cdist/cdist/conf/type/__letsencrypt_cert
evilham a696f3cf00 [__letsencrypt_cert] Revamp explorers, add locking.
This would fix #839

Certbot uses locking [1] even for read-only operations and does not properly
use exit codes, which means that sometimes it would print:
"Another instance of Certbot is already running" and exit with success.

However, the previous explorers would take that as the certificate being absent
and would trigger code generation.

The issue was made worse by having many explorers running certbot, so for N
certificates, we'd run certbot N*4 times, potentially "in parallel".

[1]: https://certbot.eff.org/docs/using.html#id5

This patch joins all explorers in one to avoid starting multiple remote python
processes and uses a cdist-specific lock in /tmp/certbot.cdist.lock with a
60 seconds timeout.

It has been tested with certbot 0.31.0 and 0.17 that the:

    from certbot.main import main

trick works. It is somewhat well documented so it can be somewhat relied upon.
2021-05-10 12:10:00 +02:00
..
explorer [__letsencrypt_cert] Revamp explorers, add locking. 2021-05-10 12:10:00 +02:00
files [__letsencrypt_cert] Move hook contents generation out of manifest 2021-02-10 10:10:21 +01:00
parameter [__letsencrypt_cert] Fix various issues with hooks. 2021-02-09 19:58:47 +01:00
gencode-remote [__letsencrypt_cert] Revamp explorers, add locking. 2021-05-10 12:10:00 +02:00
man.rst [__letsencrypt_cert] Fix various issues with hooks. 2021-02-09 19:58:47 +01:00
manifest [__letsencrypt_cert] Revamp explorers, add locking. 2021-05-10 12:10:00 +02:00
nonparallel __letsencrypt_cert: add nonparallel and make admin-email required (#609) 2017-12-29 17:10:16 +01:00