Esempio n. 1
0
def main(cli_args=sys.argv[1:]):
    """Main function for autorenewer script."""
    # TODO: Distinguish automated invocation from manual invocation,
    #       perhaps by looking at sys.argv[0] and inhibiting automated
    #       invocations if /etc/letsencrypt/renewal.conf defaults have
    #       turned it off. (The boolean parameter should probably be
    #       called renewer_enabled.)

    # TODO: When we have a more elaborate renewer command line, we will
    #       presumably also be able to specify a config file on the
    #       command line, which, if provided, should take precedence over
    #       te default config files

    zope.component.provideUtility(display_util.FileDisplay(sys.stdout))

    args = _create_parser().parse_args(cli_args)

    uid = os.geteuid()
    le_util.make_or_verify_dir(args.logs_dir, 0o700, uid)
    cli.setup_logging(args, _cli_log_handler, logfile='renewer.log')

    cli_config = configuration.RenewerConfiguration(args)

    # Ensure that all of the needed folders have been created before continuing
    le_util.make_or_verify_dir(cli_config.work_dir,
                               constants.CONFIG_DIRS_MODE, uid)

    for renewal_file in os.listdir(cli_config.renewal_configs_dir):
        print "Processing", renewal_file
        try:
            # TODO: Before trying to initialize the RenewableCert object,
            #       we could check here whether the combination of the config
            #       and the rc_config together disables all autorenewal and
            #       autodeployment applicable to this cert.  In that case, we
            #       can simply continue and don't need to instantiate a
            #       RenewableCert object for this cert at all, which could
            #       dramatically improve performance for large deployments
            #       where autorenewal is widely turned off.
            cert = storage.RenewableCert(renewal_file, cli_config)
        except errors.CertStorageError:
            # This indicates an invalid renewal configuration file, such
            # as one missing a required parameter (in the future, perhaps
            # also one that is internally inconsistent or is missing a
            # required parameter).  As a TODO, maybe we should warn the
            # user about the existence of an invalid or corrupt renewal
            # config rather than simply ignoring it.
            continue
        if cert.should_autorenew():
            # Note: not cert.current_version() because the basis for
            # the renewal is the latest version, even if it hasn't been
            # deployed yet!
            old_version = cert.latest_common_version()
            renew(cert, old_version)
            notify.notify("Autorenewed a cert!!!", "root", "It worked!")
            # TODO: explain what happened
        if cert.should_autodeploy():
            cert.update_all_links_to(cert.latest_common_version())
            # TODO: restart web server (invoke IInstaller.restart() method)
            notify.notify("Autodeployed a cert!!!", "root", "It worked!")
Esempio n. 2
0
def main(cli_args=sys.argv[1:]):
    """Main function for autorenewer script."""
    # TODO: Distinguish automated invocation from manual invocation,
    #       perhaps by looking at sys.argv[0] and inhibiting automated
    #       invocations if /etc/letsencrypt/renewal.conf defaults have
    #       turned it off. (The boolean parameter should probably be
    #       called renewer_enabled.)

    # TODO: When we have a more elaborate renewer command line, we will
    #       presumably also be able to specify a config file on the
    #       command line, which, if provided, should take precedence over
    #       te default config files

    zope.component.provideUtility(display_util.FileDisplay(sys.stdout))

    args = _create_parser().parse_args(cli_args)

    uid = os.geteuid()
    le_util.make_or_verify_dir(args.logs_dir, 0o700, uid)
    cli.setup_logging(args, _cli_log_handler, logfile='renewer.log')

    cli_config = configuration.RenewerConfiguration(args)

    # Ensure that all of the needed folders have been created before continuing
    le_util.make_or_verify_dir(cli_config.work_dir,
                               constants.CONFIG_DIRS_MODE, uid)

    for renewal_file in os.listdir(cli_config.renewal_configs_dir):
        print "Processing", renewal_file
        try:
            # TODO: Before trying to initialize the RenewableCert object,
            #       we could check here whether the combination of the config
            #       and the rc_config together disables all autorenewal and
            #       autodeployment applicable to this cert.  In that case, we
            #       can simply continue and don't need to instantiate a
            #       RenewableCert object for this cert at all, which could
            #       dramatically improve performance for large deployments
            #       where autorenewal is widely turned off.
            cert = storage.RenewableCert(renewal_file, cli_config)
        except errors.CertStorageError:
            # This indicates an invalid renewal configuration file, such
            # as one missing a required parameter (in the future, perhaps
            # also one that is internally inconsistent or is missing a
            # required parameter).  As a TODO, maybe we should warn the
            # user about the existence of an invalid or corrupt renewal
            # config rather than simply ignoring it.
            continue
        if cert.should_autorenew():
            # Note: not cert.current_version() because the basis for
            # the renewal is the latest version, even if it hasn't been
            # deployed yet!
            old_version = cert.latest_common_version()
            renew(cert, old_version)
            notify.notify("Autorenewed a cert!!!", "root", "It worked!")
            # TODO: explain what happened
        if cert.should_autodeploy():
            cert.update_all_links_to(cert.latest_common_version())
            # TODO: restart web server (invoke IInstaller.restart() method)
            notify.notify("Autodeployed a cert!!!", "root", "It worked!")
def main(config=None):
    """Main function for autorenewer script."""
    # TODO: Distinguish automated invocation from manual invocation,
    #       perhaps by looking at sys.argv[0] and inhibiting automated
    #       invocations if /etc/letsencrypt/renewal.conf defaults have
    #       turned it off. (The boolean parameter should probably be
    #       called renewer_enabled.)

