]>
git.proxmox.com Git - pve-manager.git/blob - bin/pveupdate
13 use PVE
::Cluster
::Setup
;
15 use PVE
::DataCenterConfig
;
18 use PVE
::RPCEnvironment
;
24 use PVE
::API2
::Subscription
;
26 initlog
('pveupdate', 'daemon');
28 die "please run as root\n" if $> != 0;
30 $ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
32 PVE
::INotify
::inotify_init
();
34 my $rpcenv = PVE
::RPCEnvironment-
>init('cli');
36 $rpcenv->init_request();
37 $rpcenv->set_language($ENV{LANG
});
38 $rpcenv->set_user('root@pam');
40 my $nodename = PVE
::INotify
::nodename
();
42 eval { PVE
::API2
::Subscription-
>update({ node
=> $nodename }); };
44 syslog
('err', "update subscription info failed: $err");
47 my $dccfg = PVE
::Cluster
::cfs_read_file
('datacenter.cfg');
48 eval { PVE
::APLInfo
::update
($dccfg->{http_proxy
}); };
50 syslog
('err', "update appliance info failed - see /var/log/pveam.log for details");
53 my $info = eval { PVE
::API2
::Subscription
::read_etc_subscription
() };
55 my $notify_on = $dccfg->{notify
}->{'package-updates'} // 'auto';
57 if ($notify_on eq 'auto') {
58 # hosts with subscriptions are likely production system and thus want infos about new packages
59 $notify = ($info && $info->{status
} eq 'active') ?
1 : 0;
60 } elsif ($notify_on eq 'always') {
62 } elsif ($notify_on eq 'never') {
65 warn "unexpected package-updates notify configuration value '$notify_on'\n";
67 eval { PVE
::API2
::APT-
>update_database({ node
=> $nodename, notify
=> $notify, quiet
=> 1 }); };
69 syslog
('err', "update apt database failed: $err");
73 my $node_config = PVE
::NodeConfig
::load_config
($nodename);
74 my $acme_node_config = PVE
::NodeConfig
::get_acme_conf
($node_config);
75 if ($acme_node_config && $acme_node_config->{domains
}) {
76 my $cert = PVE
::CertHelpers
::cert_path_prefix
($nodename).".pem";
78 if (PVE
::Certificate
::check_expiry
($cert, time() + 30*24*60*60)) {
79 PVE
::API2
::ACME-
>renew_certificate({ node
=> $nodename });
81 syslog
('info', 'Custom certificate does not expire soon, skipping ACME renewal.');
84 syslog
('info', 'ACME config found for node, but no custom certificate exists. Skipping ACME renewal until initial certificate has been deployed.');
88 syslog
('err', "Renewing ACME certificate failed: $@") if $@;
91 my $certpath = PVE
::CertHelpers
::default_cert_path_prefix
($nodename).".pem";
92 my $capath = "/etc/pve/pve-root-ca.pem";
98 my $cainfo = PVE
::Certificate
::get_certificate_info
($capath);
100 # get cert and check issuer and chain metadata
101 my $certinfo = PVE
::Certificate
::get_certificate_info
($certpath);
102 if ($certinfo->{issuer
} ne $cainfo->{subject
}) {
103 die "SSL certificate ($certpath) is not issued by root CA ($capath)!\n";
106 # check if cert is really signed by the ca
107 # TODO: replace by low level ssleay interface if version 1.86 is available
108 PVE
::Tools
::run_command
(['/usr/bin/openssl', 'verify', '-CAfile', $capath, $certpath]);
110 print "PVE certificate $msg\n";
111 # create new certificate
112 my $ip = PVE
::Cluster
::remote_node_ip
($nodename);
113 PVE
::Cluster
::Setup
::gen_pve_ssl_cert
(1, $nodename, $ip);
115 print "Restarting pveproxy after renewing certificate\n";
116 PVE
::Tools
::run_command
(['systemctl', 'reload-or-restart', 'pveproxy']);
119 if (PVE
::Certificate
::check_expiry
($certpath, time() + 14*24*60*60)) {
120 # expires in next 2 weeks
121 $renew->("expires soon, renewing...");
122 } elsif (!PVE
::Certificate
::check_expiry
($certpath, time() + 2*365*24*60*60)) {
123 # expires in more than 2 years
124 $renew->("expires in more than 2 years, renewing to reduce certificate life-span for client compatibility...");
127 syslog
('err', "Checking/Renewing SSL certificate failed: $@") if $@;
131 my $taskdir = "/var/log/pve/tasks";
132 my $filename = "$taskdir/index.1";
134 my $fh = IO
::File-
>new($filename, O_RDONLY
);
138 while (defined(my $line = <$fh>)) {
139 if ($line =~ m/^(\S+)(\s([0-9A-Za-z]{8})(\s(\S.*))?)?$/) {
148 # print "delete task older that $endtime\n" . localtime($endtime) . "\n";
155 return if $filename !~ m/^UPID:/;
158 if (($st = stat($filename)) && ($st->mtime < $endtime)) {
164 foreach my $subdir (qw(0 1 2 3 4 5 6 7 8 9 A B C D E F)) {
165 my $path = "$taskdir/$subdir";
166 find
($wanted, $path);
170 syslog
('info', "cleanup removed $count task logs");