检测证书过期脚本

5行代码，即可让微信小程序上架到自己的APP中 | 注册送大疆、华为、樱桃键盘！>>>

前提

总是后知后觉，总是后知后觉。目前的现状是不论出现什么问题，都无法进行提前预警和在客户未知前介入处理。早上偶然和研发经理交流时突发灵感，写下此脚本，试图以此为开始进行提前的预警。

从生产k8s集群拿到realibox.cn的证书，在预发环境做daemon案例。

daemon案例

# pwd/yufa/zhengshu/testlltotal 32-rw-r--r-- 1 root wheel 465B 9 9 09:50 test-ingress.yaml-rw-r--r-- 1 root wheel 711B 9 9 09:47 test.yaml-rw-r--r-- 1 root wheel 3.5K 9 9 09:24 tls.crt-rw-r--r-- 1 root wheel 1.6K 9 9 09:25 tls.key# kubectl -n realibox create secret tls realibox-cn --key ./tls.key --cert ./tls.crt# cat test.yamlapiVersion: v1kind: Servicemetadata: name: tomcat namespace: realiboxspec: selector: app: tomcat release: canary ports: - name: http port: 8080 targetPort: 8080 - name: ajp port: 8009 targetPort: 8009---apiVersion: apps/v1kind: Deploymentmetadata: name: tomcat-deploy namespace: realiboxspec: replicas: 1 selector: matchLabels:  app: tomcat  release: canary template: metadata:  labels:  app: tomcat  release: canary spec:  containers:  - name: tomcat  image: tomcat:7-alpine  ports:  - name: httpd   containerPort: 8080  - name: ajp   containerPort: 8009# cat test-ingress.yamlapiVersion: extensions/v1beta1kind: Ingressmetadata: name: ingress-tomcat-tls namespace: realibox annotations: kubernets.io/ingress.class: "kong"spec: tls: - hosts: - "*.realibox.cn"  #与secret证书的域名需要保持一致 secretName: realibox-cn #secret证书的名称 rules: - host: zisefeizhu.realibox.cn http:  paths:  - path:  backend:   serviceName: tomcat   servicePort: 8080

编写检测域名过期小脚本

话不多说直接怼脚本

# cat check_daemon.sh#!/bin/bashsource /etc/profile#定义邮件发送列表maillist=( linkun@realibox.com #2350835860@qq.com)#发送邮件函数send_mail(){ SUBJECT="$1域名即将到期" if [ $2 -ge 0 ];then  CONTENT="$1:此域名即将到期，剩余时间已不足$2天，请及时续期！"  for mail in ${maillist[*]};do   echo -e ""当前检测的域名:" $domain\n "剩余天数: " $days\n ${CONTENT} " | mail -s "${SUBJECT}" $mail  done else  day=$((-$2))  CONTENT="$1:此域名已到期，已超出$day天，请及时续费！"  for mail in ${maillist[*]};do   echo -e "${CONTENT}" | mail -s "${SUBJECT}" $mail  done fi}#检测mails命令是否存在，不存在则安装mail包is_install_mail(){ which mail &> /dev/null if [ $? -ne 0 ];then  yum install -y mail fi}is_install_mail#定义需要被检测的域名列表domainlist=( zisefeizhu.realibox.cn)#检测域名到期时间并通知for domain in ${domainlist[*]};do echo "当前检测的域名：" $domain #取出域名过期时间 end_time=$(echo | timeout 1 openssl s_client -servername $domain -connect $domain:443 2>/dev/null | openssl x509 -noout -enddate 2>/dev/null | awk -F '=' '{print $2}' ) ([ $? -ne 0 ] || [[ $end_time == '' ]]) && exit 10 end_times=`date -d "$end_time" +%s ` tmp=`date -d today +"%Y-%m-%d %T"` current_times=`date -d "$tmp" +"%s"` let left_time=$end_times-$current_times days=`expr $left_time / 86400` echo "剩余天数: " $days #转换成时间戳 end_times=`date -d "$end_time" +%s ` #以时间戳的形式显示当前时间 tmp=`date -d today +"%Y-%m-%d %T"` current_times=`date -d "$tmp" +"%s"` #域名到期剩余天数 let left_time=$end_times-$current_times days=`expr $left_time / 86400` echo "剩余天数: " $days if .........