jobs - move certbot hooks to python
This commit is contained in:
parent
650ad7ea49
commit
00d91dcaaa
|
@ -16,7 +16,7 @@ chmod ugo+x /opt/bunkerized-nginx/entrypoint/* /opt/bunkerized-nginx/scripts/*
|
|||
chmod ugo+x /opt/bunkerized-nginx/gen/main.py
|
||||
chmod ugo+x /opt/bunkerized-nginx/jobs/main.py
|
||||
chmod ugo+x /opt/bunkerized-nginx/jobs/reload.py
|
||||
chmod ugo+x /opt/bunkerized-nginx/jobs/certbot-*.sh
|
||||
chmod ugo+x /opt/bunkerized-nginx/jobs/certbot-*.py
|
||||
chmod 770 /opt/bunkerized-nginx
|
||||
chmod 440 /opt/bunkerized-nginx/settings.json
|
||||
|
||||
|
|
|
@ -845,7 +845,7 @@ do_and_check_cmd chmod 750 /opt/bunkerized-nginx/entrypoint/*
|
|||
do_and_check_cmd chmod 750 /opt/bunkerized-nginx/gen/main.py
|
||||
do_and_check_cmd chmod 750 /opt/bunkerized-nginx/jobs/main.py
|
||||
do_and_check_cmd chmod 750 /opt/bunkerized-nginx/jobs/reload.py
|
||||
do_and_check_cmd chmod 750 /opt/bunkerized-nginx/jobs/certbot-*.sh
|
||||
do_and_check_cmd chmod 750 /opt/bunkerized-nginx/jobs/certbot-*.py
|
||||
# Set permissions for /usr/local/bin/bunkerized-nginx
|
||||
do_and_check_cmd chown root:root /usr/local/bin/bunkerized-nginx
|
||||
do_and_check_cmd chmod 750 /usr/local/bin/bunkerized-nginx
|
||||
|
|
|
@ -6,7 +6,7 @@ class CertbotNew(Job) :
|
|||
|
||||
def __init__(self, redis_host=None, copy_cache=False, domain="", email="", staging=False) :
|
||||
name = "certbot-new"
|
||||
data = ["certbot", "certonly", "--manual", "--preferred-challenges=http", "--manual-auth-hook", "/opt/bunkerized-nginx/jobs/certbot-auth.sh", "--manual-cleanup-hook", "/opt/bunkerized-nginx/jobs/certbot-cleanup.sh", "-n", "-d", domain, "--email", email, "--agree-tos"]
|
||||
data = ["certbot", "certonly", "--manual", "--preferred-challenges=http", "--manual-auth-hook", "/opt/bunkerized-nginx/jobs/certbot-auth.py", "--manual-cleanup-hook", "/opt/bunkerized-nginx/jobs/certbot-cleanup.py", "-n", "-d", domain, "--email", email, "--agree-tos"]
|
||||
if staging :
|
||||
data.append("--staging")
|
||||
type = "exec"
|
||||
|
|
|
@ -0,0 +1,36 @@
|
|||
#!/usr/bin/python3
|
||||
|
||||
import os, socket, sys, stat
|
||||
|
||||
VALIDATION = os.getenv("CERTBOT_VALIDATION", None)
|
||||
TOKEN = os.getenv("CERTBOT_TOKEN", None)
|
||||
if VALIDATION == None or TOKEN = None :
|
||||
sys.exit(1)
|
||||
|
||||
try :
|
||||
with open("/opt/bunkerized-nginx/acme-challenge/.well-known/acme-challenge/" + TOKEN, "w") as f :
|
||||
f.write(VALIDATION)
|
||||
except :
|
||||
sys.exit(2)
|
||||
|
||||
try :
|
||||
if os.path.exists("/tmp/autoconf.sock") and stat.S_ISSOCK(os.stat("/tmp/autoconf.sock").st_mode) :
|
||||
sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
|
||||
sock.connect("/tmp/autoconf.sock")
|
||||
sock.sendall(b"lock")
|
||||
data = sock.recv(512)
|
||||
if data != b"ok" :
|
||||
raise Exception("can't lock")
|
||||
sock.sendall(b"acme")
|
||||
data = sock.recv(512)
|
||||
if data != b"ok" :
|
||||
raise Exception("can't acme")
|
||||
sock.sendall(b"unlock")
|
||||
data = sock.recv(512)
|
||||
if data != b"ok" :
|
||||
raise Exception("can't unlock")
|
||||
sock.sendall(b"close")
|
||||
except :
|
||||
sys.exit(3)
|
||||
|
||||
sys.exit(0)
|
|
@ -1,9 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
. /opt/bunkerized-nginx/entrypoint/utils.sh
|
||||
|
||||
echo $CERTBOT_VALIDATION > /opt/bunkerized-nginx/acme-challenge/.well-known/acme-challenge/$CERTBOT_TOKEN
|
||||
|
||||
if [ -S "/tmp/autoconf.sock" ] ; then
|
||||
echo -e "lock\nacme\nunlock" | socat UNIX-CONNECT:/tmp/autoconf.sock -
|
||||
fi
|
|
@ -0,0 +1,14 @@
|
|||
#!/usr/bin/python3
|
||||
|
||||
import os, sys
|
||||
|
||||
TOKEN = os.getenv("CERTBOT_TOKEN", None)
|
||||
if TOKEN == None :
|
||||
sys.exit(1)
|
||||
|
||||
try :
|
||||
os.remove("/opt/bunkerized-nginx/acme-challenge/.well-known/acme-challenge/" + TOKEN)
|
||||
except :
|
||||
sys.exit(2)
|
||||
|
||||
sys.exit(0)
|
|
@ -1,3 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
rm -f /opt/bunkerized-nginx/acme-challenge/.well-known/acme-challenge/$CERTBOT_TOKEN
|
Loading…
Reference in New Issue