public inbox for pmg-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: pmg-devel@lists.proxmox.com
Subject: [pmg-devel] [PATCH pmg-api 4/4] certs: reload postfix to activate new certificate
Date: Thu, 18 Mar 2021 16:14:49 +0100	[thread overview]
Message-ID: <20210318151449.18638-5-s.ivanov@proxmox.com> (raw)
In-Reply-To: <20210318151449.18638-1-s.ivanov@proxmox.com>

the current logic for reloading postfix only does so if the tls config
parameter changes (after rewriting the config files).
this does not cover the case where a certificate is replaced in a
setup, which already has tls enabled (config stays the same, so
postfix does not get reloaded)

the issue is mostly cosmetic, since postfix does eventually fork off
new smtpd instances, which read the files from disk, but it's
inconvenient, when trying out the new acme integration, and then
running a ssl-check on your PMG from external just to see that the
certificate was not updated.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
best viewed with `git show -w`
 src/PMG/API2/Certificates.pm | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/src/PMG/API2/Certificates.pm b/src/PMG/API2/Certificates.pm
index 1a6c434..1a7ded6 100644
--- a/src/PMG/API2/Certificates.pm
+++ b/src/PMG/API2/Certificates.pm
@@ -69,16 +69,14 @@ my sub set_smtp : prototype($$) {
 
     my $code = sub {
 	my $cfg = PMG::Config->new();
-	if (!$cfg->get('mail', 'tls') == !$on) {
-	    return;
+	if (!$cfg->get('mail', 'tls') != !$on) {
+	    print "Rewriting postfix config\n";
+	    $cfg->set('mail', 'tls', $on);
+	    $cfg->write();
+	    my $changed = $cfg->rewrite_config_postfix();
 	}
 
-	print "Rewriting postfix config\n";
-	$cfg->set('mail', 'tls', $on);
-	$cfg->write();
-	my $changed = $cfg->rewrite_config_postfix();
-
-	if ($changed && $reload) {
+	if ($reload) {
 	    print "Reloading postfix\n";
 	    PMG::Utils::service_cmd('postfix', 'reload');
 	}
-- 
2.20.1





  parent reply	other threads:[~2021-03-18 15:15 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-18 15:14 [pmg-devel] [PATCH pmg-api 0/4] cosmetic and minor improvements to certificate integration Stoiko Ivanov
2021-03-18 15:14 ` [pmg-devel] [PATCH pmg-api 1/4] package: ship /etc/pmg/acme/accounts in deb Stoiko Ivanov
2021-03-18 15:14 ` [pmg-devel] [PATCH pmg-api 2/4] acme: recursively create account directory Stoiko Ivanov
2021-03-18 15:14 ` [pmg-devel] [PATCH pmg-api 3/4] cluster: use old and new fingerprint on master Stoiko Ivanov
2021-03-18 15:14 ` Stoiko Ivanov [this message]
2021-03-18 16:04 ` [pmg-devel] applied: [PATCH pmg-api 0/4] cosmetic and minor improvements to certificate integration Thomas Lamprecht

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210318151449.18638-5-s.ivanov@proxmox.com \
    --to=s.ivanov@proxmox.com \
    --cc=pmg-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal