1
0
mirror of https://github.com/moepman/acertmgr.git synced 2024-11-14 06:55:29 +01:00

Rename notify to action and execute them only once.

This commit is contained in:
Markus 2016-02-21 11:18:32 +01:00
parent 55f340bebd
commit 2500b044f1
2 changed files with 20 additions and 7 deletions

View File

@ -58,16 +58,23 @@ defaults:
---
mail.example.com:
- path: /etc/postfix/ssl/mail.key
user: postfix
group: postfix
perm: '400'
format: key
action: '/etc/init.d/postfix reload'
- path: /etc/postfix/ssl/mail.crt
user: postfix
group: postfix
perm: '400'
notify: '/etc/init.d/postfix reload'
format: crt
action: '/etc/init.d/postfix reload'
- path: /etc/dovecot/ssl/mail.crt
user: dovecot
group: dovecot
perm: '400'
notify: '/etc/init.d/dovecot reload'
action: '/etc/init.d/dovecot reload'
```
Security

View File

@ -162,6 +162,7 @@ def cert_get(domain, settings):
# @brief put new certificate in place
# @param domain string containing the domain name
# @param settings the domain's configuration options
# @return the action to be executed after the certificate update
def cert_put(domain, settings):
# TODO error handling
crt_user = settings['user']
@ -169,7 +170,7 @@ def cert_put(domain, settings):
crt_perm = settings['perm']
crt_path = settings['path']
crt_format = settings['format'].split(",")
crt_notify = settings['notify']
crt_action = settings['action']
key_file = ACME_DIR + "server.key"
crt_final = ACME_DIR + "%s.crt" % domain
@ -185,7 +186,7 @@ def cert_put(domain, settings):
crt_fd.write(src_fd.read())
src_fd.close()
else:
# TODO error handling
print()
pass
# set owner and permissions
@ -200,8 +201,7 @@ def cert_put(domain, settings):
except OSError:
print('Warning: Could not set certificate file permissions!')
# restart/reload service
subprocess.call(crt_notify.split())
return crt_action
# @brief augment configuration with defaults
@ -232,7 +232,9 @@ if __name__ == "__main__":
if config_file.endswith(".conf"):
with open(ACME_CONFD + config_file) as config_fd:
config['domains'].update(yaml.load(config_fd))
#print(str(config))
# post-update actions (run only once)
actions = set()
# check certificate validity and obtain/renew certificates if needed
for domain, domaincfgs in config['domains'].items():
@ -246,3 +248,7 @@ if __name__ == "__main__":
for domaincfg in domaincfgs:
cfg = complete_config(domaincfg, config['defaults'])
cert_put(domain, cfg)
# run post-update actions
for action in actions:
subprocess.call(action.split())