integrations - acme without shared folder when using k8s/swarm

autoconf/src/Config.py

@@ -29,9 +29,9 @@ class Config :
 		stdout = proc.stdout.decode("ascii")
 		stderr = proc.stderr.decode("ascii")
 		if len(stdout) > 1 :
-			log("config", "INFO", "jobs stdout : " + stdout)
+			log("config", "INFO", "jobs stdout :\n" + stdout)
 		if stderr != "" :
-			log("config", "ERROR", "jobs stderr : " + stderr)
+			log("config", "ERROR", "jobs stderr :\n" + stderr)
 		if proc.returncode != 0 :
 			log("config", "ERROR", "jobs error (return code = " + str(proc.returncode) + ")")
 			return False
@@ -78,10 +78,12 @@ class Config :
 			ret = self.__api_call(instances, "/reload")
 		return ret
 
-	def send(self, instances) :
+	def send(self, instances, files="all") :
 		ret = True
 		fail = False
 		for name, path in CONFIGS.items() :
+			if files != "all" and name != files :
+				continue
 			file = self.__tarball(path)
 			if not self.__api_call(instances, "/" + name, file=file) :
 				log("config", "ERROR", "can't send config " + name + " to instance(s)")

autoconf/src/Controller.py

@@ -53,9 +53,9 @@ class Controller(ABC) :
 			ret = False
 		return ret
 
-	def _send(self, instances) :
+	def _send(self, instances, files="all") :
 		try :
-			ret = self._config.send(instances)
+			ret = self._config.send(instances, files=files)
 		except Exception as e :
 			ret = False
 		return ret

autoconf/src/IngressController.py

@@ -50,18 +50,26 @@ class IngressController(Controller.Controller) :
 	def __rules_to_env(self, rules, namespace="default") :
 		env = {}
 		first_servers = []
+		numbers = {}
 		for rule in rules :
 			rule = rule.to_dict()
 			prefix = ""
+			number = 1
 			if "host" in rule :
 				prefix = rule["host"] + "_"
 				first_servers.append(rule["host"])
+				if not rule["host"] in numbers :
+					numbers[rule["host"]] = 1
+				number = numbers[rule["host"]]
 			if not "http" in rule or not "paths" in rule["http"] :
 				continue
+			env[prefix + "USE_REVERSE_PROXY"] = "yes"
 			for path in rule["http"]["paths"] :
-				env[prefix + "USE_REVERSE_PROXY"] = "yes"
-				env[prefix + "REVERSE_PROXY_URL"] = path["path"]
-				env[prefix + "REVERSE_PROXY_HOST"] = "http://" + path["backend"]["service_name"] + "." + namespace + ".svc.cluster.local:" + str(path["backend"]["service_port"])
+				suffix = "_" + str(number)
+				env[prefix + "REVERSE_PROXY_URL" + suffix] = path["path"]
+				env[prefix + "REVERSE_PROXY_HOST" + suffix] = "http://" + path["backend"]["service_name"] + "." + namespace + ".svc.cluster.local:" + str(path["backend"]["service_port"])
+				number += 1
+			numbers[rule["host"]] = number
 		env["SERVER_NAME"] = " ".join(first_servers)
 		return env
 
@@ -135,8 +143,8 @@ class IngressController(Controller.Controller) :
 	def reload(self) :
 		return self._reload(self.__get_services(autoconf=True))
 
-	def send(self) :
-		return self._send(self.__get_services(autoconf=True))
+	def send(self, files="all") :
+		return self._send(self.__get_services(autoconf=True), files=files)
 
 	def stop_temp(self) :
 		return self._stop_temp(self.__get_services(autoconf=True))

autoconf/src/ReloadServer.py

@@ -10,7 +10,6 @@ class ReloadServerHandler(socketserver.BaseRequestHandler):
 
 			while True :
 				data = self.request.recv(512)
-				print(data, flush=True)
 				if not data or not data in [b"lock", b"reload", b"unlock", b"acme"] :
 					break
 				if data == b"lock" :
@@ -22,7 +21,7 @@ class ReloadServerHandler(socketserver.BaseRequestHandler):
 					locked = False
 					self.request.sendall(b"ok")
 				elif data == b"acme" :
-					ret = self.server.controller.send()
+					ret = self.server.controller.send(files="acme")
 					if ret :
 						self.request.sendall(b"ok")
 					else :
@@ -38,8 +37,11 @@ class ReloadServerHandler(socketserver.BaseRequestHandler):
 		if locked :
 			self.server.controller.lock.release()
 
+class ThreadingUnixServer(socketserver.ThreadingMixIn, socketserver.UnixStreamServer) :
+	pass
+
 def run_reload_server(controller) :
-	server = socketserver.UnixStreamServer("/tmp/autoconf.sock", ReloadServerHandler)
+	server = ThreadingUnixServer("/tmp/autoconf.sock", ReloadServerHandler)
 	os.chown("/tmp/autoconf.sock", 0, 101)
 	os.chmod("/tmp/autoconf.sock", 0o770)
 	server.controller = controller

autoconf/src/SwarmController.py

@@ -61,8 +61,8 @@ class SwarmController(Controller.Controller) :
 	def reload(self) :
 		return self._reload(self.__get_instances())
 
-	def send(self) :
-		return self._send(self.__get_instances())
+	def send(self, files="all") :
+		return self._send(self.__get_instances(), files=files)
 
 	def stop_temp(self) :
 		return self._stop_temp(self.__get_instances())

helpers/docker.sh

@@ -13,7 +13,7 @@ for folder in $folders ; do
 done
 mkdir -p /acme-challenge/.well-known/acme-challenge
 chown -R root:nginx /acme-challenge
-chmod 770 /acme-challenge
+chmod -R 770 /acme-challenge
 
 # prepare /var/log
 rm -f /var/log/nginx/*

jobs/certbot-auth.py

@@ -4,7 +4,7 @@ import os, socket, sys, stat
 
 VALIDATION = os.getenv("CERTBOT_VALIDATION", None)
 TOKEN = os.getenv("CERTBOT_TOKEN", None)
-if VALIDATION == None or TOKEN = None :
+if VALIDATION == None or TOKEN == None :
 	sys.exit(1)
 
 try :
@@ -17,18 +17,10 @@ try :
 	if os.path.exists("/tmp/autoconf.sock") and stat.S_ISSOCK(os.stat("/tmp/autoconf.sock").st_mode) :
 		sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
 		sock.connect("/tmp/autoconf.sock")
-		sock.sendall(b"lock")
-		data = sock.recv(512)
-		if data != b"ok" :
-			raise Exception("can't lock")
 		sock.sendall(b"acme")
 		data = sock.recv(512)
 		if data != b"ok" :
 			raise Exception("can't acme")
-		sock.sendall(b"unlock")
-		data = sock.recv(512)
-		if data != b"ok" :
-			raise Exception("can't unlock")
 		sock.sendall(b"close")
 except :
 	sys.exit(3)

lua/api.lua

@@ -88,7 +88,7 @@ function M.save_file (name)
 		return false
 	end
 	form:set_timeout(1000)
-	file = io.open(name, "w")
+	local file = io.open(name, "w")
 	while true do
 		local typ, res, err = form:read()
 		if not typ then