-#!/usr/bin/perl -w
+#!/usr/bin/perl
use strict;
+use warnings;
+
use IO::File;
use File::Find;
use File::stat;
+use PVE::CertHelpers;
+use PVE::Certificate;
+use PVE::NodeConfig;
use PVE::INotify;
use PVE::Cluster;
use PVE::APLInfo;
use PVE::RPCEnvironment;
use PVE::API2::Subscription;
use PVE::API2::APT;
+use PVE::API2::ACME;
-initlog ('pvedailycron', 'daemon');
+initlog ('pveupdate', 'daemon');
die "please run as root\n" if $> != 0;
syslog ('err', "update appliance info failed - see /var/log/pveam.log for details");
}
-if (my $info = PVE::INotify::read_file('subscription')) {
- # We assume that users with subscriptions want informations
- # about new packages.
- if ($info->{status} eq 'Active') {
- eval { PVE::API2::APT->update_database({ node => $nodename, notify => 1, quiet => 1 }); };
- if (my $err = $@) {
- syslog ('err', "update apt database failed: $err");
+my $info = PVE::INotify::read_file('subscription');
+# We assume that users with subscriptions want informations
+# about new packages.
+my $notify = ($info && $info->{status} eq 'Active') ? 1 : 0;
+eval { PVE::API2::APT->update_database({ node => $nodename, notify => $notify, quiet => 1 }); };
+if (my $err = $@) {
+ syslog ('err', "update apt database failed: $err");
+}
+
+eval {
+ my $node_config = PVE::NodeConfig::load_config($nodename);
+ if ($node_config && $node_config->{acme}) {
+ my $cert = PVE::CertHelpers::cert_path_prefix($nodename).".pem";
+ if (-e $cert) {
+ if (PVE::Certificate::check_expiry($cert, time() + 30*24*60*60)) {
+ PVE::API2::ACME->renew_certificate({ node => $nodename });
+ } else {
+ syslog ('info', 'Custom certificate does not expire soon, skipping ACME renewal.');
+ }
+ } else {
+ syslog ('info', 'ACME config found for node, but no custom certificate exists. Skipping ACME renewal until initial certificate has been deployed.');
}
}
-}
+};
+syslog ('err', "Renewing ACME certificate failed: $@") if $@;
sub cleanup_tasks {