[pbs-devel] [PATCH v2 backup 00/27] Implements ACME support for PBS

Wolfgang Bumiller w.bumiller at proxmox.com
Thu Apr 22 16:01:46 CEST 2021 

Version 2 of this addresses a few raised issues:

NOTE: The widget-toolkit patch from v1 is still required. I just did not
re-send it now.

* The config file format parser does not use serde anymore as we
  a) don't need it as we have a lot of ready-to-go parsing code in the
     proxmox crate that is now being reused.
  b) is harder to read and the benefits are mostly performance related,
     while more useful things such as using structs for property strings
     in the format really would instead need more formal support on the
     schema side...

* Rebased the acme client to use the new `SimpleHttp` client.
  * and ported the changes to add the user agent string to the new api

* Fixes a few issues found by Dominic:
  * create the acme related directories if they do not exist yet
  * pipe dns plugin command output to the task log
  * made the account name optional in the register api call (since
  * pve/pmg do it too)

* Fixed a warning about a missing semicolon in the ui code.

The original patch 4 (tools/http helper) was dropped and is replaced by
patches 15 & 16. I added the main changes outlined above as separate
patches and only merged minor cleanup/style fixups into the existing
patches.

-- Original cover letter:

Reusing the ACME UI elements from the widget toolkit and therefore
providing a compatible API and pretty much the same config file layout.

Contains the async version of the acme client directly in the tree here,
though it may also be an option to move it to proxmox-acme-rs w/ a
feature-gate. (The code is also very similar to the sync version so
there's a possibility that the implementation could be wrapped in a
macro...)

The series starts out with some helpers & refactoring, followed by a
serde-driven config file format read/writer (meant to be (or become)
compatible to what we have in perl via PVE::JSONSchema::parse_config,
but without the json::Value intermediate step), followed by the config,
client & api call implementation.

(Wildcard support like stoiko just added to PMG still needs to be added,
though...)

Wolfgang Bumiller (27):
  systemd: add reload_unit
  add dns alias schema
  tools::fs::scan_subdir: use nix::Error instead of anyhow
  config: factor out certificate writing
  CertInfo: add not_{after,before}_unix
  CertInfo: add is_expired_after_epoch
  tools: add ControlFlow type
  catalog shell: replace LoopState with ControlFlow
  Cargo.toml: depend on proxmox-acme-rs
  bump d/control
  config::acl: make /system/certificates a valid path
  add 'config file format' to tools::config
  add node config
  add acme config
  tools/http: dedup user agent string
  tools/http: add request_with_agent helper
  add async acme client implementation
  add config/acme api path
  add node/{node}/certificates api call
  add node/{node}/config api path
  add acme commands to proxmox-backup-manager
  implement standalone acme validation
  ui: add certificate & acme view
  daily-update: check acme certificates
  acme: create directories as needed
  acme: pipe plugin output to task log
  api: acme: make account name optional in register call

 Cargo.toml                             |   3 +
 debian/control                         |   2 +
 src/acme/client.rs                     | 672 +++++++++++++++++++++++
 src/acme/mod.rs                        |   2 +
 src/api2/config.rs                     |   2 +
 src/api2/config/acme.rs                | 725 +++++++++++++++++++++++++
 src/api2/node.rs                       |   4 +
 src/api2/node/certificates.rs          | 577 ++++++++++++++++++++
 src/api2/node/config.rs                |  81 +++
 src/api2/types/mod.rs                  |  10 +
 src/backup/catalog_shell.rs            |  18 +-
 src/bin/proxmox-backup-manager.rs      |   1 +
 src/bin/proxmox-daily-update.rs        |  30 +-
 src/bin/proxmox_backup_manager/acme.rs | 415 ++++++++++++++
 src/bin/proxmox_backup_manager/mod.rs  |   2 +
 src/config.rs                          |  55 +-
 src/config/acl.rs                      |   2 +-
 src/config/acme/mod.rs                 | 237 ++++++++
 src/config/acme/plugin.rs              | 532 ++++++++++++++++++
 src/config/node.rs                     | 225 ++++++++
 src/lib.rs                             |   2 +
 src/tools.rs                           |  12 +
 src/tools/cert.rs                      |  41 +-
 src/tools/config.rs                    | 171 ++++++
 src/tools/fs.rs                        |   2 +-
 src/tools/http.rs                      |  15 +-
 src/tools/systemd.rs                   |  11 +
 www/Makefile                           |   1 +
 www/NavigationTree.js                  |   6 +
 www/config/CertificateView.js          |  80 +++
 30 files changed, 3897 insertions(+), 39 deletions(-)
 create mode 100644 src/acme/client.rs
 create mode 100644 src/acme/mod.rs
 create mode 100644 src/api2/config/acme.rs
 create mode 100644 src/api2/node/certificates.rs
 create mode 100644 src/api2/node/config.rs
 create mode 100644 src/bin/proxmox_backup_manager/acme.rs
 create mode 100644 src/config/acme/mod.rs
 create mode 100644 src/config/acme/plugin.rs
 create mode 100644 src/config/node.rs
 create mode 100644 src/tools/config.rs
 create mode 100644 www/config/CertificateView.js

-- 
2.20.1

More information about the pbs-devel mailing list