use PVE::Tools qw(file_get_contents file_set_contents lock_file);
use PVE::ACME;
-# register up to 20 domain names
-my $MAXDOMAINS = 20;
+use PVE::API2::ACMEPlugin;
+
+# register up to 5 domain names per node for now
+my $MAXDOMAINS = 5;
my $node_config_lock = '/var/lock/pvenode.lock';
return $domain if $domain =~ /^$label(?:\.$label)+$/;
return undef if $noerr;
- die "value does not look like a valid domain name";
+ die "value '$domain' does not look like a valid domain name!\n";
+});
+
+PVE::JSONSchema::register_format('pve-acme-alias', sub {
+ my ($alias, $noerr) = @_;
+
+ my $label = qr/[a-z0-9_][a-z0-9_-]*/i;
+
+ return $alias if $alias =~ /^$label(?:\.$label)+$/;
+ return undef if $noerr;
+ die "value '$alias' does not look like a valid alias name!\n";
});
sub config_file {
my $raw = eval { PVE::Tools::file_get_contents($filename); };
return {} if !$raw;
- return parse_node_config($raw);
+ return parse_node_config($raw, $filename);
}
sub write_config {
}
sub lock_config {
- my ($node, $code, @param) = @_;
+ my ($node, $realcode, @param) = @_;
+
+ # make sure configuration file is up-to-date
+ my $code = sub {
+ PVE::Cluster::cfs_update();
+ $realcode->(@_);
+ };
my $res = lock_file($node_config_lock, 10, $code, @param);
my $confdesc = {
description => {
type => 'string',
- description => 'Node description/comment.',
+ description => "Description for the Node. Shown in the web-interface node notes panel."
+ ." This is saved as comment inside the configuration file.",
+ maxLength => 64 * 1024,
optional => 1,
},
wakeonlan => {
format => 'pve-acme-domain',
format_description => 'domain',
description => 'domain for this node\'s ACME certificate',
+ default_key => 1,
},
plugin => {
type => 'string',
format => 'pve-configid',
- description => 'The plugin ID, default is standalone http',
+ description => 'The ACME plugin ID',
format_description => 'name of the plugin configuration',
+ optional => 1,
+ default => 'standalone',
},
alias => {
type => 'string',
- format => 'pve-acme-domain',
+ format => 'pve-acme-alias',
format_description => 'domain',
description => 'Alias for the Domain to verify ACME Challenge over DNS',
optional => 1,
};
};
-sub check_type {
- my ($key, $value) = @_;
-
- die "unknown setting '$key'\n" if !$confdesc->{$key};
-
- my $type = $confdesc->{$key}->{type};
-
- if (!defined($value)) {
- die "got undefined value\n";
- }
-
- if ($value =~ m/[\n\r]/) {
- die "property contains a line feed\n";
- }
-
- if ($type eq 'boolean') {
- return 1 if ($value eq '1') || ($value =~ m/^(on|yes|true)$/i);
- return 0 if ($value eq '0') || ($value =~ m/^(off|no|false)$/i);
- die "type check ('boolean') failed - got '$value'\n";
- } elsif ($type eq 'integer') {
- return int($1) if $value =~ m/^(\d+)$/;
- die "type check ('integer') failed - got '$value'\n";
- } elsif ($type eq 'number') {
- return $value if $value =~ m/^(\d+)(\.\d+)?$/;
- die "type check ('number') failed - got '$value'\n";
- } elsif ($type eq 'string') {
- if (my $fmt = $confdesc->{$key}->{format}) {
- PVE::JSONSchema::check_format($fmt, $value);
- return $value;
- } elsif (my $pattern = $confdesc->{$key}->{pattern}) {
- if ($value !~ m/^$pattern$/) {
- die "value does not match the regex pattern\n";
- }
- }
- return $value;
- } else {
- die "internal error"
- }
-}
+my $conf_schema = {
+ type => 'object',
+ properties => $confdesc,
+};
-sub parse_node_config {
- my ($content) = @_;
+sub parse_node_config : prototype($$) {
+ my ($content, $filename) = @_;
