Deduplicate service restarts after certificate deployment
This commit is contained in:
@@ -1016,31 +1016,16 @@ _ProvideCertDomainService() {
|
|||||||
|
|
||||||
_log "Certificates and keys provided for service '$DisplayName'." 2
|
_log "Certificates and keys provided for service '$DisplayName'." 2
|
||||||
|
|
||||||
# Restart or reload the service if configured
|
# Queue "Restart/reload the service" if configured
|
||||||
if [ "$RestartFlag" -eq 1 ] && [ -n "$Service" ]; then
|
if [ "$RestartFlag" -eq 1 ] && [ -n "$Service" ]; then
|
||||||
[ "$RestartMode" = "restart" ] || [ "$RestartMode" = "reload" ] || RestartMode="restart"
|
[ "$RestartMode" = "restart" ] || [ "$RestartMode" = "reload" ] || RestartMode="restart"
|
||||||
|
action_entry="${RestartMode}:${ServiceOwner}:${Service}:${DisplayName}"
|
||||||
if [ -n "$ServiceOwner" ] && [ "$ServiceOwner" != "root" ]; then
|
PendingServiceActions="${PendingServiceActions}${action_entry}\n"
|
||||||
_log "Reloading service '$Service' as non-root user '$ServiceOwner'..." 1
|
_log "Queued service action: mode=$RestartMode, service=$Service, owner=$ServiceOwner, name=$DisplayName" 1
|
||||||
if sudo -u "$ServiceOwner" XDG_RUNTIME_DIR="/run/user/$(id -u "$ServiceOwner")" \
|
|
||||||
systemctl --user "$RestartMode" "$Service.service"; then
|
|
||||||
_log "Service '$DisplayName' successfully $RestartMode-ed as '$ServiceOwner'." 2
|
|
||||||
else
|
|
||||||
_log "Error while $RestartMode-ing service '$DisplayName'." 4
|
|
||||||
MyIsError=1
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
_log "Reloading service '$Service' as root..." 1
|
|
||||||
if systemctl "$RestartMode" "$Service.service"; then
|
|
||||||
_log "Service '$DisplayName' successfully $RestartMode-ed as root." 2
|
|
||||||
else
|
|
||||||
_log "Error while $RestartMode-ing service '$DisplayName'." 4
|
|
||||||
MyIsError=1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
else
|
else
|
||||||
_log "No restart required for service '$DisplayName'." 2
|
_log "No restart required for service '$DisplayName'." 2
|
||||||
fi
|
fi
|
||||||
|
|
||||||
done <<EOF
|
done <<EOF
|
||||||
$DomainServiceRaw
|
$DomainServiceRaw
|
||||||
EOF
|
EOF
|
||||||
@@ -1307,6 +1292,58 @@ _reload_webserver() {
|
|||||||
} #=> _reload_webserver()
|
} #=> _reload_webserver()
|
||||||
|
|
||||||
|
|
||||||
|
# SDuesterhaupt: 2026-05-15 - Reload or restart queued services after certificate deployment
|
||||||
|
#
|
||||||
|
# Executes the queued PendingServiceActions collected during certificate
|
||||||
|
# provisioning, deduplicates identical actions and runs each service action
|
||||||
|
# only once per update run.
|
||||||
|
#
|
||||||
|
# Returns 0 on success or 1 if at least one service action failed.
|
||||||
|
_reload_services() {
|
||||||
|
_log "Enter the function '_reload_services()'..." 1
|
||||||
|
|
||||||
|
[ -n "$PendingServiceActions" ] || {
|
||||||
|
_log "No queued service actions to process." 1
|
||||||
|
_log "Leave the function '_reload_services()'..." 1
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
MyIsError=0
|
||||||
|
|
||||||
|
_log "Processing queued service actions..." 1
|
||||||
|
|
||||||
|
PendingServiceActionsUnique=$(printf '%b' "$PendingServiceActions" | awk '!seen[$0]++')
|
||||||
|
|
||||||
|
while IFS=':' read -r RestartMode ServiceOwner Service DisplayName || [ -n "$Service" ]; do
|
||||||
|
[ -n "$Service" ] || continue
|
||||||
|
|
||||||
|
if [ -n "$ServiceOwner" ] && [ "$ServiceOwner" != "root" ]; then
|
||||||
|
_log "Reloading service '$Service' as non-root user '$ServiceOwner'..." 1
|
||||||
|
if sudo -u "$ServiceOwner" XDG_RUNTIME_DIR="/run/user/$(id -u "$ServiceOwner")" \
|
||||||
|
systemctl --user "$RestartMode" "$Service.service"; then
|
||||||
|
_log "Service '$DisplayName' successfully $RestartMode-ed as '$ServiceOwner'." 2
|
||||||
|
else
|
||||||
|
_log "Error while $RestartMode-ing service '$DisplayName'." 4
|
||||||
|
MyIsError=1
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
_log "Reloading service '$Service' as root..." 1
|
||||||
|
if systemctl "$RestartMode" "$Service.service"; then
|
||||||
|
_log "Service '$DisplayName' successfully $RestartMode-ed as root." 2
|
||||||
|
else
|
||||||
|
_log "Error while $RestartMode-ing service '$DisplayName'." 4
|
||||||
|
MyIsError=1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done <<EOF
|
||||||
|
$PendingServiceActionsUnique
|
||||||
|
EOF
|
||||||
|
|
||||||
|
_log "Leave the function '_reload_services()'..." 1
|
||||||
|
return $MyIsError
|
||||||
|
} #=> _reload_services()
|
||||||
|
|
||||||
|
|
||||||
# SDuesterhaupt: 2025-09-14 - Add a new certificate for a domain or SAN list
|
# SDuesterhaupt: 2025-09-14 - Add a new certificate for a domain or SAN list
|
||||||
#
|
#
|
||||||
# Normalizes DYNTLS_DOMAINS input,
|
# Normalizes DYNTLS_DOMAINS input,
|
||||||
@@ -1434,6 +1471,8 @@ _remove_cert() {
|
|||||||
_update_cert() {
|
_update_cert() {
|
||||||
_log "Enter the function '_update_cert()'..." 1
|
_log "Enter the function '_update_cert()'..." 1
|
||||||
|
|
||||||
|
PendingServiceActions=""
|
||||||
|
|
||||||
###########################
|
###########################
|
||||||
# 1. Calculate expiration window
|
# 1. Calculate expiration window
|
||||||
###########################
|
###########################
|
||||||
@@ -1526,7 +1565,14 @@ _update_cert() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
###########################
|
###########################
|
||||||
# 4. Mail notification if enabled
|
# 4. Reload service(s) if needed
|
||||||
|
###########################
|
||||||
|
if [ -n "$PendingServiceActions" ]; then
|
||||||
|
_reload_services || MyIsError=1
|
||||||
|
fi
|
||||||
|
|
||||||
|
###########################
|
||||||
|
# 5. Mail notification if enabled
|
||||||
###########################
|
###########################
|
||||||
if $DYNTLS_SEND_MAIL; then
|
if $DYNTLS_SEND_MAIL; then
|
||||||
Subject="Certificate check on $HOSTNAME"
|
Subject="Certificate check on $HOSTNAME"
|
||||||
|
|||||||
Reference in New Issue
Block a user