Remove spammy ssl renewal process and replace with the system checker and run it every 6 hours

jc21 · jc21 · commit f60ffd85da2a · 2018-03-15T15:29:36.000+10:00
diff --git a/manager/src/backend/internal/host.js b/manager/src/backend/internal/host.js
@@ -152,11 +152,6 @@ const internalHost = {
                         // SSL was turned off or hostname for ssl has changed so we should remove certs for the original
                         return internalSsl.deleteCerts(data.original)
                             .then(() => {
-                                db.hosts.update({_id: data.updated._id}, {ssl_expires: 0}, {
-                                    multi:  false,
-                                    upsert: false
-                                });
-                                data.updated.ssl_expires = 0;
                                 return data;
                             });
                     }
diff --git a/manager/src/backend/internal/ssl.js b/manager/src/backend/internal/ssl.js
@@ -1,21 +1,18 @@
 'use strict';
 
-const _             = require('lodash');
 const fs            = require('fs');
 const ejs           = require('ejs');
 const timestamp     = require('unix-timestamp');
-const batchflow     = require('batchflow');
 const internalNginx = require('./nginx');
 const logger        = require('../logger');
-const db            = require('../db');
 const utils         = require('../lib/utils');
 const error         = require('../lib/error');
 
 timestamp.round = true;
 
 const internalSsl = {
 
-    interval_timeout:    60 * 1000,
+    interval_timeout:    1000 * 60 * 60 * 6, // 6 hours
     interval:            null,
     interval_processing: false,
 
@@ -28,42 +25,17 @@ const internalSsl = {
      */
     processExpiringHosts: () => {
         if (!internalSsl.interval_processing) {
-            let hosts = db.hosts.find();
-
-            if (hosts && hosts.length) {
-                internalSsl.interval_processing = true;
-
-                batchflow(hosts).sequential()
-                    .each((i, host, next) => {
-                        if ((typeof host.is_deleted === 'undefined' || !host.is_deleted) && host.ssl && typeof host.ssl_expires !== 'undefined' && !internalSsl.hasValidSslCerts(host)) {
-                            // This host is due to expire in 1 day, time to renew
-                            logger.info('Host ' + host.hostname + ' is due for SSL renewal');
-
-                            internalSsl.renewSsl(host)
-                                .then(() => {
-                                    // Certificate was requested ok, update the timestamp on the host
-                                    db.hosts.update({_id: host._id}, {ssl_expires: timestamp.now('+90d')}, {
-                                        multi:  false,
-                                        upsert: false
-                                    });
-                                })
-                                .then(next)
-                                .catch(err => {
-                                    logger.error(err);
-                                    next(err);
-                                });
-                        } else {
-                            next();
-                        }
-                    })
-                    .error(err => {
-                        logger.error(err);
-                        internalSsl.interval_processing = false;
-                    })
-                    .end((/*results*/) => {
-                        internalSsl.interval_processing = false;
-                    });
-            }
+            logger.info('Renewing SSL certs close to expiry...');
+            return utils.exec('/usr/bin/letsencrypt renew')
+                .then(result => {
+                    logger.info(result);
+                    internalSsl.interval_processing = false;
+                    return result;
+                })
+                .catch(err => {
+                    logger.error(err);
+                    internalSsl.interval_processing = false;
+                });
         }
     },
 
@@ -73,8 +45,7 @@ const internalSsl = {
      */
     hasValidSslCerts: host => {
         return fs.existsSync('/etc/letsencrypt/live/' + host.hostname + '/fullchain.pem') &&
-            fs.existsSync('/etc/letsencrypt/live/' + host.hostname + '/privkey.pem') &&
-            host.ssl_expires > timestamp.now('+1d');
+            fs.existsSync('/etc/letsencrypt/live/' + host.hostname + '/privkey.pem');
     },
 
     /**
@@ -157,10 +128,6 @@ const internalSsl = {
                     .then(() => {
                         return internalSsl.requestSsl(data);
                     });
-            })
-            .then(() => {
-                // Certificate was requested ok, update the timestamp on the host
-                db.hosts.update({_id: host._id}, {ssl_expires: timestamp.now('+90d')}, {multi: false, upsert: false});
             });
     }
 };
diff --git a/manager/src/backend/routes/api/hosts.js b/manager/src/backend/routes/api/hosts.js
@@ -152,38 +152,4 @@ router
             .catch(next);
     });
 