    config = storage.config_with_defaults(config)
    # Now attempt to read the renewer config file and augment or replace
    # the renewer defaults with any options contained in that file.  If
    # renewer_config_file is undefined or if the file is nonexistent or
    # empty, this .merge() will have no effect.  TODO: when we have a more
    # elaborate renewer command line, we will presumably also be able to
    # specify a config file on the command line, which, if provided, should
    # take precedence over this one.
    config.merge(configobj.ConfigObj(config.get("renewer_config_file", "")))

    for i in os.listdir(config["renewal_configs_dir"]):
        print "Processing", i
        if not i.endswith(".conf"):
            continue
        rc_config = configobj.ConfigObj(
            os.path.join(config["renewal_configs_dir"], i))
        try:
            # TODO: Before trying to initialize the RenewableCert object,
            #       we could check here whether the combination of the config
            #       and the rc_config together disables all autorenewal and
            #       autodeployment applicable to this cert.  In that case, we
            #       can simply continue and don't need to instantiate a
            #       RenewableCert object for this cert at all, which could
            #       dramatically improve performance for large deployments
            #       where autorenewal is widely turned off.
            cert = storage.RenewableCert(rc_config)
        except ValueError:
            # This indicates an invalid renewal configuration file, such
            # as one missing a required parameter (in the future, perhaps
            # also one that is internally inconsistent or is missing a
            # required parameter).  As a TODO, maybe we should warn the
            # user about the existence of an invalid or corrupt renewal
            # config rather than simply ignoring it.
            continue
        if cert.should_autodeploy():
            cert.update_all_links_to(cert.latest_common_version())
            # TODO: restart web server (invoke IInstaller.restart() method)
            notify.notify("Autodeployed a cert!!!", "root", "It worked!")
            # TODO: explain what happened
        if cert.should_autorenew():
            # Note: not cert.current_version() because the basis for
            # the renewal is the latest version, even if it hasn't been
            # deployed yet!
            old_version = cert.latest_common_version()
            renew(cert, old_version)
            notify.notify("Autorenewed a cert!!!", "root", "It worked!")
 def test_smtp_success(self, mock_lmtp):
     from letsencrypt.notify import notify
     lmtp_obj = mock.MagicMock()
     mock_lmtp.return_value = lmtp_obj
     self.assertTrue(notify("Goose", "*****@*****.**",
                            "The old grey goose is dead."))
     self.assertEqual(lmtp_obj.connect.call_count, 1)
     self.assertEqual(lmtp_obj.sendmail.call_count, 1)
 def test_smtp_success(self, mock_lmtp):
     from letsencrypt.notify import notify
     lmtp_obj = mock.MagicMock()
     mock_lmtp.return_value = lmtp_obj
     self.assertTrue(notify("Goose", "*****@*****.**",
                            "The old grey goose is dead."))
     self.assertEqual(lmtp_obj.connect.call_count, 1)
     self.assertEqual(lmtp_obj.sendmail.call_count, 1)
 def test_smtp_failure(self, mock_popen, mock_lmtp):
     from letsencrypt.notify import notify
     lmtp_obj = mock.MagicMock()
     mock_lmtp.return_value = lmtp_obj
     lmtp_obj.sendmail.side_effect = socket.error(17)
     proc = mock.MagicMock()
     mock_popen.return_value = proc
     self.assertTrue(notify("Goose", "*****@*****.**",
                            "The old grey goose is dead."))
     self.assertEqual(lmtp_obj.sendmail.call_count, 1)
     self.assertEqual(proc.communicate.call_count, 1)
 def test_smtp_failure(self, mock_popen, mock_lmtp):
     from letsencrypt.notify import notify
     lmtp_obj = mock.MagicMock()
     mock_lmtp.return_value = lmtp_obj
     lmtp_obj.sendmail.side_effect = socket.error(17)
     proc = mock.MagicMock()
     mock_popen.return_value = proc
     self.assertTrue(notify("Goose", "*****@*****.**",
                            "The old grey goose is dead."))
     self.assertEqual(lmtp_obj.sendmail.call_count, 1)
     self.assertEqual(proc.communicate.call_count, 1)
 def test_everything_fails(self, mock_popen, mock_lmtp):
     from letsencrypt.notify import notify
     lmtp_obj = mock.MagicMock()
     mock_lmtp.return_value = lmtp_obj
     lmtp_obj.sendmail.side_effect = socket.error(17)
     proc = mock.MagicMock()
     mock_popen.return_value = proc
     proc.communicate.side_effect = OSError("What we have here is a "
                                            "failure to communicate.")
     self.assertFalse(notify("Goose", "*****@*****.**",
                             "The old grey goose is dead."))
     self.assertEqual(lmtp_obj.sendmail.call_count, 1)
     self.assertEqual(proc.communicate.call_count, 1)
 def test_everything_fails(self, mock_popen, mock_lmtp):
     from letsencrypt.notify import notify
     lmtp_obj = mock.MagicMock()
     mock_lmtp.return_value = lmtp_obj
     lmtp_obj.sendmail.side_effect = socket.error(17)
     proc = mock.MagicMock()
     mock_popen.return_value = proc
     proc.communicate.side_effect = OSError("What we have here is a "
                                            "failure to communicate.")
     self.assertFalse(notify("Goose", "*****@*****.**",
                             "The old grey goose is dead."))
     self.assertEqual(lmtp_obj.sendmail.call_count, 1)
     self.assertEqual(proc.communicate.call_count, 1)