]>
git.proxmox.com Git - pve-manager.git/blob - bin/pveupdate
15 use PVE
::Cluster
::Setup
;
16 use PVE
::DataCenterConfig
;
19 use PVE
::RPCEnvironment
;
21 use PVE
::API2
::Subscription
;
25 initlog
('pveupdate', 'daemon');
27 die "please run as root\n" if $> != 0;
29 $ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
31 PVE
::INotify
::inotify_init
();
33 my $rpcenv = PVE
::RPCEnvironment-
>init('cli');
35 $rpcenv->init_request();
36 $rpcenv->set_language($ENV{LANG
});
37 $rpcenv->set_user('root@pam');
39 my $nodename = PVE
::INotify
::nodename
();
41 eval { PVE
::API2
::Subscription-
>update({ node
=> $nodename }); };
43 syslog
('err', "update subscription info failed: $err");
46 my $dccfg = PVE
::Cluster
::cfs_read_file
('datacenter.cfg');
47 eval { PVE
::APLInfo
::update
($dccfg->{http_proxy
}); };
49 syslog
('err', "update appliance info failed - see /var/log/pveam.log for details");
52 my $info = PVE
::INotify
::read_file
('subscription');
53 # We assume that users with subscriptions want informations
55 my $notify = ($info && $info->{status
} eq 'Active') ?
1 : 0;
56 eval { PVE
::API2
::APT-
>update_database({ node
=> $nodename, notify
=> $notify, quiet
=> 1 }); };
58 syslog
('err', "update apt database failed: $err");
62 my $node_config = PVE
::NodeConfig
::load_config
($nodename);
63 my $acme_node_config = PVE
::NodeConfig
::get_acme_conf
($node_config);
64 if ($acme_node_config && $acme_node_config->{domains
}) {
65 my $cert = PVE
::CertHelpers
::cert_path_prefix
($nodename).".pem";
67 if (PVE
::Certificate
::check_expiry
($cert, time() + 30*24*60*60)) {
68 PVE
::API2
::ACME-
>renew_certificate({ node
=> $nodename });
70 syslog
('info', 'Custom certificate does not expire soon, skipping ACME renewal.');
73 syslog
('info', 'ACME config found for node, but no custom certificate exists. Skipping ACME renewal until initial certificate has been deployed.');
77 syslog
('err', "Renewing ACME certificate failed: $@") if $@;
80 my $certpath = PVE
::CertHelpers
::default_cert_path_prefix
($nodename).".pem";
81 my $capath = "/etc/pve/pve-root-ca.pem";
87 my $cainfo = PVE
::Certificate
::get_certificate_info
($capath);
89 # get cert and check issuer and chain metadata
90 my $certinfo = PVE
::Certificate
::get_certificate_info
($certpath);
91 if ($certinfo->{issuer
} ne $cainfo->{subject
}) {
92 die "SSL certificate ($certpath) is not issued by root CA ($capath)!\n";
95 # check if cert is really signed by the ca
96 # TODO: replace by low level ssleay interface if version 1.86 is available
97 PVE
::Tools
::run_command
(['/usr/bin/openssl', 'verify', '-CAfile', $capath, $certpath]);
99 print "PVE certificate $msg\n";
100 # create new certificate
101 my $ip = PVE
::Cluster
::remote_node_ip
($nodename);
102 PVE
::Cluster
::Setup
::gen_pve_ssl_cert
(1, $nodename, $ip);
104 print "Restarting pveproxy after renewing certificate\n";
105 PVE
::Tools
::run_command
(['systemctl', 'reload-or-restart', 'pveproxy']);
108 if (PVE
::Certificate
::check_expiry
($certpath, time() + 14*24*60*60)) {
109 # expires in next 2 weeks
110 $renew->("expires soon, renewing...");
111 } elsif (!PVE
::Certificate
::check_expiry
($certpath, time() + 2*365*24*60*60)) {
112 # expires in more than 2 years
113 $renew->("expires in more than 2 years, renewing to reduce certificate life-span for client compatibility...");
116 syslog
('err', "Checking/Renewing SSL certificate failed: $@") if $@;
120 my $taskdir = "/var/log/pve/tasks";
121 my $filename = "$taskdir/index.1";
123 my $fh = IO
::File-
>new($filename, O_RDONLY
);
127 while (defined(my $line = <$fh>)) {
128 if ($line =~ m/^(\S+)(\s([0-9A-Za-z]{8})(\s(\S.*))?)?$/) {
137 # print "delete task older that $endtime\n" . localtime($endtime) . "\n";
144 return if $filename !~ m/^UPID:/;
147 if (($st = stat($filename)) && ($st->mtime < $endtime)) {
153 foreach my $subdir (qw(0 1 2 3 4 5 6 7 8 9 A B C D E F)) {
154 my $path = "$taskdir/$subdir";
155 find
($wanted, $path);
159 syslog
('info', "cleanup removed $count task logs");