MINOR: acme.sh: use the master CLI for hot update

DEPLOY_HAPROXY_MASTER_CLI allows to use the HAProxy master CLI
instead of a stats socket for DEPLOY_HAPROXY_HOT_UPDATE="yes"

The syntax of the master CLI is slightly different, a prefix with
the process number need to be added before any command.

This patch uses ${_cmdpfx} in front of every socat commands which is
filled when the master CLI is used.

diff --git a/admin/acme.sh/haproxy.sh b/admin/acme.sh/haproxy.sh
index b4c021d5838ecf2ffc25d6e1898d3b7630730fe7..ef7fe45e3e8e87e7da47202953f22436845c5c90 100644 (file)
--- a/admin/acme.sh/haproxy.sh
+++ b/admin/acme.sh/haproxy.sh
@@ -44,6 +44,11 @@
 #
 # Require the socat binary. DEPLOY_HAPROXY_STATS_SOCKET variable uses the socat
 # address format.
+#
+# export DEPLOY_HAPROXY_MASTER_CLI="UNIX:/run/haproxy-master.sock"
+#
+# OPTIONAL: To use the master CLI with DEPLOY_HAPROXY_HOT_UPDATE="yes" instead
+# of a stats socket, use this variable.
 
 ########  Public functions #####################
 
@@ -54,6 +59,7 @@ haproxy_deploy() {
   _ccert="$3"
   _cca="$4"
   _cfullchain="$5"
+  _cmdpfx=""
 
   # Some defaults
   DEPLOY_HAPROXY_PEM_PATH_DEFAULT="/etc/haproxy"
@@ -148,6 +154,16 @@ haproxy_deploy() {
     Le_Deploy_haproxy_stats_socket="${DEPLOY_HAPROXY_STATS_SOCKET_DEFAULT}"
   fi
 
+  # MASTER_CLI is optional. No defaults are used. When the master CLI is used,
+  # all commands are sent with a prefix.
+  _getdeployconf DEPLOY_HAPROXY_MASTER_CLI
+  _debug2 DEPLOY_HAPROXY_MASTER_CLI "${DEPLOY_HAPROXY_MASTER_CLI}"
+  if [ -n "${DEPLOY_HAPROXY_MASTER_CLI}" ]; then
+    Le_Deploy_haproxy_stats_socket="${DEPLOY_HAPROXY_MASTER_CLI}"
+    _savedomainconf Le_Deploy_haproxy_stats_socket "${Le_Deploy_haproxy_stats_socket}"
+    _cmdpfx="@1 " # command prefix used for master CLI only.
+  fi
+
   # Set the suffix depending if we are creating a bundle or not
   if [ "${Le_Deploy_haproxy_bundle}" = "yes" ]; then
     _info "Bundle creation requested"
@@ -297,18 +313,25 @@ haproxy_deploy() {
   fi
 
   if [ "${Le_Deploy_haproxy_hot_update}" = "yes" ]; then
-    # Update certificate over HAProxy stats socket.
+    # set the socket name for messages
+    if [ -n "${_cmdpfx}" ]; then
+      _socketname="master CLI"
+    else
+      _socketname="stats socket"
+    fi
+
+    # Update certificate over HAProxy stats socket or master CLI.
     if _exists socat; then
       # look for the certificate on the stats socket, to chose between updating or creating one
-      _socat_cert_cmd="echo 'show ssl cert' | socat '${_statssock}' - | grep -q '^${_pem}$'"
+      _socat_cert_cmd="echo '${_cmdpfx}show ssl cert' | socat '${_statssock}' - | grep -q '^${_pem}$'"
       _debug _socat_cert_cmd "${_socat_cert_cmd}"
       eval "${_socat_cert_cmd}"
       _ret=$?
       if [ "${_ret}" != "0" ]; then
         _newcert="1"
-        _info "Creating new certificate '${_pem}' over HAProxy stats socket."
+        _info "Creating new certificate '${_pem}' over HAProxy ${_socketname}."
         # certificate wasn't found, it's a new one. We should check if the crt-list exists and creates/inserts the certificate.
-        _socat_crtlist_show_cmd="echo 'show ssl crt-list' | socat '${_statssock}' - | grep -q '^${Le_Deploy_haproxy_pem_path}$'"
+        _socat_crtlist_show_cmd="echo '${_cmdpfx}show ssl crt-list' | socat '${_statssock}' - | grep -q '^${Le_Deploy_haproxy_pem_path}$'"
         _debug _socat_crtlist_show_cmd "${_socat_crtlist_show_cmd}"
         eval "${_socat_crtlist_show_cmd}"
         _ret=$?
@@ -317,7 +340,7 @@ haproxy_deploy() {
           return "${_ret}"
         fi
         # create a new certificate
-        _socat_new_cmd="echo 'new ssl cert ${_pem}' | socat '${_statssock}' - | grep -q 'New empty'"
+        _socat_new_cmd="echo '${_cmdpfx}new ssl cert ${_pem}' | socat '${_statssock}' - | grep -q 'New empty'"
         _debug _socat_new_cmd "${_socat_new_cmd}"
         eval "${_socat_new_cmd}"
         _ret=$?
@@ -326,9 +349,9 @@ haproxy_deploy() {
           return "${_ret}"
         fi
       else
-        _info "Update existing certificate '${_pem}' over HAProxy stats socket."
+        _info "Update existing certificate '${_pem}' over HAProxy ${_socketname}."
       fi
-      _socat_cert_set_cmd="echo -e 'set ssl cert ${_pem} <<\n$(cat "${_pem}")\n' | socat '${_statssock}' - | grep -q 'Transaction created'"
+      _socat_cert_set_cmd="echo -e '${_cmdpfx}set ssl cert ${_pem} <<\n$(cat "${_pem}")\n' | socat '${_statssock}' - | grep -q 'Transaction created'"
       _debug _socat_cert_set_cmd "${_socat_cert_set_cmd}"
       eval "${_socat_cert_set_cmd}"
       _ret=$?
@@ -336,7 +359,7 @@ haproxy_deploy() {
         _err "Can't update '${_pem}' in haproxy"
         return "${_ret}"
       fi
-      _socat_cert_commit_cmd="echo 'commit ssl cert ${_pem}' | socat '${_statssock}' - | grep -q '^Success!$'"
+      _socat_cert_commit_cmd="echo '${_cmdpfx}commit ssl cert ${_pem}' | socat '${_statssock}' - | grep -q '^Success!$'"
       _debug _socat_cert_commit_cmd "${_socat_cert_commit_cmd}"
       eval "${_socat_cert_commit_cmd}"
       _ret=$?
@@ -346,7 +369,7 @@ haproxy_deploy() {
       fi
       if [ "${_newcert}" = "1" ]; then
        # if this is a new certificate, it needs to be inserted into the crt-list`
-        _socat_cert_add_cmd="echo 'add ssl crt-list ${Le_Deploy_haproxy_pem_path} ${_pem}' | socat '${_statssock}' - | grep -q 'Success!'"
+        _socat_cert_add_cmd="echo '${_cmdpfx}add ssl crt-list ${Le_Deploy_haproxy_pem_path} ${_pem}' | socat '${_statssock}' - | grep -q 'Success!'"
         _debug _socat_cert_add_cmd "${_socat_cert_add_cmd}"
         eval "${_socat_cert_add_cmd}"
         _ret=$?
@@ -356,7 +379,7 @@ haproxy_deploy() {
         fi
       fi
     else
-      _err "'socat' is not available, couldn't update over stats socket"
+      _err "'socat' is not available, couldn't update over ${_socketname}"
     fi
   else
     # Reload HAProxy