Dev (#161)

* Remove unused table trainingstreamstatus (#146) * Remove model_id from clickhouse queries (#148) * Update aiokafka group_id * Update models to include ModelId, ApplicationId and update group id * Fix semgrep issues * Docker prune images to free up space in CI * Add CI job to check letsencrypt certificate expiry * Update check https expiry * Remove non working check certs CI job * Add certs check (#154) * Add CI job to check letsencrypt certs expiry * Change threshold to 5 days * Remove on push debug statement * Trigger workflow manually (#156) * Trigger workflow manually * Disable clickhouse notebook test * Update kafka_brokers url * Update clickhouse test cases and update Makefile (#158) * Add cron script to renew certs automatically (#160)
airtai · Nov 2, 2023 · 963efad · 963efad
1 parent 71be54c
commit 963efad
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 1 deletion.
diff --git a/scripts/ci_check_certs.sh b/scripts/ci_check_certs.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # Set the threshold for certificate expiration (in days)
-THRESHOLD=5
+THRESHOLD=25
 
 # Check if certificate is expiring within the threshold
 expiry_str=$(ssh -o StrictHostKeyChecking=no -i key.pem azureuser@"$DOMAIN" "sudo openssl x509 -in /etc/letsencrypt/live/$DOMAIN/fullchain.pem -noout -enddate | cut -d= -f2")

diff --git a/scripts/cron_check_certs.sh b/scripts/cron_check_certs.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+# Set the threshold for certificate expiration (in days)
+THRESHOLD=30
+
+# List of domains for which to check and renew certificates
+DOMAINS=("api.staging.airt.ai")
+
+for domain in "${DOMAINS[@]}"; do
+    # Check if certificate is expiring within the threshold
+    expiration_date=$(date -d "$(sudo openssl x509 -in /etc/letsencrypt/live/$domain/fullchain.pem -noout -enddate | cut -d= -f2)" +%s)
+    current_date=$(date +%s)
+    days_until_expiry=$(( (expiration_date - current_date) / 86400 ))
+
+    if [ "$days_until_expiry" -lt "$THRESHOLD" ]; then
+        echo "Stopping airt-service container"
+        docker stop airt-service
+
+        echo "Certificate for $domain is expiring in $days_until_expiry days. Renewing..."
+        sudo certbot renew --cert-name "$domain"
+
+        if [ $? -eq 0 ]; then
+            echo "Certificate renewed successfully for $domain."
+        else
+            echo "Certificate renewal failed for $domain."
+        fi
+
+        docker start airt-service
+        echo "Restarted airt-service container"
+    else
+        echo "Certificate for $domain is not expiring within the next $THRESHOLD days. No action needed."
+    fi
+done