rpms-fedora-ims/md-renewed
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1.2.9

Browse Source
This commit is contained in:
Zoran Peričić
2022-02-08 21:20:37 +01:00
parent dfa4ce5320
commit 01f5d5fe3e
7 changed files with 139 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
md-message
View File

@@ -11,36 +11,73 @@ MSG="$1"
DOMAIN="$2" DOMAIN="$2"
mkdir -p $MD_RENEWED_DIR mkdir -p $MD_RENEWED_DIR
mkdir -p $MD_RENEWED_DIR/{ready,renewing,renewed,installed,expiring,errored,ocsp-renewed,oscp-errored} mkdir -p $MD_RENEWED_DIR/{renewing,renewed,installed,expiring,errored,ocsp-renewed,oscp-errored}
case $1 in case $1 in
renewing) renewing)
if [[ ! -d $MD_RENEWED_DIR/renewing ]]; then
mkdir -p $MD_RENEWED_DIR/renewing
fi
if [[ -f $MD_RENEWED_DIR/renewing/$DOMAIN ]]; then if [[ -f $MD_RENEWED_DIR/renewing/$DOMAIN ]]; then
exit 1 exit 1
fi fi
hostname > $MD_RENEWED_DIR/renewing/$DOMAIN echo $(date) $(hostname) > $MD_RENEWED_DIR/renewing/$DOMAIN
;; ;;
renewed) renewed)
rm -f $MD_RENEWED_DIR/renewing/$DOMAIN if [[ ! -d $MD_RENEWED_DIR/renewed ]]; then
hostname > $MD_RENEWED_DIR/renewed/$DOMAIN mkdir -p $MD_RENEWED_DIR/renewed
hostname > $MD_RENEWED_DIR/ready/$DOMAIN fi
if [[ -f $MD_RENEWED_DIR/renewing/$DOMAIN ]]; then
rm -f $MD_RENEWED_DIR/renewing/$DOMAIN
fi
if [[ -z $MD_RENEWED_HOST_DIR ]]; then
echo $(date) $(hostname) > $MD_RENEWED_DIR/renewed/$DOMAIN
else
mkdir -p $MD_RENEWED_DIR/renewed/$MD_RENEWED_HOST_DIR
for f in $MD_RENEWED_DIR/renewed/*/; do
if [[ ! -d "$f" ]]; then
continue
fi
echo $(date) $(hostname) > ${f}${DOMAIN}
done
fi
;; ;;
installed) installed)
rm -f $MD_RENEWED_DIR/renewing/$DOMAIN DEST=$MD_RENEWED_DIR/installed
hostname > $MD_RENEWED_DIR/installed/$DOMAIN if [[ ! -d $DEST ]]; then
mkdir -p $DEST
fi
if [[ ! -z $MD_RENEWED_HOST_DIR ]]; then
DEST=$MD_RENEWED_DIR/installed/$MD_RENEWED_HOST_DIR
mkdir -p $DEST
fi
mkdir -p $DEST
echo $(date) $(hostname) > $DEST/$DOMAIN
;; ;;
expiring) expiring)
hostname > $MD_RENEWED_DIR/expiring/$DOMAIN if [[ ! -d $MD_RENEWED_DIR/expiring ]]; then
mkdir -p $MD_RENEWED_DIR/expiring
fi
echo $(date) $(hostname) > $MD_RENEWED_DIR/expiring/$DOMAIN
;; ;;
errored) errored)
if [[ ! -d $MD_RENEWED_DIR/errored ]]; then
mkdir -p $MD_RENEWED_DIR/errored
fi
rm -f $MD_RENEWED_DIR/renewing/$DOMAIN rm -f $MD_RENEWED_DIR/renewing/$DOMAIN
hostname > $MD_RENEWED_DIR/errored/$DOMAIN echo $(date) $(hostname) > $MD_RENEWED_DIR/errored/$DOMAIN
;; ;;
ocsp-renewed) ocsp-renewed)
hostname > $MD_RENEWED_DIR/ocsp-renewed/$DOMAIN if [[ ! -d $MD_RENEWED_DIR/ocsp-renewed ]]; then
mkdir -p $MD_RENEWED_DIR/ocsp-renewed
fi
echo $(date) $(hostname) > $MD_RENEWED_DIR/ocsp-renewed/$DOMAIN
;; ;;
ocsp-errored) ocsp-errored)
hostname > $MD_RENEWED_DIR/ocsp-errored/$DOMAIN if [[ ! -d $MD_RENEWED_DIR/ocsp-errored ]]; then
mkdir -p $MD_RENEWED_DIR/ocsp-errored
fi
echo $(date) $(hostname) > $MD_RENEWED_DIR/ocsp-errored/$DOMAIN
;; ;;
esac esac

