integrations - acme without shared folder when using k8s/swarm
This commit is contained in:
parent
00d91dcaaa
commit
4e45fa3874
|
@ -29,9 +29,9 @@ class Config :
|
|||
stdout = proc.stdout.decode("ascii")
|
||||
stderr = proc.stderr.decode("ascii")
|
||||
if len(stdout) > 1 :
|
||||
log("config", "INFO", "jobs stdout : " + stdout)
|
||||
log("config", "INFO", "jobs stdout :\n" + stdout)
|
||||
if stderr != "" :
|
||||
log("config", "ERROR", "jobs stderr : " + stderr)
|
||||
log("config", "ERROR", "jobs stderr :\n" + stderr)
|
||||
if proc.returncode != 0 :
|
||||
log("config", "ERROR", "jobs error (return code = " + str(proc.returncode) + ")")
|
||||
return False
|
||||
|
@ -78,10 +78,12 @@ class Config :
|
|||
ret = self.__api_call(instances, "/reload")
|
||||
return ret
|
||||
|
||||
def send(self, instances) :
|
||||
def send(self, instances, files="all") :
|
||||
ret = True
|
||||
fail = False
|
||||
for name, path in CONFIGS.items() :
|
||||
if files != "all" and name != files :
|
||||
continue
|
||||
file = self.__tarball(path)
|
||||
if not self.__api_call(instances, "/" + name, file=file) :
|
||||
log("config", "ERROR", "can't send config " + name + " to instance(s)")
|
||||
|
|
|
@ -53,9 +53,9 @@ class Controller(ABC) :
|
|||
ret = False
|
||||
return ret
|
||||
|
||||
def _send(self, instances) :
|
||||
def _send(self, instances, files="all") :
|
||||
try :
|
||||
ret = self._config.send(instances)
|
||||
ret = self._config.send(instances, files=files)
|
||||
except Exception as e :
|
||||
ret = False
|
||||
return ret
|
||||
|
|
|
@ -50,18 +50,26 @@ class IngressController(Controller.Controller) :
|
|||
def __rules_to_env(self, rules, namespace="default") :
|
||||
env = {}
|
||||
first_servers = []
|
||||
numbers = {}
|
||||
for rule in rules :
|
||||
rule = rule.to_dict()
|
||||
prefix = ""
|
||||
number = 1
|
||||
if "host" in rule :
|
||||
prefix = rule["host"] + "_"
|
||||
first_servers.append(rule["host"])
|
||||
if not rule["host"] in numbers :
|
||||
numbers[rule["host"]] = 1
|
||||
number = numbers[rule["host"]]
|
||||
if not "http" in rule or not "paths" in rule["http"] :
|
||||
continue
|
||||
env[prefix + "USE_REVERSE_PROXY"] = "yes"
|
||||
for path in rule["http"]["paths"] :
|
||||
env[prefix + "USE_REVERSE_PROXY"] = "yes"
|
||||
env[prefix + "REVERSE_PROXY_URL"] = path["path"]
|
||||
env[prefix + "REVERSE_PROXY_HOST"] = "http://" + path["backend"]["service_name"] + "." + namespace + ".svc.cluster.local:" + str(path["backend"]["service_port"])
|
||||
suffix = "_" + str(number)
|
||||
env[prefix + "REVERSE_PROXY_URL" + suffix] = path["path"]
|
||||
env[prefix + "REVERSE_PROXY_HOST" + suffix] = "http://" + path["backend"]["service_name"] + "." + namespace + ".svc.cluster.local:" + str(path["backend"]["service_port"])
|
||||
number += 1
|
||||
numbers[rule["host"]] = number
|
||||
env["SERVER_NAME"] = " ".join(first_servers)
|
||||
return env
|
||||
|
||||
|
@ -135,8 +143,8 @@ class IngressController(Controller.Controller) :
|
|||
def reload(self) :
|
||||
return self._reload(self.__get_services(autoconf=True))
|
||||
|
||||
def send(self) :
|
||||
return self._send(self.__get_services(autoconf=True))
|
||||
def send(self, files="all") :
|
||||
return self._send(self.__get_services(autoconf=True), files=files)
|
||||
|
||||
def stop_temp(self) :
|
