bunkerweb/jobs/main.py

#!/usr/bin/python3

import argparse, sys, re

sys.path.append("/opt/bunkerized-nginx/jobs")

import Abusers, CertbotNew, CertbotRenew, ExitNodes, GeoIP, Proxies, Referrers, SelfSignedCert, UserAgents
from Job import JobRet, JobManagement, ReloadRet

from logger import log

JOBS = {
	"abusers": Abusers.Abusers,
	"certbot-new": CertbotNew.CertbotNew,
	"certbot-renew": CertbotRenew.CertbotRenew,
	"exit-nodes": ExitNodes.ExitNodes,
	"geoip": GeoIP.GeoIP,
	"proxies": Proxies.Proxies,
	"referrers": Referrers.Referrers,
	"self-signed-cert": SelfSignedCert.SelfSignedCert,
	"user-agents": UserAgents.UserAgents
}

if __name__ == "__main__" :

	# Parse arguments
	parser = argparse.ArgumentParser(description="job runner for bunkerized-nginx")
	parser.add_argument("--name", default="", type=str, help="job to run (e.g : abusers or certbot-new or certbot-renew ...)")
	parser.add_argument("--cache", action="store_true", help="copy data from cache if available")
	parser.add_argument("--reload", action="store_true", help="reload nginx if necessary and the job is successful")
	parser.add_argument("--domain", default="", type=str, help="domain(s) for certbot-new job (e.g. : www.example.com or app1.example.com,app2.example.com)")
	parser.add_argument("--email", default="", type=str, help="email for certbot-new job (e.g. : contact@example.com)")
	parser.add_argument("--staging", action="store_true", help="use staging server for let's encrypt instead of the production one")
	parser.add_argument("--dst_cert", default="", type=str, help="certificate path for self-signed-cert job (e.g. : /etc/nginx/default-cert.pem)")
	parser.add_argument("--dst_key", default="", type=str, help="key path for self-signed-cert job (e.g. : /etc/nginx/default-key.pem)")
	parser.add_argument("--expiry", default="", type=str, help="number of validity days for self-signed-cert job (e.g. : 365)")
	parser.add_argument("--subj", default="", type=str, help="certificate subject for self-signed-cert job (e.g. : OU=X/CN=Y...)")
	args = parser.parse_args()

	# Check job name
	if not args.name in JOBS :
		log("job", "ERROR", "unknown job " + args.name)
		sys.exit(1)
	job = args.name

	# Acquire the lock before
	management = JobManagement()
	management.lock()

	# Check if we are using redis or not
	redis_host = None
	try :
		with open("/etc/nginx/global.env", "r") as f :
			data = f.read()
		if re.search(r"^USE_REDIS=yes$", data, re.MULTILINE) :
			re_match = re.search(r"^REDIS_HOST=(.+)$", data, re.MULTILINE)
			if re_match :
				redis_host = re_match.group(1)
	except :
		log("job", "ERROR", "can't check if redis is used")

	# Run job
	log("job", "INFO", "executing job " + job)
	ret = 0
	if job == "certbot-new" :
		instance = JOBS[job](redis_host=redis_host, copy_cache=args.cache, domain=args.domain, email=args.email, staging=args.staging)
	elif job == "self-signed-cert" :
		instance = JOBS[job](redis_host=redis_host, copy_cache=args.cache, dst_cert=args.dst_cert, dst_key=args.dst_key, expiry=args.expiry, subj=args.subj)
	else :
		instance = JOBS[job](redis_host=redis_host, copy_cache=args.cache)
	ret = instance.run()
	if ret == JobRet.KO :
		log("job", "ERROR", "error while running job " + job)
		management.unlock()
		sys.exit(1)
	log("job", "INFO", "job " + job + " successfully executed")

	# Reload
	if ret == JobRet.OK_RELOAD and args.reload :
		ret = management.reload()
		if ret == ReloadRet.KO :
			log("job", "ERROR", "error while doing reload operation (job = " + job + ")")
			management.unlock()
			sys.exit(1)
		elif ret == ReloadRet.OK :
			log("job", "INFO", "reload operation successfully executed (job = " + job + ")")
		elif ret == ReloadRet.NO :
			log("job", "INFO", "skipped reload operation because nginx is not running (job = " + job + ")")
	else :
		log("job", "INFO", "skipped reload operation because it's not needed (job = " + job + ")")

	# Release the lock
	management.unlock()

	# Done
	sys.exit(0)