Fix letsencrypt permission error and optimize the ownership commands in scheduler
This commit is contained in:
parent
8304116fdd
commit
c5d3e77c17
|
@ -1,8 +1,9 @@
|
|||
#!/usr/bin/python3
|
||||
|
||||
from io import BytesIO
|
||||
from os import chmod, chown, getenv, walk
|
||||
from os import chmod, getenv, walk
|
||||
from os.path import exists, join
|
||||
from shutil import chown
|
||||
from subprocess import run, DEVNULL, STDOUT
|
||||
from sys import exit as sys_exit, path as sys_path
|
||||
from tarfile import open as tar_open
|
||||
|
@ -44,6 +45,13 @@ try:
|
|||
if bw_integration in ("Docker", "Swarm", "Kubernetes", "Autoconf"):
|
||||
# Create tarball of /data/cache/letsencrypt
|
||||
tgz = BytesIO()
|
||||
|
||||
# Fix permissions for the certificates
|
||||
for root, dirs, files in walk("/data/cache/letsencrypt", topdown=False):
|
||||
for name in files + dirs:
|
||||
chown(join(root, name), "root", 101)
|
||||
chmod(join(root, name), 0o770)
|
||||
|
||||
with tar_open(mode="w:gz", fileobj=tgz) as tf:
|
||||
tf.add("/data/cache/letsencrypt", arcname=".")
|
||||
tgz.seek(0, 0)
|
||||
|
@ -54,12 +62,6 @@ try:
|
|||
host = instance["server_name"]
|
||||
api = API(endpoint, host=host)
|
||||
|
||||
# Fix permissions for the certificates
|
||||
for root, dirs, files in walk("/lets-encrypt/certificates", topdown=False):
|
||||
for name in files + dirs:
|
||||
chown(join(root, name), 101, 101)
|
||||
chmod(join(root, name), 0o770)
|
||||
|
||||
sent, err, status, resp = api.request(
|
||||
"POST", "/lets-encrypt/certificates", files=files
|
||||
)
|
||||
|
|
|
@ -57,6 +57,10 @@ RUN apk add --no-cache bash libgcc libstdc++ openssl && \
|
|||
mkdir /etc/nginx && \
|
||||
chown -R scheduler:scheduler /etc/nginx && \
|
||||
chmod -R 770 /etc/nginx && \
|
||||
mkdir /var/log/letsencrypt /var/lib/letsencrypt && \
|
||||
chown root:scheduler /var/log/letsencrypt /var/lib/letsencrypt && \
|
||||
chmod 770 /var/log/letsencrypt /var/lib/letsencrypt && \
|
||||
ln -s /proc/1/fd/1 /var/log/letsencrypt/letsencrypt.log && \
|
||||
chmod 660 /usr/share/bunkerweb/INTEGRATION
|
||||
|
||||
# Fix CVEs
|
||||
|
|
|
@ -6,7 +6,6 @@ from glob import glob
|
|||
from os import (
|
||||
_exit,
|
||||
chmod,
|
||||
chown,
|
||||
getenv,
|
||||
getpid,
|
||||
listdir,
|
||||
|
@ -17,7 +16,7 @@ from os import (
|
|||
walk,
|
||||
)
|
||||
from os.path import dirname, exists, isdir, isfile, islink, join
|
||||
from shutil import copy, rmtree
|
||||
from shutil import chown, copy, rmtree
|
||||
from signal import SIGINT, SIGTERM, signal, SIGHUP
|
||||
from subprocess import run as subprocess_run, DEVNULL, STDOUT
|
||||
from sys import path as sys_path
|
||||
|
@ -55,12 +54,6 @@ signal(SIGINT, handle_stop)
|
|||
signal(SIGTERM, handle_stop)
|
||||
|
||||
|
||||
def imerge(a, b):
|
||||
for i, j in zip(a, b):
|
||||
yield i
|
||||
yield j
|
||||
|
||||
|
||||
# Function to catch SIGHUP and reload the scheduler
|
||||
def handle_reload(signum, frame):
|
||||
global reloading, run, scheduler
|
||||
|
@ -111,12 +104,8 @@ def generate_custom_configs(
|
|||
# Fix permissions for the custom configs folder
|
||||
for root, dirs, files in walk("/data/configs", topdown=False):
|
||||
for name in files + dirs:
|
||||
chown(join(root, name), 101, 101)
|
||||
|
||||
if isdir(join(root, name)):
|
||||
chmod(join(root, name), 0o750)
|
||||
if isfile(join(root, name)):
|
||||
chmod(join(root, name), 0o740)
|
||||
chown(join(root, name), "root", 101)
|
||||
chmod(join(root, name), 0o770)
|
||||
|
||||
if integration != "Linux":
|
||||
logger.info("Sending custom configs to BunkerWeb")
|
||||
|
@ -340,7 +329,7 @@ if __name__ == "__main__":
|
|||
# Fix permissions for the nginx folder
|
||||
for root, dirs, files in walk("/etc/nginx", topdown=False):
|
||||
for name in files + dirs:
|
||||
chown(join(root, name), 101, 101)
|
||||
chown(join(root, name), "root", 101)
|
||||
chmod(join(root, name), 0o770)
|
||||
|
||||
copy("/etc/nginx/variables.env", "/var/tmp/bunkerweb/variables.env")
|
||||
|
@ -354,17 +343,11 @@ if __name__ == "__main__":
|
|||
"Sending nginx configs failed, configuration will not work as expected...",
|
||||
)
|
||||
|
||||
# Fix permissions for the cache and the custom configs folders
|
||||
for root, dirs, files in imerge(
|
||||
walk("/data/cache", topdown=False), walk("/data/configs", topdown=False)
|
||||
):
|
||||
# Fix permissions for the cache folders
|
||||
for root, dirs, files in walk("/data/cache", topdown=False):
|
||||
for name in files + dirs:
|
||||
chown(join(root, name), 101, 101)
|
||||
|
||||
if isdir(join(root, name)):
|
||||
chmod(join(root, name), 0o750)
|
||||
if isfile(join(root, name)):
|
||||
chmod(join(root, name), 0o740)
|
||||
chown(join(root, name), "root", 101)
|
||||
chmod(join(root, name), 0o770)
|
||||
|
||||
try:
|
||||
if len(api_caller._get_apis()) > 0:
|
||||
|
|
Loading…
Reference in New Issue