||||
return self._stop_temp(self.__get_services(autoconf=True))
|
||||
|
|
|
@ -10,7 +10,6 @@ class ReloadServerHandler(socketserver.BaseRequestHandler):
|
|||
|
||||
while True :
|
||||
data = self.request.recv(512)
|
||||
print(data, flush=True)
|
||||
if not data or not data in [b"lock", b"reload", b"unlock", b"acme"] :
|
||||
break
|
||||
if data == b"lock" :
|
||||
|
@ -22,7 +21,7 @@ class ReloadServerHandler(socketserver.BaseRequestHandler):
|
|||
locked = False
|
||||
self.request.sendall(b"ok")
|
||||
elif data == b"acme" :
|
||||
ret = self.server.controller.send()
|
||||
ret = self.server.controller.send(files="acme")
|
||||
if ret :
|
||||
self.request.sendall(b"ok")
|
||||
else :
|
||||
|
@ -38,8 +37,11 @@ class ReloadServerHandler(socketserver.BaseRequestHandler):
|
|||
if locked :
|
||||
self.server.controller.lock.release()
|
||||
|
||||
class ThreadingUnixServer(socketserver.ThreadingMixIn, socketserver.UnixStreamServer) :
|
||||
pass
|
||||
|
||||
def run_reload_server(controller) :
|
||||
server = socketserver.UnixStreamServer("/tmp/autoconf.sock", ReloadServerHandler)
|
||||
server = ThreadingUnixServer("/tmp/autoconf.sock", ReloadServerHandler)
|
||||
os.chown("/tmp/autoconf.sock", 0, 101)
|
||||
os.chmod("/tmp/autoconf.sock", 0o770)
|
||||
server.controller = controller
|
||||
|
|
|
@ -61,8 +61,8 @@ class SwarmController(Controller.Controller) :
|
|||
def reload(self) :
|
||||
return self._reload(self.__get_instances())
|
||||
|
||||
def send(self) :
|
||||
return self._send(self.__get_instances())
|
||||
def send(self, files="all") :
|
||||
return self._send(self.__get_instances(), files=files)
|
||||
|
||||
def stop_temp(self) :
|
||||
return self._stop_temp(self.__get_instances())
|
||||
|
|
|
@ -13,7 +13,7 @@ for folder in $folders ; do
|
|||
done
|
||||
mkdir -p /acme-challenge/.well-known/acme-challenge
|
||||
chown -R root:nginx /acme-challenge
|
||||
chmod 770 /acme-challenge
|
||||
chmod -R 770 /acme-challenge
|
||||
|
||||
# prepare /var/log
|
||||
rm -f /var/log/nginx/*
|
||||
|
|
|
@ -4,7 +4,7 @@ import os, socket, sys, stat
|
|||
|
||||
VALIDATION = os.getenv("CERTBOT_VALIDATION", None)
|
||||
TOKEN = os.getenv("CERTBOT_TOKEN", None)
|
||||
if VALIDATION == None or TOKEN = None :
|
||||
if VALIDATION == None or TOKEN == None :
|
||||
sys.exit(1)
|
||||
|
||||
try :
|
||||
|
@ -17,18 +17,10 @@ try :
|
|||
if os.path.exists("/tmp/autoconf.sock") and stat.S_ISSOCK(os.stat("/tmp/autoconf.sock").st_mode) :
|
||||
sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
|
||||
sock.connect("/tmp/autoconf.sock")
|
||||
sock.sendall(b"lock")
|
||||
data = sock.recv(512)
|
||||
if data != b"ok" :
|
||||
raise Exception("can't lock")
|
||||
sock.sendall(b"acme")
|
||||
data = sock.recv(512)
|
||||
if data != b"ok" :
|
||||
raise Exception("can't acme")
|
||||
sock.sendall(b"unlock")
|
||||
data = sock.recv(512)
|
||||
if data != b"ok" :
|
||||
raise Exception("can't unlock")
|
||||
sock.sendall(b"close")
|
||||
except :
|
||||
sys.exit(3)
|
||||
|
|
|
@ -88,7 +88,7 @@ function M.save_file (name)
|
|||
return false
|
||||
end
|
||||
form:set_timeout(1000)
|
||||
file = io.open(name, "w")
|
||||
local file = io.open(name, "w")
|
||||
while true do
|
||||
local typ, res, err = form:read()
|
||||
if not typ then
|
||||
|
|
Loading…
Reference in New Issue