gru/certpusher
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mikrotik check cert

Browse Source
This commit is contained in:
Mateusz Gruszczyński
2025-10-27 09:23:13 +01:00
parent 81d13e44eb
commit c42250196f
1 changed files with 123 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
certpusher.py
View File

@@ -270,11 +270,7 @@ class MikroTikManager(SSHManager):
self.key_name = "letsencrypt-key" self.key_name = "letsencrypt-key"
def check_certificate_expiry(self, source_cert: x509.Certificate, services: List[str]) -> bool: def check_certificate_expiry(self, source_cert: x509.Certificate, services: List[str]) -> bool:
""" """Check if certificate on MikroTik needs update"""
Check if certificate on MikroTik needs update
Also verifies that services are properly configured
Returns True if upload needed, False if everything is OK
"""
try: try:
logger.info("Checking MikroTik certificate") logger.info("Checking MikroTik certificate")
@@ -307,7 +303,7 @@ class MikroTikManager(SSHManager):
mikrotik_expiry = datetime.strptime(mikrotik_expiry_str, '%Y-%m-%d %H:%M:%S') mikrotik_expiry = datetime.strptime(mikrotik_expiry_str, '%Y-%m-%d %H:%M:%S')
mikrotik_expiry = mikrotik_expiry.replace(tzinfo=timezone.utc) mikrotik_expiry = mikrotik_expiry.replace(tzinfo=timezone.utc)
except ValueError: except ValueError:
logger.warning(f"Could not parse date") logger.warning("Could not parse date")
return True return True
logger.info(f"Source expires: {source_expiry}") logger.info(f"Source expires: {source_expiry}")
@@ -316,11 +312,11 @@ class MikroTikManager(SSHManager):
time_diff = abs((source_expiry - mikrotik_expiry).total_seconds()) time_diff = abs((source_expiry - mikrotik_expiry).total_seconds())
if time_diff >= 86400: if time_diff >= 86400:
logger.info(f"Certificate differs. Upload needed.") logger.info("Certificate differs. Upload needed.")
return True return True
# Certificate is current, but check if services are properly configured # Certificate is current, check services
logger.info("Certificate is current. Verifying services configuration...") logger.info("Certificate is current. Verifying services...")
cert_name = "letsencrypt.pem_0" cert_name = "letsencrypt.pem_0"
services_need_update = False services_need_update = False
@@ -332,7 +328,6 @@ class MikroTikManager(SSHManager):
) )
if success and stdout: if success and stdout:
# Check if certificate is set correctly
if f'certificate={cert_name}' not in stdout and 'certificate=letsencrypt' not in stdout: if f'certificate={cert_name}' not in stdout and 'certificate=letsencrypt' not in stdout:
logger.warning(f"Service {service} not using correct certificate") logger.warning(f"Service {service} not using correct certificate")
services_need_update = True services_need_update = True
@@ -345,7 +340,7 @@ class MikroTikManager(SSHManager):
if services_need_update: if services_need_update:
logger.info("Services need reconfiguration. Updating...") logger.info("Services need reconfiguration. Updating...")
self.configure_services(services, cert_name) self.configure_services(services, cert_name)
return False # Don't need to upload cert, just reconfigure return False
logger.info("✓ Certificate and services are current. Skipping.") logger.info("✓ Certificate and services are current. Skipping.")
return False return False
@@ -355,12 +350,11 @@ class MikroTikManager(SSHManager):
return True return True
def configure_services(self, services: List[str], cert_name: str): def configure_services(self, services: List[str], cert_name: str):
"""Configure services to use certificate without re-uploading""" """Configure services to use certificate"""
try: try:
for service in services: for service in services:
logger.info(f"Configuring {service}") logger.info(f"Configuring {service}")
# Set certificate
success, _, stderr = self.execute_command( success, _, stderr = self.execute_command(
f'/ip service set {service} certificate="{cert_name}"', f'/ip service set {service} certificate="{cert_name}"',
ignore_error=True ignore_error=True
@@ -371,7 +365,6 @@ class MikroTikManager(SSHManager):
else: else:
logger.warning(f"Failed to configure {service}: {stderr}") logger.warning(f"Failed to configure {service}: {stderr}")
# Ensure service is enabled
success, stdout, _ = self.execute_command( success, stdout, _ = self.execute_command(
f'/ip service print where name="{service}"', f'/ip service print where name="{service}"',
ignore_error=True ignore_error=True
@@ -393,7 +386,7 @@ class MikroTikManager(SSHManager):
if check_first and source_cert: if check_first and source_cert:
if not self.check_certificate_expiry(source_cert, services): if not self.check_certificate_expiry(source_cert, services):
return True, False # Certificate and services are OK return True, False
logger.info(f"Deploying certificate for: {', '.join(services)}") logger.info(f"Deploying certificate for: {', '.join(services)}")
@@ -467,16 +460,15 @@ class MikroTikManager(SSHManager):
time.sleep(2) time.sleep(2)
# Use predictable name # Configure
imported_cert_name = "letsencrypt.pem_0" imported_cert_name = "letsencrypt.pem_0"
logger.info(f"Using certificate: {imported_cert_name}") logger.info(f"Using certificate: {imported_cert_name}")
# Configure services using the new method
self.configure_services(services, imported_cert_name) self.configure_services(services, imported_cert_name)
time.sleep(1) time.sleep(1)
logger.info(f"✓ MikroTik deployment completed") logger.info("✓ MikroTik deployment completed")
return True, True return True, True
except Exception as e: except Exception as e: