certbot-zimbra
certbot-zimbra copied to clipboard
YetOpen
Added installer/uninstaller/upgrader
Added installer/uninstaller/upgrader for ease of use left the argbash stuff in there in case you wanted to easily mod it you can do so.
Should make upgrades installs and in rare case someone wants to uninstall it for some odd reason easier.
Install/Update/Remove certbot_zimbra.sh script from server
Usage: certbot_zimbra_installer.sh [-i|--(no-)install] [-u|--(no-)upgrade] [-r|--(no-)remove] [-v|--version] [-h|--help]
-i, --install, --no-install: Install certbot_zimbra (and implicit default: on) (on by default)
-u, --upgrade, --no-upgrade: Upgrade certbot_zimbra (off by default)
-r, --remove, --no-remove: Remove certbot_zimbra (off by default)
-v, --version: Prints version
-h, --help: Prints help
Also added the other inline scripts and unit files to the repo so they can be versioned and easily upgraded in future via this helper script if desired.
I have been using this amazing certbot_zimbra from you for awhile and was just overhauling and writing a new zimbra automated installation script so figured I would share the tweaks and code since it was compatible with stuff already for the most part.
If you haven't tried argbash before its a real treat to work with for new stuff. I hadn't heard about and been scripting for years and really makes it easy and fun to contribute where parsing is normally a nightmare which takes longer then the rest of the code does...
Thank you for sharing this, I'll review asap.
One question at first sight: are all the OS checks necessary? Isn't it enough to check if Zimbra itself is installed, is it?
I copied them from my other zimbra installer script so it was convenient but your right its probably unnecessary in hindsight. So feel free to pull anything out or modify as you see fit.
I agree this would be a good enhancement to have, but in a simpler form than in this PR. I particularly don't like:
- the install script also does OS detection (that's unnecessary, it's assumed the user already has Zimbra installed, so unnecessary to check OS compatibility, particularly if it's a desktop OS - it might even work fine on a desktop OS, I can't immediately think why it wouldn't). Zimbra only officially supports a limited number of OS so if we just say that this script supports all of them and nothing else that should be enough. I also think certbot-zimbra is already written in a way that it should work on all up to date GNU/Linux OS's - it checks that it has dependency binaries on start and exits if one is missing.
- it installs/uninstalls certbot, I think this is way outside the scope of this script, there are different ways of installing it (system packages, PPAs, custom repositories, pip, downloading tarballs or binaries, snap,...) and it's up to the user to pick one he chooses, the script should not force him into one particular method. Not to mention that as certbot is changed the installation/uninstallation process may change also so it would need to be kept up to date here.
- it has a function for updating certbot-zimbra using wget. I don't like this unless the download is verified so that it has not been tampered with, e.g. with GPG. Although certbot-zimbra doesn't have signed releases right now and so can't be verified anyway, I want to start signing it in the future. Only then would I consider adding this, and only with GPG verification built in.
Things I like:
- automates installation of itself, plus cronjob and/or systemd timer, this would be nice to add. Maybe also see #56 #116
Neutral, to think about:
- uses argbash which adds some boilerplate code but might make it easier to keep the usage/help text in sync with the code? I don't see a drawback to the way certbot-zimbra parses arguments right now other than you have to manually keep the usage/help text in sync.
