client_management/lib/tasks/install_certbot.rake

require 'net/ssh'
require 'pathname'
require 'fileutils'
namespace :create_site do
  desc "Install certbot"
  task :install_certbot,[:server_name] => :environment do |task,args|
    #Multithread.where(:key=>'detect_sites').destroy
    Multithread.where(:key=>'install_certbot').each{|thread| thread.destroy if (thread.status["status"] == "error" || thread.status["status"] == "finish")}
    Multithread.where(:key=>'install_certbot').destroy
    @thread = Multithread.where(:key=>'install_certbot').first
    @type = "exec_all"
    if @thread.nil?
      begin
        @thread = Multithread.create(:key=>'install_certbot',:status=>{"infos"=>[],"status"=>"running"})
        if( args.server_name.nil? rescue true)
            site_servers = SiteServer.all.where(:active=>true).to_a
        else
            site_servers = SiteServer.where(:server_name=>args.server_name).to_a
        end
        site_servers.each do |site_server|
          @site_server = site_server
          update_thread_infos("<span style='color: skyblue;'>"+@site_server.server_name+"</span>")
          @password = @site_server.password
          begin
            begin 
              Net::SSH.start(@site_server.ip , @site_server.account , password: @site_server.password) do |ssh|
              end
            rescue Net::SSH::HostKeyMismatch
              system("ssh-keygen -f \"$HOME/.ssh/known_hosts\" -R #{@site_server.ip}")
            rescue Errno::ENOTTY
              system("ssh-add \"$HOME/.ssh/id_rsa\"")
            rescue => e
              update_thread_infos(e.to_s)
              next
            end
            Net::SSH.start(@site_server.ip , @site_server.account , password: @site_server.password) do |ssh|
              certbot_path = exec_ssh_command_by_sudo_and_see_output(ssh,"bash -l -c 'which certbot'",false,true).strip
              snap_path = exec_ssh_command_by_sudo_and_see_output(ssh,"bash -l -c 'which snap'",false,true).strip
              if certbot_path.blank?
                if snap_path.blank?
                  update_thread_infos("Installing snap...")
                  exec_ssh_command_by_sudo_and_see_output(ssh,"sudo -p 'sudo password:' apt update",true,false)
                  exec_ssh_command_by_sudo_and_see_output(ssh,"sudo -p 'sudo password:' apt install snapd -y",true,false)
                  snap_path = exec_ssh_command_by_sudo_and_see_output(ssh,"bash -l -c 'which snap'",false,true).strip
                end
                if snap_path.present?
                  update_thread_infos("Installing snap core...")
                  exec_ssh_command_by_sudo_and_see_output(ssh,"sudo -p 'sudo password:' bash -l -c 'snap install core && snap refresh core'",true,false)
                  update_thread_infos("Installing certbot with snap...")
                  exec_ssh_command_by_sudo_and_see_output(ssh,"sudo -p 'sudo password:' snap install --classic certbot",true,false)
                  exec_ssh_command_by_sudo_and_see_output(ssh,"sudo -p 'sudo password:' ln -s /snap/bin/certbot /usr/bin/certbot",false,false)
                  exec_ssh_command_by_sudo_and_see_output(ssh,"sudo -p 'sudo password:' certbot register --email bohung@rulingcom.com --agree-tos -n",false,false)
                  update_thread_infos("Finish install certbot!")
                  certbot_path = "/usr/bin/certbot"
                else
                  update_thread_infos("There was some error when installing snap!")
                end
              end
              if certbot_path.present?
                @site_server.has_certbot = true
                @site_server.save
                update_thread_infos("Setting certbot renew to cronjob...")
                crontab_lines = exec_ssh_command_by_sudo_and_see_output(ssh,"sudo -p 'sudo password:' crontab -l",false,false)
                certbot_renew_command = crontab_lines.select{|l| l.include?("certbot") && l.include?("renew")}[0]
                unless certbot_renew_command
                  update_thread_infos("Add certbot renew cronjob!")
                  certbot_renew_command = "30 2 * * 1 #{certbot_path} renew --no-self-upgrade --post-hook 'sudo service nginx restart' > /var/log/le-renew.log"
                  update_thread_infos(certbot_renew_command)
                  exec_ssh_command_by_sudo_and_see_output(ssh,"CRON=\"#{certbot_renew_command}\" && (sudo -p 'sudo password:' crontab -l; echo \"\$CRON\" ) | sudo -p 'sudo password:' crontab -",false)
                end
                update_thread_infos("Finish setting renew cronjob!")
