[pmg-api.git] / src / bin / pmg-daily

#!/usr/bin/perl -T

$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';

delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};  

use strict;
use warnings;
use Time::Local;

use PVE::Certificate;
use PVE::SafeSyslog;
use PVE::INotify;
use PVE::RESTEnvironment;

use PMG::Utils;
use PMG::Config;
use PMG::ClusterConfig;
use PMG::DBTools;
use PMG::API2::Subscription;
use PMG::API2::APT;
use PMG::API2::Certificates;
use PMG::CertHelpers;
use PMG::NodeConfig;

$SIG{'__WARN__'} = sub {
    my $err = $@;
    my $t = $_[0];
    chomp $t;
    print STDERR "$t\n";
    syslog('warning', "%s", $t);
    $@ = $err;
};

PVE::RESTEnvironment->setup_default_cli_env();

initlog('pmg-daily', 'mail');

my $nodename = PVE::INotify::nodename();

eval { PMG::API2::Subscription->update({ node => $nodename }); };
if (my $err = $@) {
    syslog ('err', "update subscription info failed: $err");
}

my $cfg = PMG::Config->new();

if (my $statlifetime = $cfg->get ('admin', 'statlifetime')) {
    my $count = 0;
    eval {
	my $dbh = PMG::DBTools::open_ruledb();
	$count = PMG::DBTools::purge_statistic_database($dbh, $statlifetime);
    };
    if (my $err = $@) {
	syslog('err', $err);
    } else {
	syslog('info', "cleanup removed $count entries from statistic database") if $count;
    }
}

# check for available updates
# We assume that users with subscriptions want information
# about new packages.
my $info = eval { PMG::API2::Subscription::read_etc_subscription() };
my $notify = ($info && $info->{status} eq 'active') ? 1 : 0;
eval { PMG::API2::APT->update_database({ node => $nodename, notify => $notify, quiet => 1 }); };
if (my $err = $@) {
    syslog ('err', "update apt database failed: $err");
}

# rotate razor log file
rename('/root/.razor/razor-agent.log', '/root/.razor/razor-agent.log.0');

# setup proxy env (assume sa-update use http)
if (my $http_proxy = $cfg->get('admin', 'http_proxy')) {
    $ENV{http_proxy} = $http_proxy;
}

# update spamassassin rules
my $restart_filter = 0;
if (system('sa-update') == 0) {
    # if the exit code is 0, new updates were downloaded
    # then restart the pmg-smtp-filter to load the new rules
    $restart_filter = 1;
}

eval {
    $restart_filter = 1 if PMG::Utils::update_local_spamassassin_channels(0);
};
syslog('err', "$@") if $@;

PMG::Utils::service_cmd('pmg-smtp-filter', 'restart') if $restart_filter;
# run bayes database maintenance
system('sa-learn --force-expire >/dev/null 2>&1');

eval {
    my $node_config = PMG::NodeConfig::load_config();
    my $acme_node_config = PMG::NodeConfig::get_acme_conf($node_config);
    my $acme_domains = $acme_node_config && $acme_node_config->{domains};
    if ($acme_domains) {
	my %typed_domains = map {
	    $_ => PMG::NodeConfig::filter_domains_by_type($acme_domains, $_)
	} qw(api smtp);

	foreach my $type (qw(api smtp)) {
	    next if !$typed_domains{$type};

	    # Guard both certificates separately.
	    eval {
		my $cert = PMG::CertHelpers::cert_path($type);
		if (!-e $cert) {
		    syslog ('info', "ACME config found for '$type' certificate, but no custom certificate exists. Skipping ACME renewal until initial certificate has been deployed.");
		    next;
		}

		if (PVE::Certificate::check_expiry($cert, time() + 30*24*60*60)) {
		    PMG::API2::Certificates->renew_acme_cert({ node => $nodename, type => $type });
		} else {
		    syslog ('info', "Custom '$type' certificate does not expire soon, skipping ACME renewal.");
		}
	    };
	    syslog ('err', "Renewing '$type' ACME certificate failed: $@") if $@;
	}
    }
};
syslog ('err', "Renewing ACME certificate failed: $@") if $@;

