moepman/acertmgr
1
0
Fork 0
mirror of https://github.com/moepman/acertmgr.git synced 2025-01-07 18:25:25 +01:00
Code Releases Activity

Rename notify to action and execute them only once.

Browse Source
This commit is contained in:
Markus 2016-02-21 11:18:32 +01:00
parent 682f5bf252
commit 980daea649
2 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
README.md
View File

@ -58,16 +58,23 @@ defaults:
--- ---
mail.example.com: mail.example.com:
- path: /etc/postfix/ssl/mail.key
user: postfix
group: postfix
perm: '400'
format: key
action: '/etc/init.d/postfix reload'
- path: /etc/postfix/ssl/mail.crt - path: /etc/postfix/ssl/mail.crt
user: postfix user: postfix
group: postfix group: postfix
perm: '400' perm: '400'
notify: '/etc/init.d/postfix reload' format: crt
action: '/etc/init.d/postfix reload'
- path: /etc/dovecot/ssl/mail.crt - path: /etc/dovecot/ssl/mail.crt
user: dovecot user: dovecot
group: dovecot group: dovecot
perm: '400' perm: '400'
notify: '/etc/init.d/dovecot reload' action: '/etc/init.d/dovecot reload'
``` ```
Security Security

16
acertmgr.py
View File

@ -162,6 +162,7 @@ def cert_get(domain, settings):
# @brief put new certificate in place # @brief put new certificate in place
# @param domain string containing the domain name # @param domain string containing the domain name
# @param settings the domain's configuration options # @param settings the domain's configuration options
# @return the action to be executed after the certificate update
def cert_put(domain, settings): def cert_put(domain, settings):
# TODO error handling # TODO error handling
crt_user = settings['user'] crt_user = settings['user']
@ -169,7 +170,7 @@ def cert_put(domain, settings):
crt_perm = settings['perm'] crt_perm = settings['perm']
crt_path = settings['path'] crt_path = settings['path']
crt_format = settings['format'].split(",") crt_format = settings['format'].split(",")
crt_notify = settings['notify'] crt_action = settings['action']
key_file = ACME_DIR + "server.key" key_file = ACME_DIR + "server.key"
crt_final = ACME_DIR + "%s.crt" % domain crt_final = ACME_DIR + "%s.crt" % domain
@ -185,7 +186,7 @@ def cert_put(domain, settings):
crt_fd.write(src_fd.read()) crt_fd.write(src_fd.read())
src_fd.close() src_fd.close()
else: else:
# TODO error handling print()
pass pass
# set owner and permissions # set owner and permissions
@ -200,8 +201,7 @@ def cert_put(domain, settings):
except OSError: except OSError:
print('Warning: Could not set certificate file permissions!') print('Warning: Could not set certificate file permissions!')
# restart/reload service return crt_action
subprocess.call(crt_notify.split())
# @brief augment configuration with defaults # @brief augment configuration with defaults
@ -232,7 +232,9 @@ if __name__ == "__main__":
if config_file.endswith(".conf"): if config_file.endswith(".conf"):
with open(ACME_CONFD + config_file) as config_fd: with open(ACME_CONFD + config_file) as config_fd:
config['domains'].update(yaml.load(config_fd)) config['domains'].update(yaml.load(config_fd))
#print(str(config))
# post-update actions (run only once)
actions = set()
# check certificate validity and obtain/renew certificates if needed # check certificate validity and obtain/renew certificates if needed
for domain, domaincfgs in config['domains'].items(): for domain, domaincfgs in config['domains'].items():
@ -246,3 +248,7 @@ if __name__ == "__main__":
for domaincfg in domaincfgs: for domaincfg in domaincfgs:
cfg = complete_config(domaincfg, config['defaults']) cfg = complete_config(domaincfg, config['defaults'])
cert_put(domain, cfg) cert_put(domain, cfg)
# run post-update actions
for action in actions:
subprocess.call(action.split())