fix: [letsencrypt] could not add domains to existing list

Docker base image for letsencrypt support now better querying of existing domains registered. This allows a fine grained check for stopping the 80-port blocking containers when required.
6 years ago · 006ffab8a4
2 changed files with 34 additions and 14 deletions
--- a/letsencrypt/hooks/dc-pre-run
+++ b/letsencrypt/hooks/dc-pre-run
@ -10,6 +10,13 @@
 ## - SERVICE_DATASTORE           Location on host of the DATASTORE of this service
 ## - SERVICE_CONFIGSTORE         Location on host of the CONFIGSTORE of this service
 aimport remainder_args
 case "${remainder_args[@]:0:2}" in
    "crt info"|"crt list")
        exit 0
        ;;
 esac
 . lib/common || exit 1
 set -e
@ -46,26 +53,20 @@ if environment_def="$(printf "%s" "$service_def" | shyaml -y get-value options.e
    config+=$(echo -en "\n    LEXICON_PROVIDER: $provider")
 fi
 if ! challenge_type=$(printf "%s" "$service_def" | shyaml get-value "options.challenge-type" 2>/dev/null); then
    warn "No ${WHITE}challenge-type${NORMAL} provided, defaulting to 'http'."
    challenge_type=http
 fi
 config+=$(echo -en "\n    CHALLENGE_TYPE: $challenge_type")
 aimport remainder_args
 if [ "$challenge_type" == "http" ] &&
       [ "${remainder_args[0]}" == "crt" ] &&
       [ "${remainder_args[1]}" == "create" ] &&
       ! [ -d "$SERVICE_DATASTORE/etc/letsencrypt/live/${remainder_args[2]}" ]; then
 if will_need_http_access ;then
    while read container_id; do
        info "Attempting to clear port 80 by stopping $container_id"
        docker stop -t 5 "$container_id"
    done < <(docker ps \
                 --filter label="compose.project=$PROJECT_NAME" \
                 --filter publish=80 \
                 --format "{{.ID}}"
                    --filter label="compose.project=$PROJECT_NAME" \
                    --filter publish=80 \
                    --format "{{.ID}}"
            )
    config+=$(echo -en "\n  ports:
    - \"0.0.0.0:80:80\"")
--- a/letsencrypt/lib/common
+++ b/letsencrypt/lib/common
@ -1,6 +1,4 @@
 # -*- mode: shell-script -*-
 yaml_opt_bash_env() {
    local prefix="$1" key value
@ -14,6 +12,7 @@ yaml_opt_bash_env() {
    done < <(shyaml key-values-0)
 }
 yaml_opt_bash_env_ignore_first_level() {
    local prefix="$1" key value
    while read-0 key value; do
@ -23,3 +22,23 @@ yaml_opt_bash_env_ignore_first_level() {
        fi
    done < <(shyaml key-values-0)
 }
 will_need_http_access() {
    local domains args_domains
    [ "$challenge_type" == "http" ] || return 1
    [ "${remainder_args[0]}" == "crt" ] || return 1
    [ "${remainder_args[1]}" == "create" ] || return 1
    [ -d "$SERVICE_DATASTORE/etc/letsencrypt/live/${remainder_args[2]}" ] || return 0
    info "Querying ${remainder_args[2]} for previous info..."
    out=$(compose run --rm letsencrypt crt info "${remainder_args[2]}" 2>&1 >/dev/null) || return 0
    domains=$(printf "%s" "$out" | shyaml get-value domains) || return 0
    domains=$(printf "%s " $domains | tr " " "\n" | sort)
    args_domains=$(printf "%s " ${remainder_args[*]:2} | tr " " "\n" | sort)
    info domains: "$domains"
    info args_domain: "$args_domains"
    [ "$domains" != "$args_domains" ]
 }