fix lock file issue

9af0fca2 · Alain Takoudjou · 30f9b711 · 9af0fca2 · 9af0fca2 · 9af0fca2
Commit 9af0fca2 authored Jul 11, 2023 by Alain Takoudjou
5 changed files
--- a/software/autocert/buildout.hash.cfg
+++ b/software/autocert/buildout.hash.cfg
@@ -15,16 +15,12 @@

 [template-instance]
 filename = instance.cfg.in
-md5sum = abcb4312498177b0577202c0094efcba
+md5sum = 9f90a93264649539688aba42de8f3fb8

 [template-autocert]
 filename = instance-autocert.cfg.jinja2.in
-md5sum = a6dc701b75ffb888bf8648ea7dca33e2
+md5sum = ba9e0c4b19c7fbad31fa3b78e166b6f3

 [template-dehydrated-config]
 filename = config.in
 md5sum = a12b0e12658a48658e366f3ed7c2e48e
-
-[template-sign-certificate.sh]
-filename = sign-certificate.sh.in
-md5sum = 2d655b0f0d2d46557d329038db3240f7
--- a/software/autocert/instance-autocert.cfg.jinja2.in
+++ b/software/autocert/instance-autocert.cfg.jinja2.in
@@ -53,27 +53,30 @@ context =
 [dehydrated-register]
 recipe = slapos.cookbook:wrapper
 command-line =
-  {{ parameter_dict['dehydrated-location'] }}/dehydrated
-  --config ${dehydrated-config:output}
+  ${dehydrated-wrapper:wrapper-path}
  --register --accept-terms
 wrapper-path = ${directory:scripts}/dehydrated-register

+[cron-entry-dehydrated]
+<= cron
+recipe = slapos.cookbook:cron.d
+name = dehydrated-renew
+frequency = 0 0 * * 0
+command = {{ linux_util_location }}/bin/flock ${directory:dehydrated}/lock ${dehydrated-wrapper:wrapper-path} --cron --keep-going --no-lock
+
+[dehydrated-signcert]
+<= base-wrapper
+command-line = ${cron-entry-dehydrated:command}
+wrapper-path = ${directory:scripts}/dehydrated-signcert
+depends =
+  ${dehydrated-domains.txt:recipe}
+
 [dehydrated-wrapper]
 <= base-wrapper
 command-line =
  {{ parameter_dict['dehydrated-location'] }}/dehydrated
  --config ${dehydrated-config:output}
-  --cron
 wrapper-path = ${directory:bin}/dehydrated
-depends =
-  ${dehydrated-domains.txt:recipe}
-
-[cron-entry-dehydrated]
-<= cron
-recipe = slapos.cookbook:cron.d
-name = dehydrated-renew
-frequency = 0 0 * * 0
-command = ${dehydrated-wrapper:wrapper-path} --keep-going

 [caucase-updater]
 recipe = slapos.cookbook:wrapper
@@ -117,8 +120,6 @@ command-line =
     ${directory:kedifa}/{{ domain }}.sh
     ${directory:dehydrated}/certs/{{ domain }}/privkey.pem
     ${directory:dehydrated}/certs/{{ domain }}/fullchain.pem
-wait-for-files =
-  ${directory:dehydrated}/certs/{{ domain }}/fullchain.pem
 wrapper-path = ${directory:bin}/kedifa-upload-{{ domain.replace('\.', '-') }}
 depends =
  {{ "${kedifa-generate-auth-" ~ domain ~ ":recipe}" }}
@@ -131,12 +132,6 @@ name = upload-{{ domain }}
 frequency = 0 0 * * 0
 command = {{ "${kedifa-upload-" ~ domain ~ ":wrapper-path}" }}

-[dehydrated-sign-{{ domain }}]
-<= base-wrapper
-command-line =
-  {{ parameter_dict['kedifa-location'] }}
-wrapper-path = ${directory:scripts}/kedifa-genauth-{{ domain.replace('\.', '-') }}
-
 [promise-{{ domain }}]
 recipe = slapos.recipe.template:jinja2
 inline =
@@ -169,16 +164,6 @@ mode = 755
 {% do part_list.append("cron-entry-" ~ domain) -%}
 {% endfor %}

-[dehydrated-signcert]
-recipe = slapos.recipe.template:jinja2
-url = {{ parameter_dict['template-signcert'] }}
-output = ${directory:scripts}/dehydrated-signcert
-domain-list = {{ dumps(domain_list) }}
-context =
-  key base_directory directory:dehydrated
-  key dehydrated_wrapper dehydrated-wrapper:wrapper-path
-  key domain_list :domain-list
-
 [dehydrated-domains.txt]
 recipe = slapos.recipe.template
 inline =
@@ -228,7 +213,6 @@ parts =
  httpd-url-promise
  dehydrated-register
  dehydrated-signcert
-  cron-entry-dehydrated

 # Complete parts with sections
  {{ part_list | join('\n  ') }}

--- a/software/autocert/instance.cfg.in
+++ b/software/autocert/instance.cfg.in
@@ -35,6 +35,7 @@ context =
  raw bash_bin {{ bash_location }}/bin/bash
  raw curl_location {{ curl_location }}
  raw openssl_location {{ openssl_location }}
+  raw linux_util_location {{ linux_util_location }}
  raw openssl_bin {{ openssl_location }}/bin/openssl
  raw template_monitor {{ template_monitor_cfg }}
  ${:extra-context}
@@ -44,7 +45,6 @@ context =
 dehydrated-location = {{ dehydrated_location }}
 kedifa-location = {{ kedifa_location }}
 template-config = {{ template_dehydrated_config }}
-template-signcert = {{ template_signcert }}

 [dynamic-template-autocert]
 <= jinja2-template-base

--- a/software/autocert/sign-certificate.sh.in
+++ b/software/autocert/sign-certificate.sh.in
-#!/bin/sh
-
-# Sign a single certificate if not exists yet
-BASE_DIR={{ base_directory }}
-
-sign_cert() {
-  BASE_DOMAIN=$1
-  DOMAINS=$2
-  if [ -s "$BASE_DIR/certs/$BASE_DOMAIN/fullchain.pem" ]; then
-    exit 0;
-  fi
-  {{ dehydrated_wrapper }} --domain $DOMAINS --lock-suffix $BASE_DOMAIN
-}
-
-{% for domain_string in domain_list -%}
-sign_cert {{ domain_string.split(' ')[0] }} "{{ domain_string }}"
-{% endfor -%}
--- a/software/autocert/software.cfg
+++ b/software/autocert/software.cfg
@@ -3,6 +3,7 @@ extends =
  ../../component/bash/buildout.cfg
  ../../component/openssl/buildout.cfg
  ../../component/curl/buildout.cfg
+  ../../component/util-linux/buildout.cfg
  ../../stack/slapos.cfg
  ../../stack/monitor/buildout.cfg
  ./buildout.hash.cfg
@@ -60,9 +61,9 @@ context =
    key dehydrated_location dehydrated:location
    key kedifa_location kedifa:location
    key openssl_location openssl:location
+    key linux_util_location util-linux:location
    key template_monitor_cfg monitor2-template:output
    key template_autocert template-autocert:target
-    key template_signcert template-sign-certificate.sh:target
    key template_dehydrated_config template-dehydrated-config:target

 [template-autocert]
@@ -72,9 +73,6 @@ output = ${buildout:directory}/instance-autocert.cfg.jinja2
 [template-dehydrated-config]
 <= download-template

-[template-sign-certificate.sh]
-<= download-template
-
 [versions]
 caucase = 0.9.15
 kedifa = 0.0.6