exit (0);
Commit	Line	Data
d0d5b944 DM	1	#!/usr/bin/perl -T
	2
	3	$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
	4
	5	delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
	6
	7	use strict;
	8	use warnings;
	9	use Time::Local;
	10
c7f1f473	11	use PVE::Certificate;
d0d5b944 DM	12	use PVE::SafeSyslog;
	13	use PVE::INotify;
	14	use PVE::RESTEnvironment;
	15
	16	use PMG::Utils;
	17	use PMG::Config;
	18	use PMG::ClusterConfig;
	19	use PMG::DBTools;
b2a65168	20	use PMG::API2::Subscription;
c7e9e145	21	use PMG::API2::APT;
c7f1f473 WB	22	use PMG::API2::Certificates;
	23	use PMG::CertHelpers;
	24	use PMG::NodeConfig;
d0d5b944 DM	25
	26	$SIG{'__WARN__'} = sub {
	27	my $err = $@;
	28	my $t = $_[0];
	29	chomp $t;
	30	print STDERR "$t\n";
	31	syslog('warning', "%s", $t);
	32	$@ = $err;
	33	};
	34
	35	PVE::RESTEnvironment->setup_default_cli_env();
	36
	37	initlog('pmg-daily', 'mail');
	38
b2a65168 DM	39	my $nodename = PVE::INotify::nodename();
	40
	41	eval { PMG::API2::Subscription->update({ node => $nodename }); };
	42	if (my $err = $@) {
	43	syslog ('err', "update subscription info failed: $err");
	44	}
	45
d0d5b944 DM	46	my $cfg = PMG::Config->new();
d0d5b944 DM	47
152ac93e DM	48	if (my $statlifetime = $cfg->get ('admin', 'statlifetime')) {
152ac93e DM	49	my $count = 0;
d0d5b944 DM	50	eval {
d0d5b944 DM	51	my $dbh = PMG::DBTools::open_ruledb();
8fb6f404	52	$count = PMG::DBTools::purge_statistic_database($dbh, $statlifetime);
d0d5b944 DM	53	};
d0d5b944 DM	54	if (my $err = $@) {
b902c0b8	55	syslog('err', $err);
d0d5b944	56	} else {
152ac93e	57	syslog('info', "cleanup removed $count entries from statistic database") if $count;
d0d5b944	58	}
d0d5b944 DM	59	}
d0d5b944 DM	60
c7e9e145	61	# check for available updates
1359baef	62	# We assume that users with subscriptions want information
c7e9e145	63	# about new packages.
726cfb99 FG	64	my $info = eval { PMG::API2::Subscription::read_etc_subscription() };
726cfb99 FG	65	my $notify = ($info && $info->{status} eq 'active') ? 1 : 0;
c7e9e145 DM	66	eval { PMG::API2::APT->update_database({ node => $nodename, notify => $notify, quiet => 1 }); };
	67	if (my $err = $@) {
	68	syslog ('err', "update apt database failed: $err");
	69	}
d0d5b944 DM	70
	71	# rotate razor log file
	72	rename('/root/.razor/razor-agent.log', '/root/.razor/razor-agent.log.0');
	73
85d295d6 DM	74	# setup proxy env (assume sa-update use http)
	75	if (my $http_proxy = $cfg->get('admin', 'http_proxy')) {
	76	$ENV{http_proxy} = $http_proxy;
	77	}
	78
7122424b	79	# update spamassassin rules
b27918fc	80	my $restart_filter = 0;
7122424b DC	81	if (system('sa-update') == 0) {
	82	# if the exit code is 0, new updates were downloaded
	83	# then restart the pmg-smtp-filter to load the new rules
b27918fc	84	$restart_filter = 1;
7122424b DC	85	}
7122424b DC	86
b27918fc	87	eval {
991d8f1c	88	$restart_filter = 1 if PMG::Utils::update_local_spamassassin_channels(0);
b27918fc SI	89	};
	90	syslog('err', "$@") if $@;
	91
	92	PMG::Utils::service_cmd('pmg-smtp-filter', 'restart') if $restart_filter;
1359baef	93	# run bayes database maintenance
d0d5b944 DM	94	system('sa-learn --force-expire >/dev/null 2>&1');
d0d5b944 DM	95
c7f1f473 WB	96	eval {
	97	my $node_config = PMG::NodeConfig::load_config();
	98	my $acme_node_config = PMG::NodeConfig::get_acme_conf($node_config);
	99	my $acme_domains = $acme_node_config && $acme_node_config->{domains};
	100	if ($acme_domains) {
	101	my %typed_domains = map {
	102	$_ => PMG::NodeConfig::filter_domains_by_type($acme_domains, $_)
	103	} qw(api smtp);
	104
	105	foreach my $type (qw(api smtp)) {
	106	next if !$typed_domains{$type};
	107
	108	# Guard both certificates separately.
	109	eval {
	110	my $cert = PMG::CertHelpers::cert_path($type);
	111	if (!-e $cert) {
	112	syslog ('info', "ACME config found for '$type' certificate, but no custom certificate exists. Skipping ACME renewal until initial certificate has been deployed.");
	113	next;
	114	}
	115
	116	if (PVE::Certificate::check_expiry($cert, time() + 302460*60)) {
	117	PMG::API2::Certificates->renew_acme_cert({ node => $nodename, type => $type });
	118	} else {
	119	syslog ('info', "Custom '$type' certificate does not expire soon, skipping ACME renewal.");
	120	}
	121	};
	122	syslog ('err', "Renewing '$type' ACME certificate failed: $@") if $@;
	123	}
	124	}
	125	};
	126	syslog ('err', "Renewing ACME certificate failed: $@") if $@;
	127
d0d5b944 DM	128	exit (0);
d0d5b944 DM	129