[pve-devel] [Patch V2 acme 08/12] Create the plugin config.

Fabian Grünbichler f.gruenbichler at proxmox.com
Wed Apr 1 15:27:38 CEST 2020


On March 31, 2020 12:08 pm, Wolfgang Link wrote:
> At the moment, Proxmox has two different configurations that require different properties.
> DNSChallange requires credentials for the DNSAPI.
> Standalone has no settings because Letsencrypt only supports port 80 with the http-01 challenge.
> 
> Make Standalone.pm Plugin compliant.
> 
> Signed-off-by: Wolfgang Link <w.link at proxmox.com>
> ---
>  src/PVE/ACME/Challenge.pm  | 62 ++++++++++++++++++++++++++++++++++++++
>  src/PVE/ACME/StandAlone.pm | 16 ++++++++++
>  2 files changed, 78 insertions(+)
> 
> diff --git a/src/PVE/ACME/Challenge.pm b/src/PVE/ACME/Challenge.pm
> index 40d32b6..b261476 100644
> --- a/src/PVE/ACME/Challenge.pm
> +++ b/src/PVE/ACME/Challenge.pm
> @@ -3,16 +3,78 @@ package PVE::ACME::Challenge;
>  use strict;
>  use warnings;
>  
> +use PVE::Cluster qw(cfs_register_file);
> +use PVE::JSONSchema qw(get_standard_option);
> +use PVE::Tools qw(lock_file);
> +
> +use base qw(PVE::SectionConfig);
> +
> +my $FILENAME = "/etc/pve/priv/plugins.cfg";
> +
> +cfs_register_file ('priv/plugins.cfg',
> +		   sub { __PACKAGE__->parse_config(@_); },
> +		   sub { __PACKAGE__->write_config(@_); });

if we want to keep this general/not PVE-specific, then ideally we'd not 
have this here, but in pve-manager. we can then re-use the whole thing 
for PMG and other products.

> +
> +my $defaultData = {
> +    additionalProperties => 0,
> +    propertyList => {
> +	id => {
> +	    description => "ACME Plugin ID name",
> +	    type => 'string',
> +	},
> +	type => {
> +	    description => "ACME challenge type.",
> +	    type => 'string',
> +	},
> +	nodes => get_standard_option('pve-node-list', { optional => 1 }),
> +	disable => {
> +	    description => "Flag to disable the config.",
> +	    type => 'boolean',
> +	    optional => 1,
> +	},
> +    },
> +};
> +
> +sub private {
> +    return $defaultData;
> +}
> +
>  sub supported_challenge_types {
>      return {};
>  }
>  
> +sub load_config {
> +
> +    my $raw = eval { PVE::Tools::file_get_contents($FILENAME); };

this would then need to be passed in (or the whole sub dropped/moved to 
pve-manager altogether, possibly replaced by a simple cfs_read_file)

> +    return {} if !$raw;
> +
> +    return __PACKAGE__->parse_config($FILENAME, $raw);
> +}
> +
> +sub write_conf {
> +    my ($conf) = @_;
> +
> +    my $raw = __PACKAGE__->write_config($FILENAME, $conf);

and this would need to be returned (or ..., possibly replaced by a 
simple cfs_write_file)

> +
> +    PVE::Tools::file_set_contents($FILENAME, $raw);
> +}
> +
>  sub setup {
>      my ($class, $acme, $authorization) = @_;
>  
>      die "implement me\n";
>  }
>  
> +sub lock_config {
> +    my ($code, @param) = @_;
> +
> +    my $res = lock_file($FILENAME, 3, $code, @param);

this actually would need to be a cluster-wide lock, but see above - this 
should also move to pve-manager to keep this library without pve-cluster 
dependencies!

> +
> +    die $@ if $@;
> +
> +    return $res;
> +}
> +
>  sub teardown {
>      my ($self) = @_;
>  
> diff --git a/src/PVE/ACME/StandAlone.pm b/src/PVE/ACME/StandAlone.pm
> index f48d638..ac75184 100644
> --- a/src/PVE/ACME/StandAlone.pm
> +++ b/src/PVE/ACME/StandAlone.pm
> @@ -12,6 +12,22 @@ sub supported_challenge_types {
>      return { 'http-01' => 1 };
>  }
>  
> +sub type {
> +    return 'standalone';
> +}
> +
> +sub properties {
> +    return {
> +    };
> +}
> +
> +sub options {
> +    return {
> +	nodes => { optional => 1 },
> +	disable => { optional => 1 },
> +    };
> +}
> +
>  sub setup {
>      my ($class, $acme, $authorization) = @_;
>  
> -- 
> 2.20.1
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
> 




More information about the pve-devel mailing list