From f84965c8e173e5ad69c08e3fba652decf8d9405f Mon Sep 17 00:00:00 2001 From: Max Erenberg Date: Sun, 22 Jan 2023 17:20:55 -0500 Subject: [PATCH] reload all NGINX servers after adding a vhost (#90) Currently, only the NGINX server on biloba is reloaded after adding a new vhost or renewing an SSL certificate. The NGINX server on chamomile should also be reloaded, since chamomile is a warm standby for biloba. This PR adds a new config option in ceod.ini to specify the shell command to reload the web servers. Reviewed-on: https://git.csclub.uwaterloo.ca/public/pyceo/pulls/90 Co-authored-by: Max Erenberg Co-committed-by: Max Erenberg --- ceod/model/VHostManager.py | 11 ++++++----- etc/ceod.ini | 1 + tests/ceod_dev.ini | 1 + tests/ceod_test_local.ini | 1 + 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/ceod/model/VHostManager.py b/ceod/model/VHostManager.py index c3f052b..0747585 100644 --- a/ceod/model/VHostManager.py +++ b/ceod/model/VHostManager.py @@ -4,7 +4,7 @@ import os import re import shutil import subprocess -from typing import List, Dict, Tuple +from typing import List, Dict, Tuple, Union import jinja2 from zope import component @@ -53,6 +53,7 @@ class VHostManager: self.max_vhosts_per_account = cfg.get('cloud vhosts_max_vhosts_per_account') self.vhost_ip_min = ipaddress.ip_address(cfg.get('cloud vhosts_ip_range_min')) self.vhost_ip_max = ipaddress.ip_address(cfg.get('cloud vhosts_ip_range_max')) + self.reload_web_server_cmd = cfg.get('cloud vhosts_reload_web_server_cmd') self.acme_challenge_dir = cfg.get('cloud vhosts_acme_challenge_dir') self.acme_dir = '/root/.acme.sh' @@ -82,12 +83,12 @@ class VHostManager: """Return a list of all vhost files for this user.""" return glob.glob(os.path.join(self.vhost_dir, username + '_*')) - def _run(self, args: List[str]): - subprocess.run(args, check=True) + def _run(self, args: Union[List[str], str], **kwargs): + subprocess.run(args, check=True, **kwargs) def _reload_web_server(self): logger.debug('Reloading NGINX') - self._run(['systemctl', 'reload', 'nginx']) + self._run(self.reload_web_server_cmd, shell=True) def is_valid_domain(self, username: str, domain: str) -> bool: if VALID_DOMAIN_RE.match(domain) is None: @@ -150,7 +151,7 @@ class VHostManager: self.acme_sh, '--install-cert', '-d', domain, '--key-file', key_path, '--fullchain-file', cert_path, - '--reloadcmd', 'systemctl reload nginx', + '--reloadcmd', self.reload_web_server_cmd, ]) def _delete_cert(self, domain: str, cert_path: str, key_path: str): diff --git a/etc/ceod.ini b/etc/ceod.ini index dc0e048..d5b337c 100644 --- a/etc/ceod.ini +++ b/etc/ceod.ini @@ -97,6 +97,7 @@ members_domain = csclub.cloud k8s_members_domain = k8s.csclub.cloud ip_range_min = 172.19.134.10 ip_range_max = 172.19.134.160 +reload_web_server_cmd = /root/bin/reload-nginx.sh [k8s] members_clusterrole = csc-members-default diff --git a/tests/ceod_dev.ini b/tests/ceod_dev.ini index 7404777..172744a 100644 --- a/tests/ceod_dev.ini +++ b/tests/ceod_dev.ini @@ -91,6 +91,7 @@ members_domain = csclub.cloud k8s_members_domain = k8s.csclub.cloud ip_range_min = 172.19.134.10 ip_range_max = 172.19.134.160 +reload_web_server_cmd = systemctl reload nginx [k8s] members_clusterrole = csc-members-default diff --git a/tests/ceod_test_local.ini b/tests/ceod_test_local.ini index 8adc851..fb1c415 100644 --- a/tests/ceod_test_local.ini +++ b/tests/ceod_test_local.ini @@ -90,6 +90,7 @@ members_domain = csclub.cloud k8s_members_domain = k8s.csclub.cloud ip_range_min = 172.19.134.10 ip_range_max = 172.19.134.160 +reload_web_server_cmd = systemctl reload nginx [k8s] members_clusterrole = csc-members-default