1
0
mirror of https://github.com/moepman/acertmgr.git synced 2025-01-04 01:25:24 +01:00

configuration: add seperate configuration for runtime options

This commit is contained in:
Kishi85 2019-03-27 15:17:17 +01:00
parent 7da3c266a7
commit 52f5584dc0
2 changed files with 29 additions and 26 deletions

View File

@ -143,13 +143,13 @@ def cert_put(settings):
def main(): def main():
# load config # load config
configs = configuration.load() runtimeconfig, domainconfigs = configuration.load()
# post-update actions (run only once) # post-update actions (run only once)
actions = set() actions = set()
# check certificate validity and obtain/renew certificates if needed # check certificate validity and obtain/renew certificates if needed
for config in configs: for config in domainconfigs:
cert_file = config['cert_file'] cert_file = config['cert_file']
cert_file_exists = os.path.isfile(cert_file) cert_file_exists = os.path.isfile(cert_file)
if cert_file_exists: if cert_file_exists:

View File

@ -57,7 +57,7 @@ def update_config_value(config, name, localconfig, globalconfig, default):
# @brief load the configuration from a file # @brief load the configuration from a file
def parse_config_entry(entry, globalconfig, work_dir, authority_tos_agreement): def parse_config_entry(entry, globalconfig, runtimeconfig):
config = dict() config = dict()
# Basic domain information # Basic domain information
@ -98,16 +98,18 @@ def parse_config_entry(entry, globalconfig, work_dir, authority_tos_agreement):
update_config_value(config, 'authority', localconfig, globalconfig, DEFAULT_AUTHORITY) update_config_value(config, 'authority', localconfig, globalconfig, DEFAULT_AUTHORITY)
# Certificate authority ToS agreement # Certificate authority ToS agreement
update_config_value(config, 'authority_tos_agreement', localconfig, globalconfig, authority_tos_agreement) update_config_value(config, 'authority_tos_agreement', localconfig, globalconfig,
runtimeconfig['authority_tos_agreement'])
# Certificate authority contact email addresses # Certificate authority contact email addresses
update_config_value(config, 'authority_contact_email', localconfig, globalconfig, None) update_config_value(config, 'authority_contact_email', localconfig, globalconfig, None)
# Account key # Account key
update_config_value(config, 'account_key', localconfig, globalconfig, os.path.join(work_dir, "account.key")) update_config_value(config, 'account_key', localconfig, globalconfig,
os.path.join(runtimeconfig['work_dir'], "account.key"))
# Certificate directory # Certificate directory
update_config_value(config, 'cert_dir', localconfig, globalconfig, work_dir) update_config_value(config, 'cert_dir', localconfig, globalconfig, runtimeconfig['work_dir'])
# TTL days # TTL days
update_config_value(config, 'ttl_days', localconfig, globalconfig, DEFAULT_TTL) update_config_value(config, 'ttl_days', localconfig, globalconfig, DEFAULT_TTL)
@ -181,6 +183,7 @@ def parse_config_entry(entry, globalconfig, work_dir, authority_tos_agreement):
# @brief load the configuration from a file # @brief load the configuration from a file
def load(): def load():
runtimeconfig = dict()
parser = argparse.ArgumentParser(description="acertmgr - Automated Certificate Manager using ACME/Let's Encrypt") parser = argparse.ArgumentParser(description="acertmgr - Automated Certificate Manager using ACME/Let's Encrypt")
parser.add_argument("-c", "--config-file", nargs="?", parser.add_argument("-c", "--config-file", nargs="?",
help="global configuration file (default='{}')".format(DEFAULT_CONF_FILE)) help="global configuration file (default='{}')".format(DEFAULT_CONF_FILE))
@ -210,25 +213,29 @@ def load():
else: else:
domain_config_dir = DEFAULT_CONF_DIR domain_config_dir = DEFAULT_CONF_DIR
# Determine work directory... # Runtime configuration: Get from command-line options
# - work_dir
if args.work_dir: if args.work_dir:
work_dir = args.work_dir runtimeconfig['work_dir'] = args.work_dir
elif os.path.isdir(LEGACY_WORK_DIR) and domain_config_dir == LEGACY_CONF_DIR: elif os.path.isdir(LEGACY_WORK_DIR) and domain_config_dir == LEGACY_CONF_DIR:
work_dir = LEGACY_WORK_DIR print("WARNING: Legacy work dir '{}' used. Move to config-dir for 1.0".format(LEGACY_WORK_DIR))
runtimeconfig['work_dir'] = LEGACY_WORK_DIR
else: else:
# .. or use the domain configuration directory otherwise runtimeconfig['work_dir'] = domain_config_dir
work_dir = domain_config_dir # create work_dir if it does not exist yet
if not os.path.isdir(runtimeconfig['work_dir']):
os.mkdir(runtimeconfig['work_dir'], int("0700", 8))
# Determine authority agreement # - authority_tos_agreement
if args.authority_tos_agreement: if args.authority_tos_agreement:
authority_tos_agreement = args.authority_tos_agreement runtimeconfig['authority_tos_agreement'] = args.authority_tos_agreement
elif global_config_file == LEGACY_CONF_FILE: elif global_config_file == LEGACY_CONF_FILE:
# Old global config file assumes ToS are agreed # Legacy global config file assumes ToS are agreed
authority_tos_agreement = LEGACY_AUTHORITY_TOS_AGREEMENT runtimeconfig['authority_tos_agreement'] = LEGACY_AUTHORITY_TOS_AGREEMENT
else: else:
authority_tos_agreement = None runtimeconfig['authority_tos_agreement'] = None
# load global configuration # Global configuration: Load from file
globalconfig = dict() globalconfig = dict()
if os.path.isfile(global_config_file): if os.path.isfile(global_config_file):
with io.open(global_config_file) as config_fd: with io.open(global_config_file) as config_fd:
@ -244,12 +251,8 @@ def load():
if 'authority' not in globalconfig: if 'authority' not in globalconfig:
globalconfig['authority'] = LEGACY_AUTHORITY globalconfig['authority'] = LEGACY_AUTHORITY
# create work directory if it does not exist # Domain configuration(s): Load from file(s)
if not os.path.isdir(work_dir): domainconfigs = list()
os.mkdir(work_dir, int("0700", 8))
# load domain configuration
config = list()
if os.path.isdir(domain_config_dir): if os.path.isdir(domain_config_dir):
for domain_config_file in os.listdir(domain_config_dir): for domain_config_file in os.listdir(domain_config_dir):
domain_config_file = os.path.join(domain_config_dir, domain_config_file) domain_config_file = os.path.join(domain_config_dir, domain_config_file)
@ -259,11 +262,11 @@ def load():
with io.open(domain_config_file) as config_fd: with io.open(domain_config_file) as config_fd:
try: try:
for entry in json.load(config_fd).items(): for entry in json.load(config_fd).items():
config.append(parse_config_entry(entry, globalconfig, work_dir, authority_tos_agreement)) domainconfigs.append(parse_config_entry(entry, globalconfig, runtimeconfig))
except ValueError: except ValueError:
import yaml import yaml
config_fd.seek(0) config_fd.seek(0)
for entry in yaml.safe_load(config_fd).items(): for entry in yaml.safe_load(config_fd).items():
config.append(parse_config_entry(entry, globalconfig, work_dir, authority_tos_agreement)) domainconfigs.append(parse_config_entry(entry, globalconfig, runtimeconfig))
return config return runtimeconfig, domainconfigs