[Improvement] LetsencryptZ: Reload the farm used for renew the certif…

…icate instead of restarting it.

[Improvement] LetsencryptZ: Add a lock for renew action

Signed-off-by: Antonio Rendon <[email protected]>

	modified:   usr/share/perl5/Zevenet/Farm/HTTP/Service.pm
	modified:   usr/share/perl5/Zevenet/LetsencryptZ.pm

usr/share/perl5/Zevenet/Farm/HTTP/Service.pm

@@ -151,6 +151,123 @@ sub setFarmHTTPNewService # ($farm_name,$service)
  return $output;
 }
 
+=begin nd
+Function: setFarmHTTPNewServiceFirst
+
+ Create a new Service in a HTTP farm on first position
+
+Parameters:
+ farmname - Farm name
+ service - Service name
+
+Returns:
+ Integer - Error code: 0 on success, other value on failure
+
+=cut
+
+sub setFarmHTTPNewServiceFirst # ($farm_name,$service)
+{
+ &zenlog( __FILE__ . ":" . __LINE__ . ":" . ( caller ( 0 ) )[3] . "( @_ )",
+ "debug", "PROFILING" );
+ my ( $farm_name, $service ) = @_;
+
+ use File::Grep 'fgrep';
+ require Tie::File;
+ require Zevenet::Lock;
+ require Zevenet::Farm::Config;
+
+ my $output = -1;
+
+ #first check if service name exist
+ if ( $service =~ /(?=)/ && $service =~ /^$/ )
+ {
+ #error 2 eq $service is empty
+ $output = 2;
+ return $output;
+ }
+
+ if ( !fgrep { /^\s*Service "$service"/ } "$configdir/$farm_name\_proxy.cfg" )
+ {
+ #create service
+ my @newservice;
+ my $sw = 0;
+ my $count = 0;
+ my $proxytpl = &getGlobalConfiguration( 'proxytpl' );
+ tie my @proxytpl, 'Tie::File', "$proxytpl";
+
+ foreach my $line ( @proxytpl )
+ {
+ if ( $line =~ /Service \"\[DESC\]\"/ )
+ {
+ $sw = 1;
+ }
+
+ if ( $sw eq "1" )
+ {
+ push ( @newservice, $line );
+ }
+
+ if ( $line =~ /End/ )
+ {
+ $count++;
+ }
+
+ if ( $count eq "4" )
+ {
+ last;
+ }
+ }
+ untie @proxytpl;
+
+ $newservice[0] =~ s/#//g;
+ $newservice[$#newservice] =~ s/#//g;
+
+ my $lock_file = &getLockFile( $farm_name );
+ my $lock_fh = &openlock( $lock_file, 'w' );
+
+ my @fileconf;
+ if ( !fgrep { /^\s*Service "$service"/ } "$configdir/$farm_name\_proxy.cfg" )
+ {
+ tie @fileconf, 'Tie::File', "$configdir/$farm_name\_proxy.cfg";
+ my $i = 0;
+ my $farm_type = "";
+ $farm_type = &getFarmType( $farm_name );
+
+ foreach my $line ( @fileconf )
+ {
+ if ( $line =~ /#ZWACL-INI/ )
+ {
+ $output = 0;
+ foreach my $lline ( @newservice )
+ {
+ if ( $lline =~ /\[DESC\]/ )
+ {
+ $lline =~ s/\[DESC\]/$service/;
+ }
+ if ( $lline =~ /StrictTransportSecurity/
+ && $farm_type eq "https" )
+ {
+ $lline =~ s/#//;
+ }
+ $i++;
+ splice @fileconf, $i, 0, "$lline";
+ }
+ last;
+ }
+ $i++;
+ }
+ }
+ untie @fileconf;
+ close $lock_fh;
+ }
+ else
+ {
+ $output = 1;
+ }
+
+ return $output;
+}
+
 =begin nd
 Function: delHTTPFarmService
 

usr/share/perl5/Zevenet/LetsencryptZ.pm

@@ -299,13 +299,15 @@ sub setLetsencryptFarmService
  my $le_service = &getGlobalConfiguration( 'le_service' );
  my $le_farm = &getGlobalConfiguration( 'le_farm' );
 
+ my $error;
+
  require Zevenet::Farm::Core;
 
  # create a temporal farm
  if ( $farm_name eq $le_farm )
  {
  require Zevenet::Farm::HTTP::Factory;
- my $error = &runHTTPFarmCreate( $vip, 80, $farm_name, "HTTP" );
+ $error = &runHTTPFarmCreate( $vip, 80, $farm_name, "HTTP" );
  if ( $error )
  {
  &zenlog( "Error creating Temporal Farm $le_farm", "Error", "LetsEncryptZ" );
@@ -316,13 +318,35 @@ sub setLetsencryptFarmService
 
  #create Letsencrypt service
  require Zevenet::Farm::HTTP::Service;
- my $error = &setFarmHTTPNewService( $farm_name, $le_service );
+ if ( $eload )
+ {
+ $error = &setFarmHTTPNewService( $farm_name, $le_service );
+ }
+ else
+ {
+ $error = &setFarmHTTPNewServiceFirst( $farm_name, $le_service );
+ }
  if ( $error )
  {
  &zenlog( "Error creating the service $le_service", "Error", "LetsEncryptZ" );
  return 1;
  }
 
+ if ( $eload )
+ {
+ #Move the service to posistion 0
+ $error = &eload(
+ module => 'Zevenet::Farm::HTTP::Service::Ext',
+ func => 'setHTTPFarmMoveService',
+ args => [$farm_name, $le_service, 0],
+ );
+ if ( $error )
+ {
+ &zenlog( "Error moving the service $le_service", "Error", "LetsEncryptZ" );
+ return 4;
+ }
+ }
+
  # create local Web Server Backend
  require Zevenet::Farm::HTTP::Backend;
  $error =
@@ -344,34 +368,31 @@ sub setLetsencryptFarmService
  return 3;
  }
 
- if ( $eload )
+ # Restart the farm
+ require Zevenet::Farm::Action;
+ if ( &getGlobalConfiguration( 'proxy_ng' ) ne 'true' )
  {
- # Move the service to posistion 0
- $error = &eload(
- module => 'Zevenet::Farm::HTTP::Service::Ext',
- func => 'setHTTPFarmMoveService',
- args => [$farm_name, $le_service, 0],
- );
+ $error = &runFarmStop( $farm_name, "" );
  if ( $error )
  {
- &zenlog( "Error moving the service $le_service", "Error", "LetsEncryptZ" );
- return 4;
+ &zenlog( "Error stopping the farm $farm_name", "Error", "LetsEncryptZ" );
+ return 5;
+ }
+ $error = &runFarmStart( $farm_name, "" );
+ if ( $error )
+ {
+ &zenlog( "Error starting the farm $farm_name", "Error", "LetsEncryptZ" );
+ return 6;
  }
  }
-
- # Restart the farm
- require Zevenet::Farm::Action;
- $error = &runFarmStop( $farm_name, "" );
- if ( $error )
- {
- &zenlog( "Error stopping the farm $farm_name", "Error", "LetsEncryptZ" );
- return 5;
- }
- $error = &runFarmStart( $farm_name, "" );
- if ( $error )
+ else
  {
- &zenlog( "Error starting the farm $farm_name", "Error", "LetsEncryptZ" );
- return 6;
+ $error = &_runFarmReload( $farm_name );
+ if ( $error )
+ {
+ &zenlog( "Error reloading the farm $farm_name", "Error", "LetsEncryptZ" );
+ return 5;
+ }
  }
 
  return 0;
@@ -428,17 +449,29 @@ sub unsetLetsencryptFarmService
 
  # Restart the farm
  require Zevenet::Farm::Action;
- $error = &runFarmStop( $farm_name, "" );
- if ( $error )
+ if ( &getGlobalConfiguration( 'proxy_ng' ) ne 'true' )
  {
- &zenlog( "Error stopping the farm $farm_name", "Error", "LetsEncryptZ" );
- return 1;
+ $error = &runFarmStop( $farm_name, "" );
+ if ( $error )
+ {
+ &zenlog( "Error stopping the farm $farm_name", "Error", "LetsEncryptZ" );
+ return 1;
+ }
+ $error = &runFarmStart( $farm_name, "" );
+ if ( $error )
+ {
+ &zenlog( "Error starting the farm $farm_name", "Error", "LetsEncryptZ" );
+ return 4;
+ }
  }
- $error = &runFarmStart( $farm_name, "" );
- if ( $error )
+ else
  {
- &zenlog( "Error starting the farm $farm_name", "Error", "LetsEncryptZ" );
- return 4;
+ $error = &_runFarmReload( $farm_name );
+ if ( $error )
+ {
+ &zenlog( "Error reloading the farm $farm_name", "Error", "LetsEncryptZ" );
+ return 1;
+ }
  }
  }
 
@@ -467,6 +500,8 @@ sub runLetsencryptLocalWebserverStart
  &getGlobalConfiguration( 'le_webserver_config_file' );
  my $http_bin = &getGlobalConfiguration( 'http_bin' );
 
+ my $rc = 0;
+
  my $status = &getLetsencryptLocalWebserverRunning();
 
  if ( $status == 1 )
@@ -483,10 +518,10 @@ sub runLetsencryptLocalWebserverStart
  if ( !-f $pid_file )
  {
  &zenlog( "Error starting Local Web Server", "Error", "LetsEncryptZ" );
- return 1;
+ $rc = 1;
  }
 
- return 0;
+ return $rc;
 
 }
 
@@ -818,6 +853,10 @@ sub runLetsencryptRenew # ( $le_cert_name, $farm_name, $vip, $force, $test )
  my $le_farm = &getGlobalConfiguration( 'le_farm' );
  $farm_name = $le_farm if ( !$farm_name );
 
+ # Lock process
+ my $lock_le_renew = "/tmp/letsencryptz-renew.lock";
+ my $lock_le_renew_fh = &openlock( $lock_le_renew, "w" );
+
  # start local Web Server
  $status = &runLetsencryptLocalWebserverStart();
 
@@ -906,6 +945,9 @@ sub runLetsencryptRenew # ( $le_cert_name, $farm_name, $vip, $force, $test )
  # stop local Web Server
  &runLetsencryptLocalWebserverStop();
 
+ close $lock_le_renew_fh;
+ unlink $lock_le_renew;
+
  return $error_ref;
 }