return undef if !defined($content);
+ my $digest = Digest::SHA::sha1_hex($content);
- my $conf = {
- digest => Digest::SHA::sha1_hex($content),
- };
- my $descr = '';
-
- my @lines = split(/\n/, $content);
- foreach my $line (@lines) {
- if ($line =~ /^\#(.*)\s*$/ || $line =~ /^description:\s*(.*\S)\s*$/) {
- $descr .= PVE::Tools::decode_text($1) . "\n";
- next;
- }
- if ($line =~ /^([a-z][a-z-_]*\d*):\s*(\S.*)\s*$/) {
- my $key = $1;
- my $value = $2;
- eval { $value = check_type($key, $value); };
- warn "cannot parse value of '$key' in node config: $@" if $@;
- $conf->{$key} = $value;
- } else {
- warn "cannot parse line '$line' in node config\n";
- }
- }
-
- $conf->{description} = $descr if $descr;
+ my $conf = PVE::JSONSchema::parse_config($conf_schema, $filename, $content, 'description');
+ $conf->{digest} = $digest;
return $conf;
}
return $raw;
}
+# we always convert domain values to lower case, since DNS entries are not case
+# sensitive and ACME implementations might convert the ordered identifiers
+# to lower case
sub get_acme_conf {
- my ($data, $noerr) = @_;
+ my ($node_conf, $noerr) = @_;
- $data //= '';
+ $node_conf //= {};
my $res = {};
-
- if (defined($data->{acme})) {
+ if (defined($node_conf->{acme})) {
$res = eval {
- PVE::JSONSchema::parse_property_string($acmedesc, $data->{acme});
+ PVE::JSONSchema::parse_property_string($acmedesc, $node_conf->{acme})
};
- if ($@) {
+ if (my $err = $@) {
return undef if $noerr;
- die $@;
+ die $err;
}
my $standalone_domains = delete($res->{domains}) // '';
- foreach my $domain (split(";", $standalone_domains)) {
+ $res->{domains} = {};
+ for my $domain (split(";", $standalone_domains)) {
+ $domain = lc($domain);
+ die "duplicate domain '$domain' in ACME config properties\n"
+ if defined($res->{domains}->{$domain});
+
$res->{domains}->{$domain}->{plugin} = 'standalone';
+ $res->{domains}->{$domain}->{_configkey} = 'acme';
}
}
$res->{account} //= 'default';
for my $index (0..$MAXDOMAINS) {
- my $domain_rec = $data->{"acmedomain$index"};
+ my $domain_rec = $node_conf->{"acmedomain$index"};
next if !defined($domain_rec);
my $parsed = eval {
- PVE::JSONSchema::parse_property_string(
- $acme_domain_desc,
- $domain_rec);
+ PVE::JSONSchema::parse_property_string($acme_domain_desc, $domain_rec)
};
- if ($@) {
+ if (my $err = $@) {
return undef if $noerr;
- die $@;
+ die $err;
}
- my $domain = delete $parsed->{domain};
- if ($res->{domains}->{$domain}) {
+ my $domain = lc(delete $parsed->{domain});
+ if (my $exists = $res->{domains}->{$domain}) {
return undef if $noerr;
- die "duplicate ACME config for domain '$domain'\n";
+ die "duplicate domain '$domain' in ACME config properties"
+ ." 'acmedomain$index' and '$exists->{_configkey}'\n";
}
+ $parsed->{plugin} //= 'standalone';
+
+ my $plugin_id = $parsed->{plugin};
+ if ($plugin_id ne 'standalone') {
+ my $plugins = PVE::API2::ACMEPlugin::load_config();
+ die "plugin '$plugin_id' for domain '$domain' not found!\n"
+ if !$plugins->{ids}->{$plugin_id};
+ }
+
+ $parsed->{_configkey} = "acmedomain$index";
$res->{domains}->{$domain} = $parsed;
}
return $res;
}
-sub get_nodeconfig_schema {
+# expects that basic format verification was already done, this is more higher
+# level verification
+sub verify_conf {
+ my ($node_conf) = @_;
+
+ # verify ACME domain uniqueness
+ my $tmp = get_acme_conf($node_conf);
+ # TODO: what else?
+
+ return 1; # OK
+}
+
+sub get_nodeconfig_schema {
return $confdesc;
}
projects / pve-manager.git / blobdiff