[pve-devel] [manager 3/6] refactor validating_url

Fabian Grünbichler f.gruenbichler at proxmox.com
Fri Oct 18 11:24:57 CEST 2019 

On October 14, 2019 1:08 pm, Wolfgang Link wrote:
> The validating have to be done in the Plugin to be generic.

NAK - this was already designed with plugins in mind?

1.) call plugin->setup()
2.) request validation by ACME server
3.) check validation status
4.) repeat 3 until OK or error
5.) call plugin->teardown()

1/5 are plugin specific
2-4 are the same for all validation methods.

possibly we need to look at what setup() returns (post-setup delay? 
inter-check delay? better name for value that is used for requesting the 
validation?), or what teardown get's passed (probably the full return 
value of ->setup(), so that the plugin can determine what it needs for 
teardown) if we now integrate actual other plugins.

but moving the whole setup->validation->teardown sequence into each 
plugin is the wrong direction to go for sure..

> ---
>  PVE/API2/ACME.pm | 27 +--------------------------
>  1 file changed, 1 insertion(+), 26 deletions(-)
> 
> diff --git a/PVE/API2/ACME.pm b/PVE/API2/ACME.pm
> index 2c05db9b..db94586d 100644
> --- a/PVE/API2/ACME.pm
> +++ b/PVE/API2/ACME.pm
> @@ -59,32 +59,7 @@ my $order_certificate = sub {
>  	    print "... already validated!\n";
>  	} else {
>  	    print "... pending!\n";
> -	    print "Setting up webserver\n";
> -	    my $validation = eval { PVE::ACME::StandAlone->setup($acme, $auth) };
> -	    die "failed setting up webserver - $@\n" if $@;
> -
> -	    print "Triggering validation\n";
> -	    eval {
> -		$acme->request_challenge_validation($validation->{url}, $validation->{key_auth});
> -		print "Sleeping for 5 seconds\n";
> -		sleep 5;
> -		while (1) {
> -		    $auth = $acme->get_authorization($auth_url);
> -		    if ($auth->{status} eq 'pending') {
> -			print "Status is still 'pending', trying again in 30 seconds\n";
> -			sleep 30;
> -			next;
> -		    } elsif ($auth->{status} eq 'valid') {
> -			print "Status is 'valid'!\n";
> -			last;
> -		    }
> -		    die "validating challenge '$auth_url' failed\n";
> -		}
> -	    };
> -	    my $err = $@;
> -	    eval { $validation->teardown() };
> -	    warn "$@\n" if $@;
> -	    die $err if $err;
> +	    PVE::ACME::validating_url($acme, $auth, $auth_url, $node_config);
>  	}
>      }
>      print "\nAll domains validated!\n";
> -- 
> 2.20.1
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
>

More information about the pve-devel mailing list