOCKER_HOST:-'dkhost:2376'}
  export LETSENCRYPT_MOUNT
  export LETSENCRYPT_IMAGE
  # shellcheck disable=SC2086
  docker-compose \
    -f docker-compose.tools.yml \
    run renew ${OPTIONS}
 }
 function trap_exit() {
  code=$?
  if [ $code -gt 0 ]; then
    echo
    rm "$LOG"
    echo -e "\033[31mFailed updating production certs \033[39m"
    exit $code
  fi
  rm "$LOG"
  echo -e "\033[32mSuccess:\033[39m ssl certs have been updated"
 }
 trap  trap_exit EXIT
 print_usage() {
  printf "Usage: %s: [-b] [-t] [-s] \n" "$0"
  echo -r rollback
  echo -t smoke tests
  echo -s tag as latest
  echo -h help
  exit 0
 }
 ######
 ENVIRONMENT=dev
 OPTIONS=''
 while getopts de: name
 do
    case $name in
    d)
      OPTIONS="$OPTIONS --dryrun"
      ;;
    e)
      if [ $OPTARG == 'prod' ]; then
        ENVIRONMENT=prod
      else
        OPTIONS="$OPTIONS --test-cert"
      fi
      ;;
    : )
      echo "Invalid option: $OPTARG requires an argument" 1>&2
      ;;
    *)    print_usage;;
    esac
 done
 # shellcheck disable=SC2068
 run $@
--- a/dockerfiles/services/sslproxy/cli/certbot/renew.help
+++ b/dockerfiles/services/sslproxy/cli/certbot/renew.help
@@ -0,0 +1,3 @@
 ARGS  - The arguments you wish to provide to this command
 TODO: Fill out the help information for this command.
--- a/dockerfiles/services/sslproxy/cli/certbot/renew.usage
+++ b/dockerfiles/services/sslproxy/cli/certbot/renew.usage
@@ -0,0 +1 @@
 ARGS...
--- a/dockerfiles/services/sslproxy/docker-compose.tools.yml
+++ b/dockerfiles/services/sslproxy/docker-compose.tools.yml
@@ -0,0 +1,45 @@
 ---
 version: '3.4'
 services:
  renew:
    image: ${LETSENCRYPT_IMAGE}
    volumes:
      - ${LETSENCRYPT_MOUNT}:/etc/letsencrypt:ro
    ports:
      - 80:80
    command:
      - certonly
      - -n
      - --standalone
      - --test-cert
      - --dryrun
    networks:
      - prod_ui
  certificates:
    image: ${LETSENCRYPT_IMAGE}
    volumes:
      - ${LETSENCRYPT_MOUNT}:/etc/letsencrypt
    ports:
      - 80:80
    command:
      - certificates
 #      - --standalone
 #      - --test-cert
 #      - --dryrun
  test:
    image: ${LETSENCRYPT_IMAGE}
    volumes:
      - ${LETSENCRYPT_MOUNT}:/etc/letsencrypt
    ports:
      - 80:80
 networks:
  prod_ui:
    external:
      name: prod_ui
--- a/dockerfiles/services/sslproxy/letsencrypt/live/xai-corp.net/fullchain.pem
+++ b/dockerfiles/services/sslproxy/letsencrypt/live/xai-corp.net/fullchain.pem
@@ -1,24 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIEGjCCAwKgAwIBAgIULbQEK4iaDmSK8Q1YfECc68c2eScwDQYJKoZIhvcNAQEL
 BQAwfDELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBlF1ZWJlYzERMA8GA1UEBwwITW9u
 dHJlYWwxGDAWBgNVBAoMD1hhaSBDb3Jwb3JhdGlvbjEUMBIGA1UECwwLRGV2ZWxv
 cG1lbnQxGTAXBgNVBAMMEHd3dy54YWktY29ycC5uZXQwHhcNMjAwNTI5MTIxNzM3
 WhcNMjEwNTI5MTIxNzM3WjB8MQswCQYDVQQGEwJDQTEPMA0GA1UECAwGUXVlYmVj
 MREwDwYDVQQHDAhNb250cmVhbDEYMBYGA1UECgwPWGFpIENvcnBvcmF0aW9uMRQw
 EgYDVQQLDAtEZXZlbG9wbWVudDEZMBcGA1UEAwwQd3d3LnhhaS1jb3JwLm5ldDCC
 ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANUxDfARL54LvmZq1Ef4LAec