52
md-renewed
View File

@@ -7,6 +7,8 @@ if [[ -f /etc/md-renewed/md-renewed.conf ]]; then
. /etc/md-renewed/md-renewed.conf . /etc/md-renewed/md-renewed.conf
fi fi
MYDOMAINS=$(curl -s http://127.0.0.1/md-renewed-status | tail -n +1 | jq -r '."managed-domains"[].name' 2>/dev/null)
function set_permissions function set_permissions
{ {
local FILE="$1" local FILE="$1"
@@ -55,15 +57,29 @@ function run_copy
KEY_FILE="$CERT_FILE" KEY_FILE="$CERT_FILE"
fi fi
cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem > $CERT_FILE if [[ -f ${MOD_MD_DIR}/staging/$DOMAIN/pubcert.pem ]]; then
cat ${MOD_MD_DIR}/staging/$DOMAIN/pubcert.pem > $CERT_FILE
else
cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem > $CERT_FILE
fi
set_permissions "$CERT_FILE" "$CERT_OWNER" "$CERT_GROUP" "$CERT_MODE" set_permissions "$CERT_FILE" "$CERT_OWNER" "$CERT_GROUP" "$CERT_MODE"
if [[ $CERT_FILE != $KEY_FILE ]]; then if [[ $CERT_FILE != $KEY_FILE ]]; then
cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem > $KEY_FILE if [[ -f ${MOD_MD_DIR}/staging/$DOMAIN/privkey.pem ]]; then
cat ${MOD_MD_DIR}/staging/$DOMAIN/privkey.pem > $KEY_FILE
else
cat ${MOD_MD_DIR}/domains/$DOMAIN/privkey.pem > $KEY_FILE
fi
else else
cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem >> $KEY_FILE if [[ -f ${MOD_MD_DIR}/staging/$DOMAIN/privkey.pem ]]; then
cat ${MOD_MD_DIR}/staging/$DOMAIN/privkey.pem >> $KEY_FILE
else
cat ${MOD_MD_DIR}/domains/$DOMAIN/privkey.pem >> $KEY_FILE
fi
fi fi
set_permissions "$CERT_FILE" "$KEY_OWNER" "$KEY_GROUP" "$KEY_MODE"
set_permissions "$KEY_FILE" "$KEY_OWNER" "$KEY_GROUP" "$KEY_MODE"
} }
function run_service function run_service
@@ -100,25 +116,37 @@ function domain_renew
HTTP_RELOAD=n HTTP_RELOAD=n
for f in ${MD_RENEWED_DIR}/renewed/*; do if [ -z $MD_RENEWED_HOST_DIR ]; then
MY_RENEWED_DIR=${MD_RENEWED_DIR}/renewed
else
MY_RENEWED_DIR=${MD_RENEWED_DIR}/renewed/${MD_RENEWED_HOST_DIR}
fi
echo "md-renewed.service Looking for our domains: ${MYDOMAINS[*]}"
for f in ${MY_RENEWED_DIR}/*; do
if [[ ! -f $f ]]; then if [[ ! -f $f ]]; then
continue continue
fi fi
HTTPD_RELOAD=y
DOMAIN=$(basename $f) DOMAIN=$(basename $f)
rm -f $f
echo "md-renewed.service Checking domain $DOMAIN"
#rm -f $f for i in ${MYDOMAINS[@]}; do
if [[ $DOMAIN == $i ]]; then
echo "md-renewed.service $DOMAIN is our."
HTTPD_RELOAD=y
fi
done
if [[ ! -d /etc/md-renewed/$f ]]; then if [[ -d /etc/md-renewed/$DOMAIN ]]; then
continue domain_renew "$DOMAIN"
fi fi
domain_renew "$DOMAIN"
done done
if [[ $HTTPD_RELOAD == y ]]; then if [[ $HTTPD_RELOAD == y ]]; then
echo "md-renewed.service Restarting apache."
sleep $[ ( $RANDOM % 60 ) + 1 ]s
/usr/bin/systemctl reload httpd /usr/bin/systemctl reload httpd
fi fi

