certdeploy.server package

Subpackages

• certdeploy.server.config package
  • Submodules
  • certdeploy.server.config.client module
    • ClientConnection
      • ClientConnection.address
      • ClientConnection.domains
      • ClientConnection.hash
      • ClientConnection.needs_chain
      • ClientConnection.needs_fullchain
      • ClientConnection.needs_privkey
      • ClientConnection.path
      • ClientConnection.port
      • ClientConnection.pubkey
      • ClientConnection.pubkey_blob
      • ClientConnection.push_retries
      • ClientConnection.push_retry_interval
      • ClientConnection.username
  • certdeploy.server.config.server module
    • PushMode
      • PushMode.PARALLEL
      • PushMode.SERIAL
      • PushMode.choices()
    • Server
      • Server.client_config_directory
      • Server.client_configs
      • Server.fail_fast
      • Server.join_timeout
      • Server.log_filename
      • Server.log_level
      • Server.privkey_filename
      • Server.push_interval
      • Server.push_mode
      • Server.push_retries
      • Server.push_retry_interval
      • Server.queue_dir
      • Server.renew_args
      • Server.renew_at
      • Server.renew_every
      • Server.renew_exec
      • Server.renew_timeout
      • Server.renew_unit
      • Server.sftp_auth_timeout
      • Server.sftp_banner_timeout
      • Server.sftp_log_filename
      • Server.sftp_log_level
      • Server.sftp_tcp_timeout
  • Module contents
    • ServerConfig
      • ServerConfig.load()

Submodules

certdeploy.server.renew module

Functions for renewing certs with certbot.

certdeploy.server.renew.renew_certs(config: ServerConfig)

Run the command to renew certificates.

Parameters:

config – The CertDeploy server config.

Raises:

CertDeployError – If the renewal command returns non-zero and config.fail_fast is True

certdeploy.server.server module

CertDeploy Server daemon and SFTP parts.

class certdeploy.server.server.PushWorker(server: Server, client: ClientConnection, config: ServerConfig)

Bases: Thread

A worker thread to push lineages to a single client.

property client_hash: str

The hash of the associated client.

property has_error: bool

Return True if there has been an exception in the thread.

join(timeout: float | None = None)

Join the worker thread and raise an exception.

Parameters:

timeout – The number of seconds to wait for the thread to end before raising a TimeoutError. Defaults to None.

Raises:

An exception if one was encountered and fail_fast is enabled. –

run()

Run the main loop.

Note

This is called automatically by self.start.

class certdeploy.server.server.Queue(server: ServerConfig, mode: str = 'r')

Bases: object

A queue of push jobs.

append(client_hash: str, lineage: str)

Append a job (lineage) to the queue for a given client.

Parameters:

• client_hash – The value of ClientConnection.hash for the client that needs the update.

• lineage – The lineage path that needs syncing to the client.

property clients: list[str]

The client hashes in the queue.

count(client_hash: str) → int

Return the number of lineages left to push for the given client.

get(client_hash: str, default: Any = None) → list[str]

Get a list of lineages that need to be pushed to a client.

Parameters:

• client_hash – The value of ClientConnection.hash for the client being requested.

• default – This will be returned when no client matching client_hash is found. Defaults to None.

Returns:

A list of lineages that need to be pushed for the given client.

load()

Load the queue from the path configured with queue_dir.

This won’t load a file that is open for writing.

lock: Semaphore = <threading.Semaphore at 0x75d11c219710: value=1>

A lock for writing to the queue file.

next(client_hash: str) → str

Return the next lineage to push for the given client.

class certdeploy.server.server.Server(config: ServerConfig)

Bases: object

Accept new sync requests and push new certs to clients.

serve_forever(one_shot: bool = False)

Push queued lineages to clients.

Parameters:

one_shot – Push lineages in the queue and exit when the queue has been fully processed. Defaults to False.

sync(lineage: PathLike, domains: list[str])

Synchronize clients that need updates based on domains.

Parameters:

• lineage – The full path of a lineage.

• domains – A list of domain names to use to find clients to push to.

Module contents