diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2018-04-17 07:05:18 +0200 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2018-04-17 07:05:18 +0200 |
commit | 551c486e3f7c5194f2b0905ba055c4b610ae5e74 (patch) | |
tree | f72addedab7828133ae946f53291e7da8ceb2128 | |
parent | b2e15909533fccca8d344f4f2678564f5398ad8a (diff) | |
download | acmeman-551c486e3f7c5194f2b0905ba055c4b610ae5e74.tar.gz acmeman-551c486e3f7c5194f2b0905ba055c4b610ae5e74.tar.bz2 |
New statement domain.*.postrenew; core.restart renamed to core.postrenew
-rwxr-xr-x | acmeman | 45 | ||||
-rw-r--r-- | lib/App/Acmeman/Domain.pm | 7 | ||||
-rw-r--r-- | lib/App/Acmeman/Source/Apache.pm | 2 |
3 files changed, 43 insertions, 11 deletions
@@ -200,12 +200,12 @@ certificate that expires within 24 hours. The command line option B<--time-delta> overrides this setting. -=item B<restart=>I<COMMAND> +=item B<postrenew=>I<COMMAND> Defines the command to be run at the end of the run if at least one certificate has been updated. Normally this command reloads the httpd server (or whatever server is using the certificates). If more than one -B<restart> statements are defined, they will be run in sequenct in the +B<postrenew> statements are defined, they will be run in sequence, in the same order as they appeared in the configuration file. =item B<source=>I<ID> [I<LAYOUT>] @@ -280,6 +280,11 @@ are allowed. Size of the RSA key to use, in bits. If not set, the B<core.key-size> setting is used. + +=item B<postrenew=>I<CMD> + +Run I<CMD> after successful update. If not given, the B<core.postrenew> +commands will be run. =back @@ -940,12 +945,13 @@ sub collect { next; } } - + if (exists($v->{files})) { if (my $fref = $config->get('files', $v->{files})) { $dom = new App::Acmeman::Domain( cn => $k, alt => $v->{alt}, + postrenew => $v->{postrenew}, %{$fref}); } else { error("files.$v->{files} is referenced from [domain $k], but never declared"); @@ -956,6 +962,7 @@ sub collect { $dom = new App::Acmeman::Domain( cn => $k, alt => $v->{alt}, + postrenew => $v->{postrenew}, %{$config->get('files', $config->get(qw(core files)))}); } push @$aref, $dom; @@ -1012,7 +1019,7 @@ sub cb_parse_bool { my %syntax = ( core => { section => { - restart => { array => 1 }, + postrenew => { array => 1 }, rootdir => { default => '/var/www/acme' }, files => 1, 'time-delta' => { default => 86400 }, @@ -1031,7 +1038,7 @@ my %syntax = ( 'certificate-file' => { mandatory => 1 }, 'key-file' => 1, 'ca-file' => 1, - argument => 1 + argument => 1, } } } @@ -1042,7 +1049,8 @@ my %syntax = ( section => { alt => { array => 1 }, files => 1, - 'key-size' => { re => '^\d+$' } + 'key-size' => { re => '^\d+$' }, + postrenew => 0 } } } @@ -1170,17 +1178,34 @@ my $renewed = 0; foreach my $vhost (@domlist) { next unless selected_domain($vhost); if ($force || domain_cert_expires($vhost)) { - $renewed += register_domain_certificate($vhost); + if (register_domain_certificate($vhost)) { + if (my $cmd = $vhost->postrenew) { + debug(1, "running $cmd"); + unless ($dry_run) { + system($cmd); + if ($? == -1) { + error("$cmd: failed to execute: $!"); + } elsif ($? & 127) { + error("$cmd: died on signal ".($? & 127)); + } elsif (my $code = ($? >> 8)) { + error("$cmd: exited with code $code"); + } + } + } else { + $renewed++; + } + } } } + if ($renewed) { - if ($config->isset(qw(core restart))) { - foreach my $cmd ($config->get(qw(core restart))) { + if ($config->isset(qw(core postrenew))) { + foreach my $cmd ($config->get(qw(core postrenew))) { debug(1, "running $cmd"); system($cmd) unless $dry_run; } } else { - error("certificates changed, but no restart command is defined (core.restart)"); + error("certificates changed, but no postrenew command is defined (core.postrenew)"); } } diff --git a/lib/App/Acmeman/Domain.pm b/lib/App/Acmeman/Domain.pm index 203e63c..46c3f1d 100644 --- a/lib/App/Acmeman/Domain.pm +++ b/lib/App/Acmeman/Domain.pm @@ -65,6 +65,8 @@ sub new { $v =~ s{\$}{\\\$}; $self->{_argument} = qr($v); + $self->{_postrenew} = delete $args{'postrenew'}; + croak "unrecognized arguments" if keys %args; return $self; } @@ -137,5 +139,10 @@ sub certificate_file { return $self->file(CERT_FILE); } +sub postrenew { + my $self = shift; + return $self->{_postrenew} +} + 1; diff --git a/lib/App/Acmeman/Source/Apache.pm b/lib/App/Acmeman/Source/Apache.pm index 047f9f9..1e75044 100644 --- a/lib/App/Acmeman/Source/Apache.pm +++ b/lib/App/Acmeman/Source/Apache.pm @@ -25,7 +25,7 @@ sub debug { sub configure { my ($self, $config) = @_; - $config->set(qw(core restart), $self->restart_command); + $config->set(qw(core postrenew), $self->restart_command); $self->{_cfg} = $config; return $self->examine_http_config($self->config_file); } |