Created
August 6, 2020 10:46
-
-
Save pd12bbf7608ae1/5974c3db9bc18217bf22c185d998b0f1 to your computer and use it in GitHub Desktop.
ESXi主机证书更新脚本,附带邮件通知以及Telegram提示与备份
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
### ESXi主机证书更新脚本,附带邮件通知以及Telegram提示与备份 | |
### 作用于acme.sh的reloadcmd命令 | |
### 使用前需更改参数 | |
targetKeyPath="/etc/vmware/ssl/rui.key" | |
targetCertPath="/etc/vmware/ssl/rui.crt" | |
sourceKeyPath="/home/ubuntu/install.key" | |
sourceCertPath="/home/ubuntu/install.crt" | |
backupKeyPath="/home/ubuntu/backup/backup.key" | |
backupCertPath="/home/ubuntu/backup/backup.crt" | |
ESXiServer="192.168.1.1" | |
ESXiPort="22" | |
user="root" | |
keyFile="$HOME/.ssh/id_esxi" | |
restartCmd="/bin/services.sh restart" | |
rm -f "$backupKeyPath" "$backupCertPath" ## 删除备份 | |
## 备份秘钥 | |
scp -i "$keyFile" -P "$ESXiPort" "${user}@${ESXiServer}:${targetCertPath}" "$backupCertPath" > /dev/null && backupCert=1 || backupCert=0 | |
scp -i "$keyFile" -P "$ESXiPort" "${user}@${ESXiServer}:${targetKeyPath}" "$backupKeyPath" > /dev/null && backupKey=1 || backupKey=0 | |
if [[ "$backupCert" -eq "1" && "$backupKey" -eq "1" ]]; then ## 备份成功则开始安装 | |
backupSuccess=1 | |
echo "[$(date)] ESXi Cert Backup Success." | |
## 安装秘钥 | |
scp -i "$keyFile" -P "$ESXiPort" "$sourceCertPath" "${user}@${ESXiServer}:${targetCertPath}" > /dev/null && installCert=1 || installCert=0 | |
scp -i "$keyFile" -P "$ESXiPort" "$sourceKeyPath" "${user}@${ESXiServer}:${targetKeyPath}" > /dev/null && installKey=1 || installKey=0 | |
if [[ "$installCert" -eq "1" && "$installKey" -eq "1" ]]; then ## 安装成功执行重启任务 | |
installSuccess=1 | |
echo "[$(date)] ESXi Cert Install Success." | |
ssh -i "$keyFile" -p "$ESXiPort" "${user}@${ESXiServer}" "/bin/services.sh restart" > /dev/null 2> /dev/null | |
if [[ "$?" -eq "0" ]]; then | |
echo "[$(date)] Services Restart Success." | |
restartSuccess=1 | |
fi | |
else | |
echo "[$(date)] ESXi Cert Install Fail." | |
fi | |
else | |
echo "[$(date)] ESXi Cert Backup Fail." | |
fi | |
## 邮件通知 | |
echo "[$(date)] Email Notice." | |
mailFile="/tmp/$(cat /proc/sys/kernel/random/uuid).eml" | |
mailUser="example" | |
mailFrom="example@example.net" | |
smtpServer="smtp.example.net" | |
mailPassword="password" | |
mailTo="example@example.com" | |
echo "From: name <${mailFrom}>" > "$mailFile" | |
echo "To: name <${mailTo}>" >> "$mailFile" | |
echo "Content-type: text/plain;charset=utf-8" >> "$mailFile" | |
echo "Subject: ESXi 主机证书更新汇报" >> "$mailFile" | |
echo "" >> "$mailFile" | |
echo "证书更新于 [$(date "+%Y-%m-%d %H:%M:%S")]" >> "$mailFile" | |
if [ -n "$restartSuccess" ]; then ##成功 | |
echo "证书更新成功。" >> "$mailFile" | |
else | |
echo "更新失败。" >> "$mailFile" | |
fi | |
echo "" >> "$mailFile" | |
echo "更新证书内容为:" >> "$mailFile" | |
echo "" >> "$mailFile" | |
openssl x509 -text -noout -in "$sourceCertPath" >> "$mailFile" | |
echo "" >> "$mailFile" | |
if [ -n "$backupSuccess" ]; then | |
echo "备份成功,原始证书内容为:" >> "$mailFile" | |
echo "" >> "$mailFile" | |
openssl x509 -text -noout -in "$backupCertPath" >> "$mailFile" | |
echo "" >> "$mailFile" | |
else | |
echo "备份失败。" >> "$mailFile" | |
fi | |
if [ -n "$installSuccess" ]; then | |
echo "安装成功。" >> "$mailFile" | |
else | |
echo "安装失败。" >> "$mailFile" | |
fi | |
sed 's/$'"/`echo \\\r`/" "$mailFile" > "${mailFile}.dos" | |
curl --retry 3 --max-time 60 ${smtpServer} --ssl-reqd --mail-from "$mailFrom" --mail-rcpt "$mailTo" --upload-file "${mailFile}.dos" --user "${mailUser}:${mailPassword}" > /dev/null 2>/dev/null | |
rm "$mailFile" "${mailFile}.dos" | |
## 邮件通知结束 | |
## Telegram 证书备份 | |
botToken="telegramBotToken" | |
chatId="987654321" | |
tgMessage="$(date "+%Y-%m-%d %H:%M:%S")" | |
if [ -n "$restartSuccess" ]; then | |
tgMessage="$(printf "$tgMessage"\n"ESXi证书更新成功。")" | |
else | |
tgMessage="$(printf "$tgMessage"\n"ESXi证书更新失败。")" | |
if [ -n "$backupSuccess" ]; then | |
tgMessage="$(printf "$tgMessage"\n"备份成功。")" | |
else | |
tgMessage="$(printf "$tgMessage"\n"备份失败。")" | |
fi | |
if [ -n "$installSuccess" ]; then | |
tgMessage="$(printf "$tgMessage"\n"安装成功。")" | |
else | |
tgMessage="$(printf "$tgMessage"\n"安装失败。")" | |
fi | |
fi | |
# export https_proxy=socks5://localhost | |
# export http_proxy=socks5://localhost | |
curl --retry 3 --max-time 60 "https://api.telegram.org/bot${botToken}/sendMessage" -d chat_id=$chatId -d text="$tgMessage" > /dev/null 2>/dev/null | |
curl --retry 3 --max-time 60 -F chat_id=${chatId} -F document=@"${backupCertPath}" -F caption=ESXi证书备份 "https://api.telegram.org/bot${botToken}/sendDocument" > /dev/null 2>/dev/null | |
curl --retry 3 --max-time 60 -F chat_id=${chatId} -F document=@"${sourceCertPath}" -F caption=ESXi证书安装 "https://api.telegram.org/bot${botToken}/sendDocument" > /dev/null 2>/dev/null | |
## Telegram 证书备份结束 | |
if [ -n "$restartSuccess" ]; then | |
echo "[$(date)] ESXi Cert Install Success." | |
else | |
echo "[$(date)] ESXi Cert Install Fail." | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment