ExternalVendorCode/open-balena
1
0
Fork 0
mirror of https://github.com/balena-io/open-balena.git synced 2025-05-06 10:58:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #65 from balena-io/cert-provider-update

Browse Source 
cert-provider: Update to support ACMEv2 on staging provider
This commit is contained in:
Rich Bayliss 2020-01-17 10:28:43 +00:00 committed by GitHub
commit c58ee37f17
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/cert-provider/Dockerfile
View File

@ -6,9 +6,11 @@ VOLUME [ "/usr/src/app/certs" ]
RUN apk add --update bash curl git openssl ncurses socat RUN apk add --update bash curl git openssl ncurses socat
# from https://github.com/Neilpang/acme.sh/releases/tag/2.8.5
RUN git clone https://github.com/Neilpang/acme.sh.git && \ RUN git clone https://github.com/Neilpang/acme.sh.git && \
cd acme.sh && \ cd acme.sh && \
git checkout 08357e3cb0d80c84bdaf3e42ce0e439665387f57 . && \ git fetch && git fetch --tags && \
git checkout 2.8.5 . && \
./acme.sh --install \ ./acme.sh --install \
--cert-home /usr/src/app/certs --cert-home /usr/src/app/certs

23
src/cert-provider/cert-provider.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash #!/usr/bin/env bash
# the acme.sh client script, installed via Git in the Dockerfile... # the acme.sh client script, installed via Git in the Dockerfile...
ACME_BIN="$(realpath ~/.acme.sh/acme.sh)" ACME_BIN="$(realpath ~/.acme.sh/acme.sh)"
@ -45,14 +45,20 @@ retryWithDelay() {
DELAY=${3:-5} DELAY=${3:-5}
local ATTEMPT=0 local ATTEMPT=0
while [ $RETRIES -gt $ATTEMPT ]; do while [ "$RETRIES" -gt "$ATTEMPT" ]; do
let "ATTEMPT++" (( ATTEMPT++ ))
logInfo "($ATTEMPT/$RETRIES) Connecting..."
if $1; then if $1; then
logInfo "($ATTEMPT/$RETRIES) Success!"
return $? return $?
fi fi
echo "($ATTEMPT/$RETRIES) Retrying in ${DELAY} seconds..." if [ "$RETRIES" -gt "$ATTEMPT" ]; then
sleep $DELAY logInfo "($ATTEMPT/$RETRIES) Failed. Retrying in ${DELAY} seconds..."
sleep "$DELAY"
else
logInfo "($ATTEMPT/$RETRIES) Failed!"
fi
done done
return 1 return 1
@ -62,7 +68,7 @@ waitForOnline() {
ADDRESS="${1,,}" ADDRESS="${1,,}"
logInfo "Waiting for ${ADDRESS} to be available via HTTP..." logInfo "Waiting for ${ADDRESS} to be available via HTTP..."
retryWithDelay "curl --output /dev/null --silent --head --fail http://${ADDRESS}" 6 5 retryWithDelay "curl --output /dev/null --silent --head --fail --max-time 5 http://${ADDRESS}"
} }
isUsingStagingCert() { isUsingStagingCert() {
@ -167,7 +173,10 @@ acquireCertificate() {
pre-flight || logErrorAndStop "Unable to continue due to misconfiguration. See errors above." pre-flight || logErrorAndStop "Unable to continue due to misconfiguration. See errors above."
waitForOnline "${ACME_DOMAINS[0]}" || logErrorAndStop "Unable to access ${ACME_DOMAINS[0]} on port 80. This is needed for certificate validation." while ! waitForOnline "${ACME_DOMAINS[0]}"; do
logInfo "Unable to access ${ACME_DOMAINS[0]} on port 80. This is needed for certificate validation. Retrying in 30 seconds..."
sleep 30
done
if ! lastAcquiredCertFor "production"; then if ! lastAcquiredCertFor "production"; then
acquireCertificate "staging" || logErrorAndStop "Unable to acquire a staging certificate." acquireCertificate "staging" || logErrorAndStop "Unable to acquire a staging certificate."