New configuration for commands/handlers to run after updates
* The new configuration includes specific commands per file, as well as handlers that can be triggered by updates but will only ever run once. * For now, commands from the pre_commands section are executed, the rest is ignored
This commit is contained in:
parent
7eb865e306
commit
3e088d4af7
3 changed files with 45 additions and 18 deletions
|
@ -206,12 +206,12 @@ func (b *tCertificateBuilder) RunCommandsIfChanged() error {
|
||||||
log.Debug("Not running commands")
|
log.Debug("Not running commands")
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
for i := range b.config.AfterUpdate {
|
for i := range b.config.AfterUpdate.PreCommands {
|
||||||
err := b.RunCommand(i)
|
err := b.RunCommand(i)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf(
|
return fmt.Errorf(
|
||||||
"Failed while executing command '%s': %w",
|
"Failed while executing command '%s': %w",
|
||||||
b.config.AfterUpdate[i],
|
b.config.AfterUpdate.PreCommands[i],
|
||||||
err,
|
err,
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
@ -224,9 +224,9 @@ func (b *tCertificateBuilder) RunCommand(pos int) error {
|
||||||
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
|
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
|
||||||
defer cancel()
|
defer cancel()
|
||||||
|
|
||||||
log := b.logger.WithField("command", b.config.AfterUpdate[pos])
|
log := b.logger.WithField("command", b.config.AfterUpdate.PreCommands[pos])
|
||||||
log.Debug("Executing command")
|
log.Debug("Executing command")
|
||||||
cmd := exec.CommandContext(ctx, "sh", "-c", b.config.AfterUpdate[pos])
|
cmd := exec.CommandContext(ctx, "sh", "-c", b.config.AfterUpdate.PreCommands[pos])
|
||||||
output, err := cmd.CombinedOutput()
|
output, err := cmd.CombinedOutput()
|
||||||
if len(output) != 0 {
|
if len(output) != 0 {
|
||||||
if utf8.Valid(output) {
|
if utf8.Valid(output) {
|
||||||
|
|
32
config.go
32
config.go
|
@ -59,19 +59,29 @@ type (
|
||||||
Servers []tLdapServerConfig `yaml:"servers"`
|
Servers []tLdapServerConfig `yaml:"servers"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Handlers. Each handler has a name and contains a list of commands.
|
||||||
|
tHandlers map[string][]string
|
||||||
|
|
||||||
|
// Certificate file updates configuration.
|
||||||
|
tCertFileUpdateConfig struct {
|
||||||
|
PreCommands []string `yaml:"pre_commands"`
|
||||||
|
Handlers tHandlers `yaml:"handlers"`
|
||||||
|
PostCommands []string `yaml:"post_commands"`
|
||||||
|
}
|
||||||
|
|
||||||
// Certificate file configuration.
|
// Certificate file configuration.
|
||||||
tCertificateFileConfig struct {
|
tCertificateFileConfig struct {
|
||||||
Path string `yaml:"path"`
|
Path string `yaml:"path"`
|
||||||
Mode os.FileMode `yaml:"mode"`
|
Mode os.FileMode `yaml:"mode"`
|
||||||
Owner string `yaml:"owner"`
|
Owner string `yaml:"owner"`
|
||||||
Group string `yaml:"group"`
|
Group string `yaml:"group"`
|
||||||
PrependFiles []string `yaml:"prepend_files"`
|
PrependFiles []string `yaml:"prepend_files"`
|
||||||
Certificate string `yaml:"certificate"`
|
Certificate string `yaml:"certificate"`
|
||||||
CACertificates []string `yaml:"ca"`
|
CACertificates []string `yaml:"ca"`
|
||||||
CAChainOf string `yaml:"ca_chain_of"`
|
CAChainOf string `yaml:"ca_chain_of"`
|
||||||
Reverse bool `yaml:"reverse"`
|
Reverse bool `yaml:"reverse"`
|
||||||
AppendFiles []string `yaml:"append_files"`
|
AppendFiles []string `yaml:"append_files"`
|
||||||
AfterUpdate []string `yaml:"after_update"`
|
AfterUpdate tCertFileUpdateConfig `yaml:"after_update"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// Main configuration.
|
// Main configuration.
|
||||||
|
|
|
@ -53,6 +53,15 @@ ldap:
|
||||||
- host: ldap1.example.org
|
- host: ldap1.example.org
|
||||||
- host: ldap2.example.org
|
- host: ldap2.example.org
|
||||||
|
|
||||||
|
# Handlers. Certificate updates can specify that a handler must be executed
|
||||||
|
# if the PEM file is replaced. A handler will only be executed once for all
|
||||||
|
# triggered updates. Each handler is a list of commands. When a handler runs,
|
||||||
|
# the first command that fails will stop the execution.
|
||||||
|
handlers:
|
||||||
|
apache:
|
||||||
|
- /usr/sbin/apache2ctl configtest
|
||||||
|
- /usr/sbin/apache2ctl graceful
|
||||||
|
|
||||||
# Certificates that must be updated
|
# Certificates that must be updated
|
||||||
certificates:
|
certificates:
|
||||||
|
|
||||||
|
@ -89,7 +98,15 @@ certificates:
|
||||||
# A list of files to append to the output.
|
# A list of files to append to the output.
|
||||||
append_files:
|
append_files:
|
||||||
- /some/other/file.pem
|
- /some/other/file.pem
|
||||||
# A list of commands that will be executed when the file is replaced.
|
# Define what must be done after an update.
|
||||||
# If one of the commands fails, execution will stop.
|
|
||||||
after_update:
|
after_update:
|
||||||
- apache2ctl graceful
|
# Commands to execute before handlers are run. The order of the commands
|
||||||
|
# is respected. If a command fails to run, execution stops.
|
||||||
|
pre_commands: []
|
||||||
|
# Handlers to trigger. Handlers will still be executed if a pre-command
|
||||||
|
# had failed but they were triggered by more than one update. Execution
|
||||||
|
# order is arbitrary.
|
||||||
|
handlers:
|
||||||
|
- apache
|
||||||
|
# Commands to execute after handlers are run.
|
||||||
|
post_commands: []
|
||||||
|
|
Loading…
Reference in a new issue