From 4934c2d085680315974c60f131d55ad81df93f57 Mon Sep 17 00:00:00 2001 From: Peter Hormanns Date: Wed, 28 Jun 2017 15:31:52 +0200 Subject: [PATCH] link letsencrypt cert and trigger acmebot --- .../mods/dom/DomainProcessorFactory.java | 120 ++++++++++-------- 1 file changed, 69 insertions(+), 51 deletions(-) diff --git a/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java b/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java index d15f0cf..74972d0 100644 --- a/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java +++ b/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java @@ -13,6 +13,7 @@ import de.hsadmin.core.qserv.CompoundProcessor; import de.hsadmin.core.qserv.CopyFileProcessor; import de.hsadmin.core.qserv.CreateFileProcessor; import de.hsadmin.core.qserv.EntityProcessorFactory; +import de.hsadmin.core.qserv.NullProcessor; import de.hsadmin.core.qserv.Processor; import de.hsadmin.core.qserv.ProcessorException; import de.hsadmin.core.qserv.ShellProcessor; @@ -51,13 +52,30 @@ public class DomainProcessorFactory implements EntityProcessorFactory { } public Processor createUpdateProcessor(EntityManager em, T entity) throws ProcessorException { - Domain dom = (Domain) entity; - UnixUser domUser = dom.getUser(); - Pac pac = domUser.getPac(); + final Domain dom = (Domain) entity; + final UnixUser domUser = dom.getUser(); + final Pac pac = domUser.getPac(); final Processor apacheVHostSetupProcessor = createApacheVHostSetupProcessor(em, dom); - final Processor letencryptSetupProcessor = createACMEBotProcessor(em, dom); - WaitingTasksProcessor processor = new WaitingTasksProcessor(new CompoundProcessor(apacheVHostSetupProcessor, letencryptSetupProcessor)); - Config config = Config.getInstance(); + final Processor letencryptSetupProcessor = createACMEBotProcessor(em, dom); + + final String domName = dom.getName(); + final Query query = em.createQuery("SELECT d FROM Domains d WHERE d.domainoptions.name = :option AND d.name = :domname"); + query.setParameter("domname", domName); + query.setParameter("option", "letsencrypt"); + Processor linkLetsencryptCertsProcessor = new NullProcessor(); + if (!query.getResultList().isEmpty()) { + linkLetsencryptCertsProcessor = new ShellProcessor( + "rm -f /etc/apache2/pems-enabled/" + domName + ".crt" + + " && rm -f /etc/apache2/pems-enabled/" + domName + ".key" + + " && rm -f /etc/apache2/pems-enabled/" + domName + ".chain" + + " && ln -s /etc/apache2/pems-generated/" + domName + ".key /etc/apache2/pems-enabled/" + domName + ".key" + + " && ln -s /etc/apache2/pems-generated/" + domName + ".crt /etc/apache2/pems-enabled/" + domName + ".crt" + + " && ln -s /etc/apache2/pems-generated/" + domName + ".chain /etc/apache2/pems-enabled/" + domName + ".chain"); + } + + final WaitingTasksProcessor processor = new WaitingTasksProcessor( + new CompoundProcessor(apacheVHostSetupProcessor, letencryptSetupProcessor, linkLetsencryptCertsProcessor)); + final Config config = Config.getInstance(); for (String queueName : config.getProperty("queues.mail").split(",")) { processor.appendProcessor(queueName, createMailinSetupProcessor(em, dom, pac), queueName + ".hostsharing.net"); } @@ -65,12 +83,12 @@ public class DomainProcessorFactory implements EntityProcessorFactory { } public Processor createDeleteProcessor(EntityManager em, T entity) throws ProcessorException { - Domain dom = (Domain) entity; - String domName = dom.getName(); - WaitingTasksProcessor mainProcessor = new WaitingTasksProcessor( + final Domain dom = (Domain) entity; + final String domName = dom.getName(); + final WaitingTasksProcessor mainProcessor = new WaitingTasksProcessor( createHiveDNSRemoveProcessor(domName) ); - Config config = Config.getInstance(); + final Config config = Config.getInstance(); for (String queueName : config.getProperty("queues.dns").split(",")) { mainProcessor.appendProcessor(queueName, createDNSServerConfigProcessor(em), queueName + ".hostsharing.net"); } @@ -83,8 +101,8 @@ public class DomainProcessorFactory implements EntityProcessorFactory { } private Processor createDNSServerConfigProcessor(EntityManager em) { - Query query = em.createQuery("SELECT d FROM Domains d"); - HashMap templateVars = new HashMap(); + final Query query = em.createQuery("SELECT d FROM Domains d"); + final HashMap templateVars = new HashMap(); templateVars.put("domains", query.getResultList()); return new CompoundProcessor( new VelocityProcessor("/de/hsadmin/mods/dom/named-hsh-conf.vm", @@ -95,25 +113,25 @@ public class DomainProcessorFactory implements EntityProcessorFactory { } private Processor createHiveDNSSetupProcessor(EntityManager em, Domain dom) throws ProcessorException { - Map templateVars = new HashMap(); - templateVars.put("sio", Long.toString(System.currentTimeMillis()/1000L)); - String domName = dom.getName(); - String zonefileTargetPath = "/etc/bind/pri." + domName; - Processor zonefileTemplateProcessor = - new VelocityProcessor("/de/hsadmin/mods/dom/zonefile.vm", templateVars, dom, zonefileTargetPath, false); - Processor zonefileACLProcessor = + final Map zonefileTemplateVars = new HashMap(); + zonefileTemplateVars.put("sio", Long.toString(System.currentTimeMillis()/1000L)); + final String domName = dom.getName(); + final String zonefileTargetPath = "/etc/bind/pri." + domName; + final Processor zonefileTemplateProcessor = + new VelocityProcessor("/de/hsadmin/mods/dom/zonefile.vm", zonefileTemplateVars, dom, zonefileTargetPath, false); + final Processor zonefileACLProcessor = new ShellProcessor("chown root:bind " + zonefileTargetPath + " && chmod 644 " + zonefileTargetPath); - Query query = em.createQuery("SELECT d FROM Domains d WHERE d.user.pac.hive.name = :hivename"); + final Query query = em.createQuery("SELECT d FROM Domains d WHERE d.user.pac.hive.name = :hivename"); query.setParameter("hivename", dom.getUser().getHiveName()); - templateVars = new HashMap(); - templateVars.put("domains", query.getResultList()); - Processor prizonesFileProcessor = new CompoundProcessor( + final Map namedZonesTemplateVars = new HashMap(); + namedZonesTemplateVars.put("domains", query.getResultList()); + final Processor prizonesFileProcessor = new CompoundProcessor( new VelocityProcessor("/de/hsadmin/mods/dom/named-pri-zones.vm", - templateVars, dom, "/etc/bind/named.pri-zones.tmp", true), + namedZonesTemplateVars, dom, "/etc/bind/named.pri-zones.tmp", true), new ShellProcessor(" ( diff -q /etc/bind/named.pri-zones.tmp /etc/bind/named.pri-zones && rm /etc/bind/named.pri-zones.tmp ) " + "|| ( mv /etc/bind/named.pri-zones.tmp /etc/bind/named.pri-zones && invoke-rc.d bind9 reload )") ); - Processor dnsSetupProcessor = + final Processor dnsSetupProcessor = new CompoundProcessor(zonefileTemplateProcessor, zonefileACLProcessor, prizonesFileProcessor); return dnsSetupProcessor; } @@ -126,28 +144,28 @@ public class DomainProcessorFactory implements EntityProcessorFactory { } private CompoundProcessor createHiveEMailSetupProcessor(EntityManager em, Domain dom) { - EMailAddressProcessorFactory eMailAddressProcessorFactory = new EMailAddressProcessorFactory(); - CompoundProcessor emailAdrProcessor = new CompoundProcessor(); - Query query = em.createQuery( + final EMailAddressProcessorFactory eMailAddressProcessorFactory = new EMailAddressProcessorFactory(); + final CompoundProcessor emailAdrProcessor = new CompoundProcessor(); + final Query query = em.createQuery( "SELECT adr FROM " + EMailAddress.class.getAnnotation(javax.persistence.Entity.class).name() + " adr " + "WHERE adr.domain.name='" + dom.getName() + "'"); - List resultList = query.getResultList(); - for (Object obj : resultList) { - EMailAddress eMailAddress = (EMailAddress) obj; + final List resultList = query.getResultList(); + for (final Object obj : resultList) { + final EMailAddress eMailAddress = (EMailAddress) obj; emailAdrProcessor.appendProcessor(eMailAddressProcessorFactory.createCreateProcessor(em, eMailAddress)); } return emailAdrProcessor; } private Processor createMailinSetupProcessor(EntityManager em, Domain dom, Pac pac) throws ProcessorException { - String inetAddr = pac.getCurINetAddr().getInetAddr(); - CompoundProcessor cp = new CompoundProcessor( + final String inetAddr = pac.getCurINetAddr().getInetAddr(); + final CompoundProcessor cp = new CompoundProcessor( createPostgreyConfiguration(em), new ShellProcessor("postmap -r -i /etc/postfix-mailin/relaydomains", dom.getName() + " anything\n" + "." + dom.getName() + " anything\n")); - Query query = em.createQuery("SELECT d FROM Domains d WHERE d.domainoptions.name = :option AND d.name = :domname"); + final Query query = em.createQuery("SELECT d FROM Domains d WHERE d.domainoptions.name = :option AND d.name = :domname"); query.setParameter("domname", dom.getName()); query.setParameter("option", "backupmxforexternalmx"); if (query.getResultList().isEmpty()) { @@ -167,19 +185,19 @@ public class DomainProcessorFactory implements EntityProcessorFactory { } private Processor createPostgreyConfiguration(EntityManager em) throws ProcessorException { - List whitelistDoms = new ArrayList(); - Query query = em.createQuery("SELECT DISTINCT dom FROM Domains dom WHERE NOT EXISTS " + + final List whitelistDoms = new ArrayList(); + final Query query = em.createQuery("SELECT DISTINCT dom FROM Domains dom WHERE NOT EXISTS " + "( SELECT postgreyDom FROM Domains postgreyDom " + " WHERE postgreyDom.domainoptions.name = :option" + " AND postgreyDom.name = dom.name )"); query.setParameter("option", "greylisting"); - List result = query.getResultList(); + final List result = query.getResultList(); for (Object dom : result) { if (dom instanceof Domain) { whitelistDoms.add((Domain) dom); } } - HashMap templateVars = new HashMap(); + final HashMap templateVars = new HashMap(); templateVars.put("whitelist", whitelistDoms); return new CompoundProcessor( new VelocityProcessor("/de/hsadmin/mods/dom/postgrey-whitelist-recipients.vm", @@ -201,15 +219,15 @@ public class DomainProcessorFactory implements EntityProcessorFactory { } private CompoundProcessor createDomainDirectoriesProcessor(Domain dom) throws ProcessorException { - Map templateVars = new HashMap(); - UnixUser domUser = dom.getUser(); - String domName = dom.getName(); - Pac pac = domUser.getPac(); - String pacName = pac.getName(); - String homeDir = domUser.getHomedir(); - String domsDir = homeDir + "/doms"; - String userName = domUser.getName(); - String domainDir = domsDir + "/" + dom.getName(); + final Map templateVars = new HashMap(); + final UnixUser domUser = dom.getUser(); + final String domName = dom.getName(); + final Pac pac = domUser.getPac(); + final String pacName = pac.getName(); + final String homeDir = domUser.getHomedir(); + final String domsDir = homeDir + "/doms"; + final String userName = domUser.getName(); + final String domainDir = domsDir + "/" + dom.getName(); String httpdRights = ""; if (pacName != userName) { httpdRights = @@ -308,10 +326,10 @@ public class DomainProcessorFactory implements EntityProcessorFactory { } private Processor createApacheVHostDeleteProcessor(Domain dom) { - String domName = dom.getName(); - int level = domName.split("\\.").length; - String linkPrefix = Integer.toString(100 - level); - Processor vhostDelProcessor = + final String domName = dom.getName(); + final int level = domName.split("\\.").length; + final String linkPrefix = Integer.toString(100 - level); + final Processor vhostDelProcessor = new ShellProcessor("rm -f /home/doms/" + domName + " && rm -f /etc/apache2/sites-enabled/" + linkPrefix + "-" + domName + " && rm -f /etc/apache2/sites-available/" + domName +