1
0
mirror of https://github.com/moepman/acertmgr.git synced 2025-01-04 01:25:24 +01:00

acertmgr: log exceptions during processing, raise afterward

If anything goes wrong during cert_get/cert_put/running
actions/cert_revoke superseded do not fail completely and continue with
the remaining domains to process. Print all exceptions and after
processing raise a RuntimeError
This commit is contained in:
Kishi85 2019-03-28 14:34:06 +01:00
parent 7e4c350a4f
commit fe7a064604

View File

@ -137,8 +137,10 @@ def main():
# post-update actions (run only once) # post-update actions (run only once)
actions = set() actions = set()
superseded = set() superseded = set()
exceptions = list()
# check certificate validity and obtain/renew certificates if needed # check certificate validity and obtain/renew certificates if needed
for config in domainconfigs: for config in domainconfigs:
try:
cert = None cert = None
if os.path.isfile(config['cert_file']): if os.path.isfile(config['cert_file']):
cert = tools.read_pem_file(config['cert_file']) cert = tools.read_pem_file(config['cert_file'])
@ -148,16 +150,24 @@ def main():
cert_get(config) cert_get(config)
if str(config.get('cert_revoke_superseded')).lower() == 'true' and cert: if str(config.get('cert_revoke_superseded')).lower() == 'true' and cert:
superseded.add(cert) superseded.add(cert)
except Exception as e:
print("Certificate issue/renew failed: {}".format(e))
exceptions.append(e)
# deploy new certificates after all are renewed # deploy new certificates after all are renewed
deployment_success = True
for config in domainconfigs: for config in domainconfigs:
try:
for cfg in config['actions']: for cfg in config['actions']:
if not tools.target_is_current(cfg['path'], config['cert_file']): if not tools.target_is_current(cfg['path'], config['cert_file']):
print("Updating '{}' due to newer version".format(cfg['path'])) print("Updating '{}' due to newer version".format(cfg['path']))
actions.add(cert_put(cfg)) actions.add(cert_put(cfg))
except Exception as e:
print("Certificate deployment failed: {}".format(e))
exceptions.append(e)
deployment_success = False
# run post-update actions # run post-update actions
all_actions_success = True
for action in actions: for action in actions:
if action is not None: if action is not None:
try: try:
@ -166,12 +176,21 @@ def main():
print("Executed '{}' successfully: {}".format(action, output)) print("Executed '{}' successfully: {}".format(action, output))
except subprocess.CalledProcessError as e: except subprocess.CalledProcessError as e:
print("Execution of '{}' failed with error '{}': {}".format(e.cmd, e.returncode, e.output)) print("Execution of '{}' failed with error '{}': {}".format(e.cmd, e.returncode, e.output))
all_actions_success = False exceptions.append(e)
deployment_success = False
# revoke old certificates as superseded # revoke old certificates as superseded
if all_actions_success: if deployment_success:
for superseded_cert in superseded: for superseded_cert in superseded:
try:
print("Revoking previous certificate '{}' valid until {} as superseded".format( print("Revoking previous certificate '{}' valid until {} as superseded".format(
superseded_cert, superseded_cert,
superseded_cert.not_valid_after)) superseded_cert.not_valid_after))
cert_revoke(superseded_cert, domainconfigs, reason=4) # reason=4 is superseded cert_revoke(superseded_cert, domainconfigs, reason=4) # reason=4 is superseded
except Exception as e:
print("Certificate supersede revoke failed: {}".format(e))
exceptions.append(e)
# throw a RuntimeError with all exceptions caught while working if there were any
if len(exceptions) > 0:
raise RuntimeError("{} exception(s) occurred during runtime: {}".format(len(exceptions), exceptions))