[pve-devel] [Patch V2 acme 08/12] Create the plugin config.
Fabian Grünbichler
f.gruenbichler at proxmox.com
Wed Apr 1 15:27:38 CEST 2020
On March 31, 2020 12:08 pm, Wolfgang Link wrote:
> At the moment, Proxmox has two different configurations that require different properties.
> DNSChallange requires credentials for the DNSAPI.
> Standalone has no settings because Letsencrypt only supports port 80 with the http-01 challenge.
>
> Make Standalone.pm Plugin compliant.
>
> Signed-off-by: Wolfgang Link <w.link at proxmox.com>
> ---
> src/PVE/ACME/Challenge.pm | 62 ++++++++++++++++++++++++++++++++++++++
> src/PVE/ACME/StandAlone.pm | 16 ++++++++++
> 2 files changed, 78 insertions(+)
>
> diff --git a/src/PVE/ACME/Challenge.pm b/src/PVE/ACME/Challenge.pm
> index 40d32b6..b261476 100644
> --- a/src/PVE/ACME/Challenge.pm
> +++ b/src/PVE/ACME/Challenge.pm
> @@ -3,16 +3,78 @@ package PVE::ACME::Challenge;
> use strict;
> use warnings;
>
> +use PVE::Cluster qw(cfs_register_file);
> +use PVE::JSONSchema qw(get_standard_option);
> +use PVE::Tools qw(lock_file);
> +
> +use base qw(PVE::SectionConfig);
> +
> +my $FILENAME = "/etc/pve/priv/plugins.cfg";
> +
> +cfs_register_file ('priv/plugins.cfg',
> + sub { __PACKAGE__->parse_config(@_); },
> + sub { __PACKAGE__->write_config(@_); });
if we want to keep this general/not PVE-specific, then ideally we'd not
have this here, but in pve-manager. we can then re-use the whole thing
for PMG and other products.
> +
> +my $defaultData = {
> + additionalProperties => 0,
> + propertyList => {
> + id => {
> + description => "ACME Plugin ID name",
> + type => 'string',
> + },
> + type => {
> + description => "ACME challenge type.",
> + type => 'string',
> + },
> + nodes => get_standard_option('pve-node-list', { optional => 1 }),
> + disable => {
> + description => "Flag to disable the config.",
> + type => 'boolean',
> + optional => 1,
> + },
> + },
> +};
> +
> +sub private {
> + return $defaultData;
> +}
> +
> sub supported_challenge_types {
> return {};
> }
>
> +sub load_config {
> +
> + my $raw = eval { PVE::Tools::file_get_contents($FILENAME); };
this would then need to be passed in (or the whole sub dropped/moved to
pve-manager altogether, possibly replaced by a simple cfs_read_file)
> + return {} if !$raw;
> +
> + return __PACKAGE__->parse_config($FILENAME, $raw);
> +}
> +
> +sub write_conf {
> + my ($conf) = @_;
> +
> + my $raw = __PACKAGE__->write_config($FILENAME, $conf);
and this would need to be returned (or ..., possibly replaced by a
simple cfs_write_file)
> +
> + PVE::Tools::file_set_contents($FILENAME, $raw);
> +}
> +
> sub setup {
> my ($class, $acme, $authorization) = @_;
>
> die "implement me\n";
> }
>
> +sub lock_config {
> + my ($code, @param) = @_;
> +
> + my $res = lock_file($FILENAME, 3, $code, @param);
this actually would need to be a cluster-wide lock, but see above - this
should also move to pve-manager to keep this library without pve-cluster
dependencies!
> +
> + die $@ if $@;
> +
> + return $res;
> +}
> +
> sub teardown {
> my ($self) = @_;
>
> diff --git a/src/PVE/ACME/StandAlone.pm b/src/PVE/ACME/StandAlone.pm
> index f48d638..ac75184 100644
> --- a/src/PVE/ACME/StandAlone.pm
> +++ b/src/PVE/ACME/StandAlone.pm
> @@ -12,6 +12,22 @@ sub supported_challenge_types {
> return { 'http-01' => 1 };
> }
>
> +sub type {
> + return 'standalone';
> +}
> +
> +sub properties {
> + return {
> + };
> +}
> +
> +sub options {
> + return {
> + nodes => { optional => 1 },
> + disable => { optional => 1 },
> + };
> +}
> +
> sub setup {
> my ($class, $acme, $authorization) = @_;
>
> --
> 2.20.1
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
More information about the pve-devel
mailing list