              end
            end
          end
        end
        @thread.update(:status=>@thread.status.merge({"status"=>"finish"}))
      rescue => e
        puts [e,e.backtrace]
        @thread.update(:status=>{"infos"=>@thread.status["infos"].push(e.to_s),"status"=>"error"})
      end
    end
  end
end
Add certbot feature to install cert. 2021-08-11 08:16:14 +00:00			`require 'net/ssh'`
			`require 'pathname'`
			`require 'fileutils'`
			`namespace :create_site do`
			`desc "Install certbot"`
			`task :install_certbot,[:server_name] => :environment do \|task,args\|`
			`#Multithread.where(:key=>'detect_sites').destroy`
			`Multithread.where(:key=>'install_certbot').each{\|thread\| thread.destroy if (thread.status["status"] == "error" \|\| thread.status["status"] == "finish")}`
			`Multithread.where(:key=>'install_certbot').destroy`
			`@thread = Multithread.where(:key=>'install_certbot').first`
			`@type = "exec_all"`
			`if @thread.nil?`
			`begin`
			`@thread = Multithread.create(:key=>'install_certbot',:status=>{"infos"=>[],"status"=>"running"})`
			`if( args.server_name.nil? rescue true)`
			`site_servers = SiteServer.all.where(:active=>true).to_a`
			`else`
			`site_servers = SiteServer.where(:server_name=>args.server_name).to_a`
			`end`
			`site_servers.each do \|site_server\|`
			`@site_server = site_server`
			`update_thread_infos("<span style='color: skyblue;'>"+@site_server.server_name+"</span>")`
			`@password = @site_server.password`
			`begin`
			`begin`
			`Net::SSH.start(@site_server.ip , @site_server.account , password: @site_server.password) do \|ssh\|`
			`end`
			`rescue Net::SSH::HostKeyMismatch`
			`system("ssh-keygen -f \"$HOME/.ssh/known_hosts\" -R #{@site_server.ip}")`
			`rescue Errno::ENOTTY`
			`system("ssh-add \"$HOME/.ssh/id_rsa\"")`
			`rescue => e`
			`update_thread_infos(e.to_s)`
			`next`
			`end`
			`Net::SSH.start(@site_server.ip , @site_server.account , password: @site_server.password) do \|ssh\|`
			`certbot_path = exec_ssh_command_by_sudo_and_see_output(ssh,"bash -l -c 'which certbot'",false,true).strip`
			`snap_path = exec_ssh_command_by_sudo_and_see_output(ssh,"bash -l -c 'which snap'",false,true).strip`
			`if certbot_path.blank?`
			`if snap_path.blank?`
			`update_thread_infos("Installing snap...")`
			`exec_ssh_command_by_sudo_and_see_output(ssh,"sudo -p 'sudo password:' apt update",true,false)`
			`exec_ssh_command_by_sudo_and_see_output(ssh,"sudo -p 'sudo password:' apt install snapd -y",true,false)`
			`snap_path = exec_ssh_command_by_sudo_and_see_output(ssh,"bash -l -c 'which snap'",false,true).strip`
			`end`
			`if snap_path.present?`
			`update_thread_infos("Installing snap core...")`
			`exec_ssh_command_by_sudo_and_see_output(ssh,"sudo -p 'sudo password:' bash -l -c 'snap install core && snap refresh core'",true,false)`
			`update_thread_infos("Installing certbot with snap...")`
			`exec_ssh_command_by_sudo_and_see_output(ssh,"sudo -p 'sudo password:' snap install --classic certbot",true,false)`
			`exec_ssh_command_by_sudo_and_see_output(ssh,"sudo -p 'sudo password:' ln -s /snap/bin/certbot /usr/bin/certbot",false,false)`
			`exec_ssh_command_by_sudo_and_see_output(ssh,"sudo -p 'sudo password:' certbot register --email bohung@rulingcom.com --agree-tos -n",false,false)`
			`update_thread_infos("Finish install certbot!")`
			`certbot_path = "/usr/bin/certbot"`
			`else`
			`update_thread_infos("There was some error when installing snap!")`
			`end`
			`end`
			`if certbot_path.present?`
			`@site_server.has_certbot = true`
			`@site_server.save`
			`update_thread_infos("Setting certbot renew to cronjob...")`
			`crontab_lines = exec_ssh_command_by_sudo_and_see_output(ssh,"sudo -p 'sudo password:' crontab -l",false,false)`
			`certbot_renew_command = crontab_lines.select{\|l\| l.include?("certbot") && l.include?("renew")}[0]`
			`unless certbot_renew_command`
			`update_thread_infos("Add certbot renew cronjob!")`
			`certbot_renew_command = "30 2 * * 1 #{certbot_path} renew --no-self-upgrade --post-hook 'sudo service nginx restart' > /var/log/le-renew.log"`
			`update_thread_infos(certbot_renew_command)`
			`exec_ssh_command_by_sudo_and_see_output(ssh,"CRON=\"#{certbot_renew_command}\" && (sudo -p 'sudo password:' crontab -l; echo \"\$CRON\" ) \| sudo -p 'sudo password:' crontab -",false)`
			`end`
			`update_thread_infos("Finish setting renew cronjob!")`
			`end`
			`end`
			`end`
			`end`
			`@thread.update(:status=>@thread.status.merge({"status"=>"finish"}))`
			`rescue => e`
			`puts [e,e.backtrace]`
			`@thread.update(:status=>{"infos"=>@thread.status["infos"].push(e.to_s),"status"=>"error"})`
			`end`
			`end`
			`end`
			`end`