reload all NGINX servers after adding a vhost (#90)

Currently, only the NGINX server on biloba is reloaded after adding a new vhost or renewing an SSL certificate. The NGINX server on chamomile should also be reloaded, since chamomile is a warm standby for biloba.

This PR adds a new config option in ceod.ini to specify the shell command to reload the web servers.

Reviewed-on: #90
Co-authored-by: Max Erenberg <merenber@csclub.uwaterloo.ca>
Co-committed-by: Max Erenberg <merenber@csclub.uwaterloo.ca>

ceod/model/VHostManager.py

@@ -4,7 +4,7 @@ import os
 import re
 import shutil
 import subprocess
-from typing import List, Dict, Tuple
+from typing import List, Dict, Tuple, Union
 
 import jinja2
 from zope import component
@@ -53,6 +53,7 @@ class VHostManager:
         self.max_vhosts_per_account = cfg.get('cloud vhosts_max_vhosts_per_account')
         self.vhost_ip_min = ipaddress.ip_address(cfg.get('cloud vhosts_ip_range_min'))
         self.vhost_ip_max = ipaddress.ip_address(cfg.get('cloud vhosts_ip_range_max'))
+        self.reload_web_server_cmd = cfg.get('cloud vhosts_reload_web_server_cmd')
 
         self.acme_challenge_dir = cfg.get('cloud vhosts_acme_challenge_dir')
         self.acme_dir = '/root/.acme.sh'
@@ -82,12 +83,12 @@ class VHostManager:
         """Return a list of all vhost files for this user."""
         return glob.glob(os.path.join(self.vhost_dir, username + '_*'))
 
-    def _run(self, args: List[str]):
-        subprocess.run(args, check=True)
+    def _run(self, args: Union[List[str], str], **kwargs):
+        subprocess.run(args, check=True, **kwargs)
 
     def _reload_web_server(self):
         logger.debug('Reloading NGINX')
-        self._run(['systemctl', 'reload', 'nginx'])
+        self._run(self.reload_web_server_cmd, shell=True)
 
     def is_valid_domain(self, username: str, domain: str) -> bool:
         if VALID_DOMAIN_RE.match(domain) is None:
@@ -150,7 +151,7 @@ class VHostManager:
             self.acme_sh, '--install-cert', '-d', domain,
             '--key-file', key_path,
             '--fullchain-file', cert_path,
-            '--reloadcmd', 'systemctl reload nginx',
+            '--reloadcmd', self.reload_web_server_cmd,
         ])
 
     def _delete_cert(self, domain: str, cert_path: str, key_path: str):

etc/ceod.ini

@@ -97,6 +97,7 @@ members_domain = csclub.cloud
 k8s_members_domain = k8s.csclub.cloud
 ip_range_min = 172.19.134.10
 ip_range_max = 172.19.134.160
+reload_web_server_cmd = /root/bin/reload-nginx.sh
 
 [k8s]
 members_clusterrole = csc-members-default

tests/ceod_dev.ini

@@ -91,6 +91,7 @@ members_domain = csclub.cloud
 k8s_members_domain = k8s.csclub.cloud
 ip_range_min = 172.19.134.10
 ip_range_max = 172.19.134.160
+reload_web_server_cmd = systemctl reload nginx
 
 [k8s]
 members_clusterrole = csc-members-default

tests/ceod_test_local.ini

@@ -90,6 +90,7 @@ members_domain = csclub.cloud
 k8s_members_domain = k8s.csclub.cloud
 ip_range_min = 172.19.134.10
 ip_range_max = 172.19.134.160
+reload_web_server_cmd = systemctl reload nginx
 
 [k8s]
 members_clusterrole = csc-members-default