 K4RJhdRG6R4vNCdc7Lskb7bYNo5n5w8dx1X2Wb2j2Dt4ReXBedq3Fw4e+C8zxwSY
 XGheU98j7XRJwlOOtUokcIxiSgwF0e0mEIrtkF+J4H3Rudn/3HEdVz7c4kMxlS8a
 cEEl41hNEyEJw6d5t86mFdkht8nhsk0+6s0RA8aYHr7ruwuHyWvHbFyLgphmt+hG
 GdRNijcFWfhRm9a/DciW2rYVDpJIcpPHIUrG06vzxThuBdyaCsWHBwH1sVR3hYsi
 R7jmzu9LPFVUQpSG/d1aaWvhQ6kFlud9qCzz2yoi57qcf3lUt/22z5gSmBQ8ZNMC
 AwEAAaOBkzCBkDCBjQYDVR0RBIGFMIGCggx4YWktY29ycC5uZXSCEHd3dy54YWkt
 Y29ycC5uZXSCEGFiYy54YWktY29ycC5uZXSCEWRrdWkueGFpLWNvcnAubmV0ghBn
 aXQueGFpLWNvcnAubmV0ghRqZW5raW5zLnhhaS1jb3JwLm5ldIITeGFpYm94Lnhh
 aS1jb3JwLm5ldDANBgkqhkiG9w0BAQsFAAOCAQEANjXv0L9pTlk5eVfmyrgQz2Uf
 qe3nLZWRpwwOwDwdI32OQWB7VJwQtp13iRsvT+91xDGrpy7R52uz5Xxmf5vPcWtt
 nh2J60oeqRIkuh+cyyBAlAElRFw5Lqk37XjAWXbRvyFiUEnTu2k2jlYq55Az/+0U
 AXUj9LJbkBLZ89ZOEe9CNnlpV1mur1wGysxpRwh+lTan0WVdSy9nYnqsx5t8EOKM
 6pUZxqJmmQk988dajVFEodb+TNom6apcbjAwymjx6ggJmCF0zAFuJ1S8EfbuK665
 B10krT5BbEcV14V4W7Jne8tgxsN5wWkxytV029gsoBVes7EzuqQhGpUQ8mQ4KQ==
 -----END CERTIFICATE-----
--- a/dockerfiles/services/sslproxy/letsencrypt/live/xai-corp.net/privkey.pem
+++ b/dockerfiles/services/sslproxy/letsencrypt/live/xai-corp.net/privkey.pem
@@ -1,28 +0,0 @@
 -----BEGIN PRIVATE KEY-----
 MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVMQ3wES+eC75m
 atRH+CwHnCuESYXURukeLzQnXOy7JG+22DaOZ+cPHcdV9lm9o9g7eEXlwXnatxcO
 HvgvM8cEmFxoXlPfI+10ScJTjrVKJHCMYkoMBdHtJhCK7ZBfieB90bnZ/9xxHVc+
 3OJDMZUvGnBBJeNYTRMhCcOnebfOphXZIbfJ4bJNPurNEQPGmB6+67sLh8lrx2xc
 i4KYZrfoRhnUTYo3BVn4UZvWvw3Iltq2FQ6SSHKTxyFKxtOr88U4bgXcmgrFhwcB
 9bFUd4WLIke45s7vSzxVVEKUhv3dWmlr4UOpBZbnfags89sqIue6nH95VLf9ts+Y
 EpgUPGTTAgMBAAECggEACPIcAZzXAKzBeo61BagWQON+t/hV00h+c7PLXnN5w4iN
 34BHGcamXW4EdUj3DwwXALfVRwTNVi4km4UVKPXlPf4esopyvoRFbIHD07nDRa8t
 wdZGASclXewg+ZNqYXfpoZ3xTIJ9/4kZphuiqusjtWxIlZM/bO8fBF3ihd6HpfYi
 gN/BWYWxhNnhIrctWGZmEmk1hB8oT6VWPNGaydwcorL9fHIxvfVEojByIIIqHS/K
 krZN1nlZuPRLGackUGD5xJwAAvN6xwBQOqP+Eei7jBwQEABIoDaggZYuJLfCMpPq
 7K1E7BsOtyAxXzWkW9Hrzx1VmmZYzw1uhDvU7nyesQKBgQD6vmzh4aB5r13rf0XE
 sOBbzzf/otZujcotGkcsWp0Ylqj7EgcLjvlgy+STV6m1sdAeOEsHjiwGDa+geyk5
 hFIclTlRRO8bvU3w4fsjl8qvd51cCPBwFHMQVeTubtFDKyeE3/3Bi0t1AUrAAkAg
 VGfjfjaCrCcYVegkQ983YOEu/wKBgQDZqRyEnPCxlY6FHPw04lr/vg73y05zvaBa
 bUolI6NosSjs6iXlOnpS9rR/YLVnCz3qPscu+QQEDCQokNmOSKbbsKHvtbC7CuoH
 4uP1oridxVvx004A+RNPiePnVWGtEtEB6GctFtcZsK4c6XGs69wxAmOvvzgfnkol
 3iEGABreLQKBgQDuyp0M/QAEAuOR29JIwB3asVxmIuDNxlCtZWI0tlL30Ls65+83
 rcCG04ZqX8jqlV1a+kdR+a6pUS1ZyxD2irJcMCy23cxNAZqRddTjD7LiKir9NDIu
 uvrdqr9r5rN5oUZwf5S9VnfVBRb4BuylHV0WxOMKzQIqZd2/c7fHmIa7ZwKBgQCO
 jicCZ/Nwq74zSp+YV2Q4OZd+DabtQRYEA65bErNUvytJt7VoI9u3+KKRBproyUEc
 6U71YdySdg08kFocyVKXcmEtKXd9mZFb5utclt2JX5hvkvB0zK0sG+irO42EmF1R
 fZANxPbOeZwfjXmJQtTtOF5n3bp5Yue3U3uXfXwbZQKBgFn9PZJBHDrxQ1C1+2hG
 ImKqz0Qvl79YXNTIezQynz7Fxz9UPcf9GkC5hHvD5d6pCrG7xLDGSnBdzwBZYyw/
 3dmqhAjJzzPBlRd660CNOGWt5I7pQpb66hD+///KUg8DJtwuTXKrDeE+1j+ZWSDy
 V5aOKsQb/RDKGeI0rnlTfhNt
 -----END PRIVATE KEY-----
		`@@ -0,0 +1,3 @@`
							`ARGS - The arguments you wish to provide to this command`

							`TODO: Fill out the help information for this command.`