[pve-devel] [Patch V2 manager 2/8] Extend node config in the acme section.

Fabian Grünbichler f.gruenbichler at proxmox.com
Wed Apr 1 15:25:40 CEST 2020


some more comments where this gets actually used later on!

On March 31, 2020 12:08 pm, Wolfgang Link wrote:
> Allow more than one domain entry, but only one domain per entry is allowed.
> Before that, the Acme parameter could have multiple domains.
> 
> Signed-off-by: Wolfgang Link <w.link at proxmox.com>
> ---
>  PVE/NodeConfig.pm | 47 ++++++++++++++++++++++++++++++++++++++++++-----
>  1 file changed, 42 insertions(+), 5 deletions(-)
> 
> diff --git a/PVE/NodeConfig.pm b/PVE/NodeConfig.pm
> index 7a663f46..94f7287e 100644
> --- a/PVE/NodeConfig.pm
> +++ b/PVE/NodeConfig.pm
> @@ -3,10 +3,15 @@ package PVE::NodeConfig;
>  use strict;
>  use warnings;
>  
> +use Storable qw(dclone);
> +
>  use PVE::CertHelpers;
>  use PVE::JSONSchema qw(get_standard_option);
>  use PVE::Tools qw(file_get_contents file_set_contents lock_file);
>  
> +# regitster up to 20 domain names

s/regitster/register/

> +my $MAXDOMAINS = 20;
> +
>  my $node_config_lock = '/var/lock/pvenode.lock';
>  
>  PVE::JSONSchema::register_format('pve-acme-domain', sub {
> @@ -77,14 +82,38 @@ my $confdesc = {
>      },
>  };
>  
> -my $acmedesc = {
> +my $acme_additional_desc = {
>      account => get_standard_option('pve-acme-account-name'),

account should only be defined in the main 'acme' config

> -    domains => {
> +    domain => {
>  	type => 'string',
> -	format => 'pve-acme-domain-list',
> -	format_description => 'domain[;domain;...]',
> -	description => 'List of domains for this node\'s ACME certificate',
> +	format => 'pve-acme-domain',
> +	format_description => 'domain',
> +	description => 'domain for this node ACME certificate',

s/node/node \'s/

>      },
> +    plugin => {
> +	type => 'string',

missing format?

> +	description => 'The plugin ID, default is standalone http',
> +	optional => 1,
> +	format_description => 'name of the plugin configuration',
> +    },
> +    alias => {
> +	type => 'string',
> +	format => 'pve-acme-domain',
> +	format_description => 'domain',
> +	description => 'Alias for the Domain to verify ACME Challenge over DNS',
> +	optional => 1,
> +    },
> +};
> +PVE::JSONSchema::register_format('pve-acme-additional-node-conf', $acme_additional_desc);
> +
> +my $acmedesc = dclone($acme_additional_desc);
> +$acmedesc->{account} = get_standard_option('pve-acme-account-name');
> +$acmedesc->{domains} = {
> +    type => 'string',
> +    format_description => 'domain[;domain;...]',
> +    description => 'List of domains for this node\'s ACME certificate',

this should be adapted to signify that this key is deprecated and will 
be removed.

> +    format => 'pve-acme-domain-list',
> +    optional => 1,
>  };
>  PVE::JSONSchema::register_format('pve-acme-node-conf', $acmedesc);
>  
> @@ -214,6 +243,14 @@ sub print_acme {
>  }
>  
>  sub get_nodeconfig_schema {
> +    for my $i (1..$MAXDOMAINS) {

why start with 1? our other indexed config options start with 0

> +	$confdesc->{"acme_additional_domain$i"} = {
> +	    type => 'string',
> +	    description => 'ACME additional Domain',
> +	    format => $acmedesc,

wrong format?

> +	    optional => 1,
> +	};
> +    };
>      return $confdesc;
>  }
>  
> -- 
> 2.20.1
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
> 




More information about the pve-devel mailing list