Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added installer/uninstaller/upgrader #134

Open
wants to merge 6 commits into
base: master
Choose a base branch
from

Conversation

meramsey
Copy link

Added installer/uninstaller/upgrader for ease of use left the argbash stuff in there in case you wanted to easily mod it you can do so.

Should make upgrades installs and in rare case someone wants to uninstall it for some odd reason easier.

Install/Update/Remove certbot_zimbra.sh script from server 
Usage: certbot_zimbra_installer.sh [-i|--(no-)install] [-u|--(no-)upgrade] [-r|--(no-)remove] [-v|--version] [-h|--help]
        -i, --install, --no-install: Install certbot_zimbra (and implicit default: on) (on by default)
        -u, --upgrade, --no-upgrade: Upgrade certbot_zimbra (off by default)
        -r, --remove, --no-remove: Remove certbot_zimbra (off by default)
        -v, --version: Prints version
        -h, --help: Prints help

Also added the other inline scripts and unit files to the repo so they can be versioned and easily upgraded in future via this helper script if desired.

I have been using this amazing certbot_zimbra from you for awhile and was just overhauling and writing a new zimbra automated installation script so figured I would share the tweaks and code since it was compatible with stuff already for the most part.

If you haven't tried argbash before its a real treat to work with for new stuff. I hadn't heard about and been scripting for years and really makes it easy and fun to contribute where parsing is normally a nightmare which takes longer then the rest of the code does...

So open `/etc/cron.d/certbot` with your favourite editor and **comment the last line**. To disable systemd timers run:
So open `/etc/cron.d/certbot` with your favourite editor and **comment the last line** or use the below sed command to do so as root.
```
sed -i '/certbot -q renew/s/^/#/g' /etc/cron.d/certbot
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was testing this and seems like the file usually has something like the below in it from the server's ive seen.

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew

Command works to do this.

#0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew

Comment on lines +69 to +73
```bash
wget -O /usr/local/bin/certbot_zimbra.sh https://github.com/YetOpen/certbot-zimbra/raw/master/certbot_zimbra.sh;
chmod +x /usr/local/bin/certbot_zimbra.sh;
wget -O /etc/cron.d/zimbracrontab https://github.com/YetOpen/certbot-zimbra/raw/masterzimbracrontab;
chmod +x /etc/cron.d/zimbracrontab
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added these snippets from Readme to the repo so they can be easily updated in future without lots of manual editing or stuff like the below.

cat >> /etc/cron.d/zimbracrontab <<-EOL
# certbot_zimbra.sh requires bash and a path with /usr/sbin
SHELL=/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# Replace /usr/bin/certbot with the location of your certbot binary, use this to find it: which certbot-auto certbot letsencrypt
12 5 * * * root /usr/bin/certbot renew --pre-hook "/usr/local/bin/certbot_zimbra.sh -p" --deploy-hook "/usr/local/bin/certbot_zimbra.sh -d"
EOL

@maxxer
Copy link
Contributor

maxxer commented Jun 14, 2021

Thank you for sharing this, I'll review asap.

One question at first sight: are all the OS checks necessary? Isn't it enough to check if Zimbra itself is installed, is it?

@meramsey
Copy link
Author

I copied them from my other zimbra installer script so it was convenient but your right its probably unnecessary in hindsight. So feel free to pull anything out or modify as you see fit.

@jjakob
Copy link
Collaborator

jjakob commented Feb 26, 2023

I agree this would be a good enhancement to have, but in a simpler form than in this PR.
I particularly don't like:

  • the install script also does OS detection (that's unnecessary, it's assumed the user already has Zimbra installed, so unnecessary to check OS compatibility, particularly if it's a desktop OS - it might even work fine on a desktop OS, I can't immediately think why it wouldn't). Zimbra only officially supports a limited number of OS so if we just say that this script supports all of them and nothing else that should be enough. I also think certbot-zimbra is already written in a way that it should work on all up to date GNU/Linux OS's - it checks that it has dependency binaries on start and exits if one is missing.
  • it installs/uninstalls certbot, I think this is way outside the scope of this script, there are different ways of installing it (system packages, PPAs, custom repositories, pip, downloading tarballs or binaries, snap,...) and it's up to the user to pick one he chooses, the script should not force him into one particular method. Not to mention that as certbot is changed the installation/uninstallation process may change also so it would need to be kept up to date here.
  • it has a function for updating certbot-zimbra using wget. I don't like this unless the download is verified so that it has not been tampered with, e.g. with GPG. Although certbot-zimbra doesn't have signed releases right now and so can't be verified anyway, I want to start signing it in the future. Only then would I consider adding this, and only with GPG verification built in.

Things I like:

Neutral, to think about:

  • uses argbash which adds some boilerplate code but might make it easier to keep the usage/help text in sync with the code? I don't see a drawback to the way certbot-zimbra parses arguments right now other than you have to manually keep the usage/help text in sync.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants