remove legacy script and update README

a9f5fb87 · HgO · 58f514d5 · a9f5fb87 · 58f514d5
Commit a9f5fb87 authored Sep 21, 2019 by HgO
Hide whitespace changes
Inline Side-by-side

Showing with 49 additions and 150 deletions

README.md README.md +49 -51

renew_from_cube.py renew_from_cube.py +0 -99

No files found.
--- a/README.md
+++ b/README.md
 # Neutrinet VPN Certificates renewer

-This repository store 2 python scripts to renew your Neutrinet VPN certificate.
-One as to be runned on an Internet Cube that has vpnclient installed, the other
-one is to be runned in a standalone fashion.
-
-**Remark**: this repository is used by the [neutrinet_ynh](https://github.com/Neutrinet/neutrinet_ynh) app, so don't rename/delete it unless you know what you are doing.
-
-# Usage
-
-## Standalone version
-
-Installation:
-
-    git clone https://github.com/neutrinet/renew_cert
-    cd renew_cert
-    virtualenv ve
-    source ve/bin/activate
-    pip install -r requirements.txt
-
-Usage:
-
-    python renew_local.py <login> <password>
-
-This will generate the corresponding files in a folder names like that:
-`certs_2016-06-07_13:51:08` (where the date and time and the one corresponding
-to the moment at which you've runned the script).
-
-## On the Internet Cube version
-
-**Except if you know what you are doing and has specific reasons to directly run this script, uses this YunoHost application instead https://github.com/Neutrinet/neutrinet_ynh/**
-
-The installation procedure on the cube is a bit different (**do everything in root or with sudo**):
-
-    git clone https://github.com/neutrinet/renew_cert
-    cd renew_cert
-    virtualenv ve --system-site-packages
-    source ve/bin/activate
-    pip install -r requirements.txt
-
-Usage:
-
-    python renew_for_cube.py
-
-**Be aware that this will modify your vpn configuration and certs files and
-restart openvpn (and the hotspot if it's installed).** It will also save your
-whole `/etc/openvpn/` in a `/etc/openvpn.old_2016-06-07_19:39:53` (where the
-date and time and the one corresponding to the moment at which you've runned
-the script) if you need to rollback.
-
-**If something wents wrong, you can lose your vpn connection, run that in a
-situation where you can access locally your cube in ssh** (or live the YOLO
-life style).
+This repository stores a python3 script to renew your Neutrinet VPN certificate.
+
+You can run this script from your own computer.
+
+You can also run this script from your internet cube.
+Note that there is a [Yunohost app](https://github.com/Neutrinet/neutrinet_ynh) just for that. 
+It will setup a daily cron task that will automatically renew your certificate when needed. 
+**Warning**: As it is used by the Yunohost app, do NOT rename or delete the script unless you know what you are doing.
+
+## Installation
+
+```bash
+git clone https://github.com/neutrinet/renew_cert
+cd renew_cert
+virtualenv ve
+source ve/bin/activate
+pip install -r requirements.txt
+```
+
+## Usage
+
+```bash
+python3 renew.py <login>
+```
+
+This will prompt you to enter your password for the Neutrinet's VPN.
+Then, the script will generate the certificate files generate in a folder named like that:  
+```
+certs_2016-06-07_13:51:08
+```
+(where the date and time correspond to the moment at which you ran the script).
+
+You can also provide the password directly with:
+```bash
+python3 renew.py <login> -p <password>
+```
+
+Finally, you can provide the public part of your certificate.
+The script will check the expiration date before trying to update it:
+```bash
+python3 renew.py <login> <path/to/client.crt>
+```
+
+### Debugging
+
+You can enter debug mode with:
+```bash
+python3 renew.py <login> -d
+```
--- a/renew_from_cube.py
+++ b/renew_from_cube.py
-import os
-import sys
-import time
-import shutil
-import subprocess
-from datetime import datetime
