fix: multiplex ssh and ssl copy

2022-09-26 11:15:14 +02:00 · 2022-09-26 11:15:14 +02:00 · 5f57279283
commit 5f57279283
parent 5ed3565520
3 changed files with 30 additions and 32 deletions
--- a/apps/api/package.json
+++ b/apps/api/package.json
@ -20,8 +20,8 @@
    "@fastify/cors": "8.1.0",
    "@fastify/env": "4.1.0",
    "@fastify/jwt": "6.3.2",
    "@fastify/static": "6.5.0",
    "@fastify/multipart": "7.2.0",
    "@fastify/static": "6.5.0",
    "@iarna/toml": "2.2.5",
    "@ladjs/graceful": "3.0.2",
    "@prisma/client": "4.3.1",
--- a/apps/api/src/jobs/infrastructure.ts
+++ b/apps/api/src/jobs/infrastructure.ts
@ -53,59 +53,51 @@ async function checkFluentBit() {
        }
    }
 }
-async function copyRemoteCertificates(certificate: any, dockerId: string, remoteIpAddress: string) {
+async function copyRemoteCertificates(id: string, dockerId: string, remoteIpAddress: string) {
    try {
        const { id, key, cert } = certificate
        const decryptedKey = decrypt(key)
        await fs.writeFile(`/tmp/${id}-key.pem`, decryptedKey)
        await fs.writeFile(`/tmp/${id}-cert.pem`, cert)
        await asyncExecShell(`scp /tmp/${id}-cert.pem /tmp/${id}-key.pem ${remoteIpAddress}:/tmp/`)
        await executeSSHCmd({ dockerId, command: `docker exec coolify-proxy sh -c 'test -d /etc/traefik/acme/custom/ || mkdir -p /etc/traefik/acme/custom/'` })
        await executeSSHCmd({ dockerId, command: `docker cp /tmp/${id}-key.pem coolify-proxy:/etc/traefik/acme/custom/` })
        await executeSSHCmd({ dockerId, command: `docker cp /tmp/${id}-cert.pem coolify-proxy:/etc/traefik/acme/custom/` })
    } catch (error) {
-        console.log('Error copying SSL certificates to remote engine', error)
+        console.log({ error })
    }
 }
-async function copyLocalCertificates(certificate: any) {
+async function copyLocalCertificates(id: string) {
    try {
        const { id, key, cert } = certificate
        const decryptedKey = decrypt(key)
        await asyncExecShell(`docker exec coolify-proxy sh -c 'test -d /etc/traefik/acme/custom/ || mkdir -p /etc/traefik/acme/custom/'`)
        await fs.writeFile(`/tmp/${id}-key.pem`, decryptedKey)
        await fs.writeFile(`/tmp/${id}-cert.pem`, cert)
        await asyncExecShell(`docker cp /tmp/${id}-key.pem coolify-proxy:/etc/traefik/acme/custom/`)
        await asyncExecShell(`docker cp /tmp/${id}-cert.pem coolify-proxy:/etc/traefik/acme/custom/`)
    } catch (error) {
-        console.log('Error copying SSL certificates to remote engine', error)
+        console.log({ error })
    }
 }
 async function copySSLCertificates() {
    try {
        const pAll = await import('p-all');
        const actions = []
        const certificates = await prisma.certificate.findMany({ include: { team: true } })
        const teamIds = certificates.map(c => c.teamId)
        const destinations = await prisma.destinationDocker.findMany({ where: { isCoolifyProxyUsed: true, teams: { some: { id: { in: [...teamIds] } } } } })
-        let promises = []
+        for (const certificate of certificates) {
-        for (const destination of destinations) {
+            const { id, key, cert } = certificate
-            if (destination.remoteEngine) {
+            const decryptedKey = decrypt(key)
-                const { id: dockerId, remoteIpAddress, remoteVerified } = destination
+            await fs.writeFile(`/tmp/${id}-key.pem`, decryptedKey)
-                if (!remoteVerified) {
+            await fs.writeFile(`/tmp/${id}-cert.pem`, cert)
-                    continue;
+            for (const destination of destinations) {
-                }
+                if (destination.remoteEngine) {
-                for (const certificate of certificates) {
+                    if (destination.remoteVerified) {
-                    promises.push(copyRemoteCertificates(certificate, dockerId, remoteIpAddress))
+                        const { id: dockerId, remoteIpAddress } = destination
-                }
+                        actions.push(async () => copyRemoteCertificates(id, dockerId, remoteIpAddress))
-            } else {
+                    }
-                for (const certificate of certificates) {
+                } else {
-                    promises.push(copyLocalCertificates(certificate))
+                    actions.push(async () => copyLocalCertificates(id))
                }
            }
        }
-        await Promise.all(promises)
+        await pAll.default(actions, { concurrency: 1 })
    } catch (error) {
-        console.log('Error copying SSL certificates', error)
+        console.log(error)
    } finally {
        await asyncExecShell(`find /tmp/ -maxdepth 1 -type f -name '*-*.pem' -delete`)
    }
@ -260,7 +252,8 @@ async function cleanupStorage() {
 (async () => {
    let status = {
        cleanupStorage: false,
-        autoUpdater: false
+        autoUpdater: false,
        copySSLCertificates: false,
    }
    if (parentPort) {
        parentPort.on('message', async (message) => {
@ -291,7 +284,11 @@ async function cleanupStorage() {
                    return;
                }
                if (message === 'action:copySSLCertificates') {
-                    await copySSLCertificates();
+                    if (!status.copySSLCertificates) {
                        status.copySSLCertificates = true
                        await copySSLCertificates();
                        status.copySSLCertificates = false
                    }
                    return;
                }
                if (message === 'action:autoUpdater') {
--- a/apps/api/src/lib/common.ts
+++ b/apps/api/src/lib/common.ts
@ -546,6 +546,7 @@ export async function createRemoteEngineConfiguration(id: string) {
 			StrictHostKeyChecking: 'no',
 			ControlMaster: 'auto',
 			ControlPath: `${homedir}/.ssh/coolify-%r@%h:%p`,
 			ControlPersist: '10m'
 		})
 	}
 	const found = config.find({ Host: remoteIpAddress });