gru/certpusher
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mikrotik check cert

Browse Source
This commit is contained in:
Mateusz Gruszczyński
2025-10-27 09:23:13 +01:00
parent 81d13e44eb
commit c42250196f
1 changed files with 123 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
certpusher.py
View File

@@ -270,11 +270,7 @@ class MikroTikManager(SSHManager):
self.key_name = "letsencrypt-key"
def check_certificate_expiry(self, source_cert: x509.Certificate, services: List[str]) -> bool:
"""
Check if certificate on MikroTik needs update
Also verifies that services are properly configured
Returns True if upload needed, False if everything is OK
"""
"""Check if certificate on MikroTik needs update"""
try:
logger.info("Checking MikroTik certificate")
@@ -307,7 +303,7 @@ class MikroTikManager(SSHManager):
mikrotik_expiry = datetime.strptime(mikrotik_expiry_str, '%Y-%m-%d %H:%M:%S')
mikrotik_expiry = mikrotik_expiry.replace(tzinfo=timezone.utc)
except ValueError:
logger.warning(f"Could not parse date")
logger.warning("Could not parse date")
return True
logger.info(f"Source expires: {source_expiry}")
@@ -316,11 +312,11 @@ class MikroTikManager(SSHManager):
time_diff = abs((source_expiry - mikrotik_expiry).total_seconds())
if time_diff >= 86400:
logger.info(f"Certificate differs. Upload needed.")
logger.info("Certificate differs. Upload needed.")
return True
# Certificate is current, but check if services are properly configured
logger.info("Certificate is current. Verifying services configuration...")
# Certificate is current, check services
logger.info("Certificate is current. Verifying services...")
cert_name = "letsencrypt.pem_0"
services_need_update = False
@@ -332,7 +328,6 @@ class MikroTikManager(SSHManager):
)
if success and stdout:
# Check if certificate is set correctly
if f'certificate={cert_name}' not in stdout and 'certificate=letsencrypt' not in stdout:
logger.warning(f"Service {service} not using correct certificate")
services_need_update = True
@@ -345,7 +340,7 @@ class MikroTikManager(SSHManager):
if services_need_update:
logger.info("Services need reconfiguration. Updating...")
self.configure_services(services, cert_name)
return False # Don't need to upload cert, just reconfigure
return False
logger.info("✓ Certificate and services are current. Skipping.")
return False
@@ -355,12 +350,11 @@ class MikroTikManager(SSHManager):
return True
def configure_services(self, services: List[str], cert_name: str):
"""Configure services to use certificate without re-uploading"""
"""Configure services to use certificate"""
try:
for service in services:
logger.info(f"Configuring {service}")
# Set certificate
success, _, stderr = self.execute_command(
f'/ip service set {service} certificate="{cert_name}"',
ignore_error=True
@@ -371,7 +365,6 @@ class MikroTikManager(SSHManager):
else:
logger.warning(f"Failed to configure {service}: {stderr}")
# Ensure service is enabled
success, stdout, _ = self.execute_command(
f'/ip service print where name="{service}"',
ignore_error=True
@@ -393,7 +386,7 @@ class MikroTikManager(SSHManager):
if check_first and source_cert:
if not self.check_certificate_expiry(source_cert, services):
return True, False # Certificate and services are OK
return True, False
logger.info(f"Deploying certificate for: {', '.join(services)}")
@@ -467,16 +460,15 @@ class MikroTikManager(SSHManager):
time.sleep(2)
# Use predictable name
# Configure
imported_cert_name = "letsencrypt.pem_0"
logger.info(f"Using certificate: {imported_cert_name}")
# Configure services using the new method
self.configure_services(services, imported_cert_name)
time.sleep(1)
logger.info(f"✓ MikroTik deployment completed")
logger.info("✓ MikroTik deployment completed")
return True, True
except Exception as e: