aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@gnu.org.ua>2018-04-17 07:05:18 +0200
committerSergey Poznyakoff <gray@gnu.org.ua>2018-04-17 07:05:18 +0200
commit551c486e3f7c5194f2b0905ba055c4b610ae5e74 (patch)
treef72addedab7828133ae946f53291e7da8ceb2128
parentb2e15909533fccca8d344f4f2678564f5398ad8a (diff)
downloadacmeman-551c486e3f7c5194f2b0905ba055c4b610ae5e74.tar.gz
acmeman-551c486e3f7c5194f2b0905ba055c4b610ae5e74.tar.bz2
New statement domain.*.postrenew; core.restart renamed to core.postrenew
-rwxr-xr-xacmeman45
-rw-r--r--lib/App/Acmeman/Domain.pm7
-rw-r--r--lib/App/Acmeman/Source/Apache.pm2
3 files changed, 43 insertions, 11 deletions
diff --git a/acmeman b/acmeman
index 5ad3b29..e2d3214 100755
--- a/acmeman
+++ b/acmeman
@@ -200,12 +200,12 @@ certificate that expires within 24 hours.
The command line option B<--time-delta> overrides this setting.
-=item B<restart=>I<COMMAND>
+=item B<postrenew=>I<COMMAND>
Defines the command to be run at the end of the run if at least one
certificate has been updated. Normally this command reloads the httpd
server (or whatever server is using the certificates). If more than one
-B<restart> statements are defined, they will be run in sequenct in the
+B<postrenew> statements are defined, they will be run in sequence, in the
same order as they appeared in the configuration file.
=item B<source=>I<ID> [I<LAYOUT>]
@@ -280,6 +280,11 @@ are allowed.
Size of the RSA key to use, in bits. If not set, the B<core.key-size>
setting is used.
+
+=item B<postrenew=>I<CMD>
+
+Run I<CMD> after successful update. If not given, the B<core.postrenew>
+commands will be run.
=back
@@ -940,12 +945,13 @@ sub collect {
next;
}
}
-
+
if (exists($v->{files})) {
if (my $fref = $config->get('files', $v->{files})) {
$dom = new App::Acmeman::Domain(
cn => $k,
alt => $v->{alt},
+ postrenew => $v->{postrenew},
%{$fref});
} else {
error("files.$v->{files} is referenced from [domain $k], but never declared");
@@ -956,6 +962,7 @@ sub collect {
$dom = new App::Acmeman::Domain(
cn => $k,
alt => $v->{alt},
+ postrenew => $v->{postrenew},
%{$config->get('files', $config->get(qw(core files)))});
}
push @$aref, $dom;
@@ -1012,7 +1019,7 @@ sub cb_parse_bool {
my %syntax = (
core => {
section => {
- restart => { array => 1 },
+ postrenew => { array => 1 },
rootdir => { default => '/var/www/acme' },
files => 1,
'time-delta' => { default => 86400 },
@@ -1031,7 +1038,7 @@ my %syntax = (
'certificate-file' => { mandatory => 1 },
'key-file' => 1,
'ca-file' => 1,
- argument => 1
+ argument => 1,
}
}
}
@@ -1042,7 +1049,8 @@ my %syntax = (
section => {
alt => { array => 1 },
files => 1,
- 'key-size' => { re => '^\d+$' }
+ 'key-size' => { re => '^\d+$' },
+ postrenew => 0
}
}
}
@@ -1170,17 +1178,34 @@ my $renewed = 0;
foreach my $vhost (@domlist) {
next unless selected_domain($vhost);
if ($force || domain_cert_expires($vhost)) {
- $renewed += register_domain_certificate($vhost);
+ if (register_domain_certificate($vhost)) {
+ if (my $cmd = $vhost->postrenew) {
+ debug(1, "running $cmd");
+ unless ($dry_run) {
+ system($cmd);
+ if ($? == -1) {
+ error("$cmd: failed to execute: $!");
+ } elsif ($? & 127) {
+ error("$cmd: died on signal ".($? & 127));
+ } elsif (my $code = ($? >> 8)) {
+ error("$cmd: exited with code $code");
+ }
+ }
+ } else {
+ $renewed++;
+ }
+ }
}
}
+
if ($renewed) {
- if ($config->isset(qw(core restart))) {
- foreach my $cmd ($config->get(qw(core restart))) {
+ if ($config->isset(qw(core postrenew))) {
+ foreach my $cmd ($config->get(qw(core postrenew))) {
debug(1, "running $cmd");
system($cmd) unless $dry_run;
}
} else {
- error("certificates changed, but no restart command is defined (core.restart)");
+ error("certificates changed, but no postrenew command is defined (core.postrenew)");
}
}
diff --git a/lib/App/Acmeman/Domain.pm b/lib/App/Acmeman/Domain.pm
index 203e63c..46c3f1d 100644
--- a/lib/App/Acmeman/Domain.pm
+++ b/lib/App/Acmeman/Domain.pm
@@ -65,6 +65,8 @@ sub new {
$v =~ s{\$}{\\\$};
$self->{_argument} = qr($v);
+ $self->{_postrenew} = delete $args{'postrenew'};
+
croak "unrecognized arguments" if keys %args;
return $self;
}
@@ -137,5 +139,10 @@ sub certificate_file {
return $self->file(CERT_FILE);
}
+sub postrenew {
+ my $self = shift;
+ return $self->{_postrenew}
+}
+
1;
diff --git a/lib/App/Acmeman/Source/Apache.pm b/lib/App/Acmeman/Source/Apache.pm
index 047f9f9..1e75044 100644
--- a/lib/App/Acmeman/Source/Apache.pm
+++ b/lib/App/Acmeman/Source/Apache.pm
@@ -25,7 +25,7 @@ sub debug {
sub configure {
my ($self, $config) = @_;
- $config->set(qw(core restart), $self->restart_command);
+ $config->set(qw(core postrenew), $self->restart_command);
$self->{_cfg} = $config;
return $self->examine_http_config($self->config_file);
}

Return to:

Send suggestions and report system problems to the System administrator.