-from renew import renew
-
-from debug_context_manager import debug
-
-OPENVPN_CONF_DIR = "/etc/openvpn"
-OPENVPN_KEYS_DIR = os.path.join(OPENVPN_CONF_DIR, "keys")
-OPENVPN_CREDENTIALS_FILE = os.path.join(OPENVPN_KEYS_DIR, "credentials")
-OPENVPN_AUTH_FILE = os.path.join(OPENVPN_KEYS_DIR, "auth")
-OPENVPN_USER_CERT = os.path.join(OPENVPN_KEYS_DIR, "user.crt")
-OPENVPN_USER_KEY = os.path.join(OPENVPN_KEYS_DIR, "user.key")
-OPENVPN_SERVER_CERT = os.path.join(OPENVPN_KEYS_DIR, "ca-server.crt")
-
-def from_cube():
-    if os.path.isfile(OPENVPN_CREDENTIALS_FILE):
-        with open(OPENVPN_CREDENTIALS_FILE, "r") as ifd:
-            login, password = [ x.strip() for x in ifd ]
-        
-    elif os.path.isfile(OPENVPN_AUTH_FILE):
-        with open(OPENVPN_AUTH_FILE, "r") as ifd:
-            login, password = [ x.strip() for x in ifd ]
-    else:
-        print("Error: Cannot find your credentials for neutrinet since neither {credentials} nor {auth} exists on your filesystem".format(credentials=OPENVPN_CREDENTIALS_FILE, auth=OPENVPN_AUTH_FILE)
-        sys.exit(1)
-
-    renew_dir = renew(login, password, OPENVPN_USER_CERT)
-
-    _, run_id = renew_dir.split("_", 1)
-
-    with debug("Saving old OpenVPN config"):
-        shutil.copytree(OPENVPN_CONF_DIR, OPENVPN_CONF_DIR + ".old_{}".format(run_id))
-
-    with debug("Copying new config"):
-        shutil.copy("neutrinet_openvpn_config", os.path.join(OPENVPN_CONF_DIR, "client.conf.tpl")
-
-    if not os.path.exists(OPENVPN_KEYS_DIR):
-        os.makedirs(OPENVPN_KEYS_DIR)
-
-    with debug("Copying new cert"):
-        shutil.copy(os.path.join(renew_dir, "ca.crt"), OPENVPN_SERVER_CERT)
-        shutil.copy(os.path.join(renew_dir, "client.crt"), OPENVPN_USER_CERT)
-        shutil.copy(os.path.join(renew_dir, "client.key"), OPENVPN_USER_KEY)
-
-    with debug("Adding user credentials"):
-        with open(OPENVPN_CREDENTIALS_FILE, "w") as ofd:
-            ofd.write("{}\n{}\n".format(login, password))
-
-    commands = [
-        'yunohost app setting vpnclient server_name -v "vpn.neutrinet.be"',
-        'yunohost app setting vpnclient server_port -v "1195"',
-        'yunohost app setting vpnclient server_proto -v "udp"',
-        'yunohost app setting vpnclient service_enabled -v "1"',
-        'yunohost app setting vpnclient login_user -v "{}"'.format(login),
-        'yunohost app setting vpnclient login_passphrase -v "{}"'.format(password),
-    ]
-
-    for command in commands:
-        with debug("Running command '{}'".format(command.replace(password, "xxxxxxxxxxxxxxxxxxxxx"))):
-            assert os.system(command) == 0, "ERROR: command failed"
-
-    sys.stdout.flush()
-
-    restart_command = "/usr/local/bin/ynh-vpnclient restart"
-    print("Critical part 1: reloading vpnclient using '{}'".format(restart_command))
-    
-    try:
-        subprocess.check_output(restart_command.split())
-    except Exception:
-        sys.exit(1)
-
-    restart_command = "service openvpn restart"
-    print("Critical part 2: restart openvpn '{}'".format(restart_command))
-    try:
-        subprocess.check_output(restart_command.split())
-        time.sleep(15)
-    except Exception:
-        print("ERROR: command failed, displaying logs")
-        print("\n".join(open("/var/log/openvpn.log", "r").split("\n")[-200:]))
-        sys.exit(1)
-
-
-    if os.path.exists("/usr/local/bin/ynh-vpnclient"):
-        print("Few, we're done, let's wait 2min to be sure that vpn is running, then restart hotspot")
-        time.sleep(60*2)
-        print("Restarting hotspot")
-        try:
-            subprocess.check_output("/usr/local/bin/ynh-vpnclient restart".split())
-        except Exception as e:
-            print("ERROR: failed to restart hotspot: {}".format(e))
-            print("since this is non totally critical, let's continue")
-
-
-if __name__ == '__main__':
-    from_cube()