-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrun.sh
executable file
·146 lines (124 loc) · 4.71 KB
/
run.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
#!/bin/bash
if [[ -z ${SECRET_ID} ]]
then
echo "please provide aunsight secret id where AWS creds are located. exiting"
sleep 1
exit 1
fi
if [[ -z ${CERT_SECRET_ID} ]]
then
echo "missing cert Secret ID location."
sleep 1
exit 1
fi
if [[ -z ${DOMAIN_NAME} ]]
then
echo "missing domain to renew exiting."
sleep 1
exit 1
fi
mkdir -p /home/user/
echo "downloading AWS creds from Aunsight Secrets"
au2 c se ${AU_ORGANIZATION}
SECRET=$(au2 secret download ${SECRET_ID})
echo "Genrating Cert for ${DOMAIN_NAME}"
echo "Setting AWS creds from host"
export AWS_ACCESS_KEY_ID=$(echo $SECRET | jq -r .AWS_ACCESS_KEY_ID)
export AWS_SECRET_ACCESS_KEY=$(echo $SECRET | jq -r .AWS_SECRET_ACCESS_KEY )
certbot certonly -n --agree-tos --email [email protected] --dns-route53 --expand --server https://acme-v02.api.letsencrypt.org/directory -d ${DOMAIN_NAME}
CLEANED_DOMAIN_NAME=${DOMAIN_NAME#*.}
echo "validation Cert genration Completed."
ls -ls /etc/letsencrypt/live/${CLEANED_DOMAIN_NAME}/fullchain.pem || (echo "Cert Gen error.. Full chain Cert dont exist.. exiting" && exit 1 )
ls -ls /etc/letsencrypt/live/${CLEANED_DOMAIN_NAME}/privkey.pem || (echo "Cert Gen error.. Cert Private Key dont exist.. exiting" && exit 1 )
TEMP_PATH=/tmp/temp.pem
cat /etc/letsencrypt/live/${CLEANED_DOMAIN_NAME}/privkey.pem /etc/letsencrypt/live/${CLEANED_DOMAIN_NAME}/fullchain.pem > ${TEMP_PATH}
echo "Uploading certs to Aunsight."
au2 secret ingest -i ${CERT_SECRET_ID} --file ${TEMP_PATH} --force-overwrite
# #JIRA STUFF...
# #TODO
JIRA_USERNAME=$(echo $SECRET | jq -r .JIRA_USER )
JIRA_PASSWORD=$(echo $SECRET | jq -r .JIRA_TOKEN )
NAME_OF_TICKET="Renew Cert for ${DOMAIN_NAME}"
#Search for Ticket in last 7 days.
LIST_OF_ISSUES=$(curl -X POST \
https://aunalytics.atlassian.net/rest/api/2/search \
-u ${JIRA_USERNAME}:${JIRA_PASSWORD} \
-H 'Content-Type: application/json' \
-d '{
"jql" : "project = AUN AND summary ~\"'"${CLEANED_DOMAIN_NAME}"'\" AND createdDate >= startOfDay(\"-7\") ORDER BY status ASC, created DESC",
"maxResults" : 5,
"fields": ["id","key","summary"]
}')
echo "LIST OF ISSUES : ${LIST_OF_ISSUES}"
if [[ $(echo ${LIST_OF_ISSUES} | jq -r .total ) -gt 0 ]]
then
echo "ISSUE EXIST"
echo "Key of isssue : $(echo ${LIST_OF_ISSUES} | jq -r .issues[].key) "
if [[ "$(echo ${LIST_OF_ISSUES} | jq -r .issues[].fields.summary)" == $NAME_OF_TICKET ]]
then
echo "SUCCEDED"
sleep 1
exit 1
fi
else
echo $NAME_OF_TICKET
echo $DOMAIN_NAME
echo "Creating Issue."
JIRA_RES=$(curl -X POST \
https://aunalytics.atlassian.net/rest/api/2/issue/ \
-u ${JIRA_USERNAME}:${JIRA_PASSWORD} \
-H "Content-Type: application/json" \
-d '{
"fields": {
"project":{"key": "AUN"},
"summary": "'"${NAME_OF_TICKET}"'",
"description": "Creating Ticket for renewing cert for '"${DOMAIN_NAME}"'",
"issuetype": {"name": "Task"},
"assignee": {"name" : "ppatel"}
}
}')
TICKET_ID=$(echo ${JIRA_RES} | jq -r .key)
fi
#Uploading Certs to Repo
cd /home/user
mkdir -p /home/user/.ssh
GIT_SSH_KEY_PATH="/home/user/.ssh/id_rsa"
echo "setting ansible password."
ANSIBLE_VAULT_PASS_FILE="/home/user/.ansiblepass"
export ANSIBLE_VAULT_PASS=$(echo $SECRET | jq -r .ANSIBLE_VAULT_PASS)
echo ${ANSIBLE_VAULT_PASS} > ${ANSIBLE_VAULT_PASS_FILE}
echo -e $(echo $SECRET | jq -r .GIT_SSH_KEY) > ${GIT_SSH_KEY_PATH}
chmod -R 600 ${GIT_SSH_KEY_PATH}
chmod -R 600 /home/user/.ssh
export GIT_SSH_COMMAND="ssh -i ${GIT_SSH_KEY_PATH} -o StrictHostKeyChecking=no "
git config --global user.name "Auto Cert"
git config --global user.email [email protected]
git clone [email protected]:au-developers/aunsight-deployment-ansible.git
cd aunsight-deployment-ansible/ansible || (echo "git Failed exiting " && exit 1 )
LIST_OF_KEY_PATH=$(find . -name "\*.${CLEANED_DOMAIN_NAME}.privkey.pem")
LIST_OF_FULLCHAIN_PATH=$(find . -name "\*.${CLEANED_DOMAIN_NAME}.fullchain.pem")
if [[ -z ${LIST_OF_FULLCHAIN_PATH} && -z ${LIST_OF_KEY_PATH} ]]
then
echo "Cert Files not found"
sleep 1
exit 1
fi
for i in "${LIST_OF_KEY_PATH}"
do
echo "replacing key files at ${i}"
cp /etc/letsencrypt/live/${CLEANED_DOMAIN_NAME}/privkey.pem $i
ansible-vault encrypt $i --vault-password-file=${ANSIBLE_VAULT_PASS_FILE}
done
for i in "${LIST_OF_FULLCHAIN_PATH}"
do
echo "replacing Full chain files at ${i}"
cp /etc/letsencrypt/live/${CLEANED_DOMAIN_NAME}/fullchain.pem $i
ansible-vault encrypt $i --vault-password-file=${ANSIBLE_VAULT_PASS_FILE}
done
git pull
git checkout -b "${TICKET_ID}-cert-update"
# git branch -b "${TICKET_ID}-cert-update"
git add .
git commit -m "${TICKET_ID} updated Certs."
git push -u origin "${TICKET_ID}-cert-update"
sleep 5