def rollover(serviceConfig, serviceState, state):
serviceState.setOpStateWaiting()
if not isReady(serviceConfig, state, ['dhparam', 'cert']):
return
serviceState.setOpStateRunning()
certNames = serviceConfig['cert']
if 'auto' == serviceConfig['dirext'] or 'auto' == serviceConfig['dirint']:
client = docker.DockerClient(base_url=serviceConfig['dockersock'])
containers = [c for c in client.containers.list() if c.attrs['Name'][1:] == serviceConfig['container']]
if len(containers) == 0:
log.error("container does not exist")
container = containers[0]
log.info("Updating traefik container: {}".format(container.attrs['Name']))
destinations = [e.replace(' ','').split('=')[1] for e in container.attrs['Args'] if e.replace(' ','').split('=')[0] == '--providers.file.directory']
if len(destinations) == 0:
log.error("traefik container misses providers.file.directory argument")
destination = destinations[0]
traefikProvidersFileDirectory = dch.dockerPathMap('/'+serviceConfig['container'], destination)[0]
#traefikProvidersFileDirectory = mount['Source'] if 'auto' == serviceConfig['dirext'] else serviceConfig['dirext'] #'./configuration'
traefikConfigFilename = os.path.join(traefikProvidersFileDirectory,'files/configuration.toml')
traefikCertDir = os.path.join(traefikProvidersFileDirectory,'certs')
traefikProvidersFileDirectoryMount = os.path.normpath(destination) if 'auto' == serviceConfig['dirint'] else serviceConfig['dirint'] # '/configuration'
traefikConfigFilenameMount = os.path.join(traefikProvidersFileDirectoryMount,'files/configuration.toml')
traefikCertDirMount = os.path.join(traefikProvidersFileDirectoryMount,'certs')
log.info(" -> Volume: {}:{}".format(traefikProvidersFileDirectory, traefikProvidersFileDirectoryMount))
tcfc = ''
for certName in certNames:
certState = state.getSubstate('cert').getSubstate(certName).result
certPath = os.path.join(traefikCertDir,certName,'cert.pem')
keyPath = os.path.join(traefikCertDir,certName,'key.pem')
certPathMount = os.path.join(traefikCertDirMount,certName,'cert.pem')
keyPathMount = os.path.join(traefikCertDirMount,certName,'key.pem')
makeDir(os.path.dirname(certPath))
copyfile(certState['fullchainfile'], certPath)
log.info(' {} -> {}'.format(certState['fullchainfile'], certPath))
copyfile(certState['keyfile'], keyPath)
log.info(' {} -> {}'.format(certState['keyfile'], keyPath))
tcfc += '[[tls.certificates]]\n certFile = "{}"\n keyFile = "{}"\n\n'.format(certPathMount, keyPathMount)
makeDir(os.path.dirname(traefikConfigFilename))
with open(traefikConfigFilename,'w') as f:
f.write(tcfc)
# traefik reloads config and certs only if a random file is written in
# traefik's config root directory specified by:
# --providers.file.directory = <config root directory>
with open(os.path.join(traefikProvidersFileDirectory,'reloadtrigger'), 'w') as f:
f.write('')
log.info(' -> Traefik reload')
serviceState.setOpStateDone()
def rollover(serviceConfig, serviceState, state):
serviceState.setOpStateWaiting()
if not isReady(serviceConfig, state, 'dkim'):
return
serviceState.setOpStateRunning()
log.info(' -> Rspamd reload')
try:
rv = check_output(('sudo', 'systemctl', 'reload', 'rspamd')) # this is now working with newer version of rspamd
except CalledProcessError as e:
log.error(e.output)
raise(e)
serviceState.setOpStateDone()
def rollover(serviceConfig, serviceState, state):
serviceState.setOpStateWaiting()
if not isReady(serviceConfig, state, ['cert', 'dhparam']):
return
serviceState.setOpStateRunning()
log.info(' -> Postfix reload')
try:
rv = check_output(('systemctl', 'start', 'postfix'))
rv = check_output(('systemctl', 'reload', 'postfix'))
except CalledProcessError as e:
log.error(e.output)
raise (e)
serviceState.setOpStateDone()
def rollover(serviceConfig, serviceState, state):
serviceState.setOpStateWaiting()
if not isReady(serviceConfig, state, 'dkim'):
return
serviceState.setOpStateRunning()
log.info(' -> Rspamd reload')
try:
rv = check_output(('systemctl', 'start', 'rspamd'))
#rv = check_output(('systemctl', 'reload', 'rspamd')) # this is not working with rspamd
#rv = check_output(('rspamadm', 'control', 'reload'))
# only restart works - bug in rspamd
rv = check_output(('systemctl', 'restart', 'rspamd'))
except CalledProcessError as e:
log.error(e.output)
raise (e)
serviceState.setOpStateDone()
def postwait(config, state):
#print(config)
subState = state.getSubstate('cdm')
if subState.isDone():
return
for cdmSecName, cdmConfig in config['cdm'].items():
cdmState = subState.getSubstate(cdmSecName)
if cdmState.isDone():
continue
if not isReady(cdmConfig, state,
['dhparam', 'cert', 'domain', 'dkim', 'service']):
#if not isReady(cdmConfig, state, ['cert']):
return
if 'postwait' in cdmConfig:
T = cdmConfig['postwait']
log.info('Wait {} s after run!'.format(T))
time.sleep(int(T))
subState.setOpStateDone()
def prepare(config, state):
subState = state.getSubstate('domain')
for domainSecName, domainConfig in config['domain'].items():
if 'DEFAULT' == domainSecName:
continue
if 'handler' not in domainConfig:
continue
domainState = subState.getSubstate(domainSecName)
if domainState.isDone():
continue
log.info(
'Create resource records for section \"{}\"'.format(domainSecName))
domainState.setOpStateWaiting()
if not isReady(domainConfig, state, ['cert', 'dkim']):
return
domainState.setOpStateRunning()
log.debug(domainConfig)
handlerNames = domainConfig['handler'].split('/')
handler = __import__('cryptdomainmgr.modules.domain.handler' +
str(handlerNames[0]),
fromlist=('cryptdomainmgr', 'modules', 'domain'))
handler.prepare(domainConfig, domainState, domainSecName, state)