6
md-renewed-httpd.conf
View File

@@ -1,2 +1,8 @@
MDMessageCmd /usr/libexec/md-renewed/md-message MDMessageCmd /usr/libexec/md-renewed/md-message
<Location "/md-renewed-status">
<If "%{HTTP_HOST} == '127.0.0.1'">
SetHandler md-status
Require local
</If>
</Location>

1
md-renewed-tmpfiles.conf
View File

@@ -1 +0,0 @@
d /run/md-renewed 0770 root apache

1
md-renewed.conf
View File

@@ -1,4 +1,5 @@
MOD_MD_DIR=/var/lib/httpd/md MOD_MD_DIR=/var/lib/httpd/md
MD_RENEWED_DIR=/var/lib/httpd/md-renewed MD_RENEWED_DIR=/var/lib/httpd/md-renewed
MD_RENEWED_HOST_DIR=

10
md-renewed.path
View File

@@ -1,7 +1,13 @@
[Path] [Path]
#PathExistsGlob=/var/lib/httpd/md-renewed/renewed/* PathExistsGlob=/var/lib/httpd/md-renewed/renewed/%H/*
PathModified=/var/lib/httpd/md-renewed/renewed
Unit=md-renewed.service Unit=md-renewed.service
MakeDirectory=true
DirectoryMode=0777
[Unit]
BindsTo=httpd.service
After=httpd.service
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

65
md-renewed.spec
View File

@@ -1,5 +1,5 @@
Name: md-renewed Name: md-renewed
Version: 1.1.4 Version: 1.2.9
Release: 1%{?dist} Release: 1%{?dist}
Summary: Restart service on Apache module mod_md certificate renewal Summary: Restart service on Apache module mod_md certificate renewal
License: MIT License: MIT
@@ -11,15 +11,16 @@ Source0: md-renewed
Source1: md-message Source1: md-message
Source2: md-renewed.path Source2: md-renewed.path
Source3: md-renewed.service Source3: md-renewed.service
Source4: md-renewed-tmpfiles.conf
Source5: md-renewed-httpd.conf Source10: md-renewed-httpd.conf
Source6: md-renewed.conf Source11: md-renewed.conf
Source7: example.service Source20: example.service
Source8: example.cert Source21: example.cert
Source9: example.sh Source22: example.sh
Requires: httpd Requires: httpd
Requires: mod_md Requires: mod_md
%{?systemd_requires} %{?systemd_requires}
BuildRequires: systemd-rpm-macros BuildRequires: systemd-rpm-macros
@@ -29,40 +30,39 @@ Restart service on Apache module mod_md certificate renewal
%install %install
%{__rm} -rf %{buildroot} %{__rm} -rf %{buildroot}
install -d -m 0755 %{buildroot}%{_libexecdir}/md-renewed %{__install} -d -m 0755 %{buildroot}%{_libexecdir}/md-renewed
install -m 0755 %{SOURCE0} %{buildroot}%{_libexecdir}/md-renewed/md-renewed %{__install} -m 0755 %{SOURCE0} %{buildroot}%{_libexecdir}/md-renewed/md-renewed
install -m 0755 %{SOURCE1} %{buildroot}%{_libexecdir}/md-renewed/md-message %{__install} -m 0755 %{SOURCE1} %{buildroot}%{_libexecdir}/md-renewed/md-message
install -d -m 0755 %{buildroot}%{_unitdir} %{__install} -d -m 0755 %{buildroot}%{_unitdir}
install -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/ %{__install} -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/
install -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/ %{__install} -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/
install -d -m 0755 %{buildroot}%{_tmpfilesdir} %{__install} -d -m 0755 %{buildroot}%{_sysconfdir}/httpd/conf.d
install -m 0644 %{SOURCE4} %{buildroot}%{_tmpfilesdir}/md-renewed.conf %{__install} -m 0644 %{SOURCE10} %{buildroot}%{_sysconfdir}/httpd/conf.d/md-renewed.conf
install -d -m 0755 %{buildroot}%{_sysconfdir}/httpd/conf.d %{__install} -d -m 0755 %{buildroot}%{_sysconfdir}/md-renewed
install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/httpd/conf.d/md-renewed.conf %{__install} -m 0644 %{SOURCE11} %{buildroot}%{_sysconfdir}/md-renewed/
install -d -m 0755 %{buildroot}%{_sysconfdir}/md-renewed %{__install} -d -m 0755 %{buildroot}%{_sysconfdir}/md-renewed/example.com
install -m 0644 %{SOURCE6} %{buildroot}%{_sysconfdir}/md-renewed/ %{__install} -m 0644 %{SOURCE20} %{buildroot}%{_sysconfdir}/md-renewed/example.com/
%{__install} -m 0644 %{SOURCE21} %{buildroot}%{_sysconfdir}/md-renewed/example.com/
%{__install} -m 0755 %{SOURCE22} %{buildroot}%{_sysconfdir}/md-renewed/example.com/
install -d -m 0755 %{buildroot}%{_sysconfdir}/md-renewed/example.com %{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/
install -m 0644 %{SOURCE7} %{buildroot}%{_sysconfdir}/md-renewed/example.com/ %{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/renewed
install -m 0644 %{SOURCE8} %{buildroot}%{_sysconfdir}/md-renewed/example.com/ %{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/renewing
install -m 0755 %{SOURCE9} %{buildroot}%{_sysconfdir}/md-renewed/example.com/ %{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/errored
%{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/ocsp-renewed
%{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/ocsp-errored
%post %post
%systemd_post md-renewed.service
%systemd_post md-renewed.path %systemd_post md-renewed.path
%tmpfiles_create %{_tmpfilesdir}/md-renewed.conf
%preun %preun
%systemd_preun md-renewed.service
%systemd_preun md-renewed.path %systemd_preun md-renewed.path
%postun %postun
%systemd_postun md-renewed.service
%systemd_postun md-renewed.path %systemd_postun md-renewed.path
%clean %clean
@@ -77,9 +77,16 @@ install -m 0755 %{SOURCE9} %{buildroot}%{_sysconfdir}/md-renewed/example.com/
%{_libexecdir}/md-renewed/md-renewed %{_libexecdir}/md-renewed/md-renewed
%{_libexecdir}/md-renewed/md-message %{_libexecdir}/md-renewed/md-message
%{_unitdir}/md-renewed.service %{_unitdir}/md-renewed.service
%{_unitdir}/md-renewed.path %{_unitdir}/md-renewed.path
%{_tmpfilesdir}/md-renewed.conf
%dir %attr(-, root, apache) %{_sharedstatedir}/httpd/md-renewed/
%dir %attr(-, root, apache) %{_sharedstatedir}/httpd/md-renewed/renewed
%dir %attr(-, root, apache) %{_sharedstatedir}/httpd/md-renewed/renewing
%dir %attr(-, root, apache) %{_sharedstatedir}/httpd/md-renewed/errored
%dir %attr(-, root, apache) %{_sharedstatedir}/httpd/md-renewed/ocsp-renewed
%dir %attr(-, root, apache) %{_sharedstatedir}/httpd/md-renewed/ocsp-errored
%changelog %changelog
* Tue Nov 30 2021 Zoran Pericic <zpericic@netst.org> - 1.0.0-1 * Tue Nov 30 2021 Zoran Pericic <zpericic@netst.org> - 1.0.0-1