-/**
- * Renew Host Action
- *
- * /api/hosts/123/renew
- */
-router
-    .route('/:host_id/renew')
-    .options((req, res) => {
-        res.sendStatus(204);
-    })
-
-    /**
-     * POST /api/hosts/123/renew
-     */
-    .post((req, res, next) => {
-        validator({
-            required:             ['host_id'],
-            additionalProperties: false,
-            properties:           {
-                host_id: {
-                    $ref: 'definitions#/definitions/_id'
-                }
-            }
-        }, req.params)
-            .then(data => {
-                return internalHost.renew(data.host_id);
-            })
-            .then(result => {
-                res.status(200)
-                    .send(result);
-            })
-            .catch(next);
-    });
-
 module.exports = router;
diff --git a/manager/src/backend/schema/endpoints/hosts.json b/manager/src/backend/schema/endpoints/hosts.json
@@ -38,11 +38,6 @@
     "ssl": {
       "type": "boolean"
     },
-    "ssl_expires": {
-      "type": "integer",
-      "minimum": 0,
-      "readonly": true
-    },
     "letsencrypt_email": {
       "type": "string",
       "format": "email"
@@ -252,9 +247,6 @@
     "ssl": {
       "$ref": "#/definitions/ssl"
     },
-    "ssl_expires": {
-      "$ref": "#/definitions/ssl_expires"
-    },
     "letsencrypt_email": {
       "$ref": "#/definitions/letsencrypt_email"
     },
diff --git a/manager/src/frontend/js/app/api.js b/manager/src/frontend/js/app/api.js
@@ -118,14 +118,6 @@ module.exports = {
          */
         reconfigure: function (_id) {
             return fetch('post', 'hosts/' + _id + '/reconfigure');
-        },
-
-        /**
-         * @param   {String}  _id
-         * @returns {Promise}
-         */
-        renew: function (_id) {
-            return fetch('post', 'hosts/' + _id + '/renew');
         }
     },
 
diff --git a/manager/src/frontend/js/app/controller.js b/manager/src/frontend/js/app/controller.js
@@ -119,17 +119,6 @@ module.exports = {
         });
     },
 
-    /**
-     * Show Renew Host
-     *
-     * @param model
-     */
-    showRenewHost: function (model) {
-        require(['./main', './host/renew'], function (App, View) {
-            App.UI.showModalDialog(new View({model: model}));
-        });
-    },
-
     /**
      * Show Advanced Host
      *
diff --git a/manager/src/frontend/js/app/dashboard/row.ejs b/manager/src/frontend/js/app/dashboard/row.ejs
@@ -42,9 +42,6 @@
     <% } %>
 </td>
 <td class="text-right">
-    <% if (ssl) { %>
-        <button type="button" class="btn btn-default btn-xs renew" title="Renew SSL"><i class="fa fa-shield" aria-hidden="true"></i></button>
-    <% } %>
     <button type="button" class="btn btn-default btn-xs reconfigure" title="Reconfigure Nginx"><i class="fa fa-refresh" aria-hidden="true"></i></button>
     <button type="button" class="btn btn-default btn-xs advanced" title="Advanced Configuration"<%- type === 'stream' ? ' disabled' : '' %>><i class="fa fa-code" aria-hidden="true"></i></button>
     <button type="button" class="btn btn-warning btn-xs edit" title="Edit"><i class="fa fa-pencil" aria-hidden="true"></i></button>
diff --git a/manager/src/frontend/js/app/dashboard/row.js b/manager/src/frontend/js/app/dashboard/row.js
@@ -15,7 +15,6 @@ module.exports = Mn.View.extend({
         delete:      'button.delete',
         access_list: 'a.access_list',
         reconfigure: 'button.reconfigure',
-        renew:       'button.renew',
         advanced:    'button.advanced'
     },
 
@@ -53,11 +52,6 @@ module.exports = Mn.View.extend({
             Controller.showReconfigureHost(this.model);
         },
 
-        'click @ui.renew': function (e) {
-            e.preventDefault();
-            Controller.showRenewHost(this.model);
-        },
-
         'click @ui.advanced': function (e) {
             e.preventDefault();
             Controller.showAdvancedHost(this.model);
diff --git a/manager/src/frontend/js/app/host/renew.ejs b/manager/src/frontend/js/app/host/renew.ejs
diff --git a/manager/src/frontend/js/app/host/renew.js b/manager/src/frontend/js/app/host/renew.js
