change the generic service module to accomodate services that need key and certificate in one file

amulib/helpers.py

@@ -107,13 +107,8 @@ def copy_file(source, destination, backup=True):
     :return: success
     :rtype: bool
     """
-    backup_file = destination + ".bak_%s" % datetime.datetime.now().strftime(
-        "%Y%m%d%H%M%S")
     if backup:
-        try:
-            shutil.copy(destination, backup_file)
-        except IOError:
-            LOGGER.error("Creating of backup file for %s failed!", destination)
+        if not create_backup_copy(destination):
             return False
     try:
         shutil.copy(source, destination)
@@ -126,6 +121,26 @@ def copy_file(source, destination, backup=True):
         return True
 
 
+def create_backup_copy(source):
+    """
+    creates a backup file of a specified source file.
+
+    :param source: source file path
+    :type source: str
+    :return: success
+    :rtype: bool
+    """
+    backup_file = source + ".bak_%s" % datetime.datetime.now().strftime(
+        "%Y%m%d%H%M%S")
+    try:
+        shutil.copy(source, backup_file)
+    except IOError:
+        LOGGER.error("Creating of backup file for %s failed!", source)
+        return False
+    else:
+        return True
+
+
 def check_renewal(cert, cert_path):
     """
     Checks if the certificate has been renewed.

amulib/service.py

@@ -25,6 +25,7 @@ import logging
 import socket
 import os
 import subprocess
+import shutil
 
 from amulib import helpers
 import OpenSSL
@@ -78,20 +79,46 @@ def run(service_name, config, acme_dir="/var/lib/acme",
                     for port in tlsa_ports:
                         helpers.create_tlsa_records(fqdn, port, acme_cert,
                                                     named_key_path)
-                if helpers.copy_file(acme_fullchain_path, certificate_path):
-                    newkey_path = os.path.join(acme_dir, "live",
-                                               fqdn, "privkey")
-                    if helpers.copy_file(newkey_path, key_path):
-                        LOGGER.info("Certificate for %s successfully "
-                                    "renewed, restarting service.",
-                                    service_name)
-                        subprocess.call(["/etc/init.d/%s" % service_name,
-                                         "restart"])
+                newkey_path = os.path.join(acme_dir, "live",
+                                           fqdn, "privkey")
+                renewal_successful = False
+                if certificate_path == key_path:
+                    if helpers.create_backup_copy(certificate_path):
+                        try:
+                            with open(certificate_path, "wb") as target:
+                                with open(acme_fullchain_path, "rb") as chain:
+                                    with open(newkey_path, "rb") as newkey:
+                                        shutil.copyfileobj(newkey,
+                                                           target)
+                                        shutil.copyfileobj(chain, target)
+                        except IOError:
+                            LOGGER.error("Renewal of cert for %s failed, "
+                                         "please clean up manually and "
+                                         "check the backup files!",
+                                         service_name)
+                        else:
+                            renewal_successful = True
                     else:
                         LOGGER.error("Renewal of cert for %s failed, "
                                      "please clean up manually and "
                                      "check the backup files!", service_name)
                 else:
-                    LOGGER.error("Renewal of cert for %s failed, "
-                                 "please clean up manually and "
-                                 "check the backup files!", service_name)
+                    if helpers.copy_file(acme_fullchain_path,
+                                         certificate_path):
+                        if helpers.copy_file(newkey_path, key_path):
+                            renewal_successful = True
+                        else:
+                            LOGGER.error("Renewal of cert for %s failed, "
+                                         "please clean up manually and "
+                                         "check the backup files!",
+                                         service_name)
+                    else:
+                        LOGGER.error("Renewal of cert for %s failed, "
+                                     "please clean up manually and "
+                                     "check the backup files!", service_name)
+            if renewal_successful:
+                LOGGER.info("Certificate for %s successfully "
+                            "renewed, restarting service.",
+                            service_name)
+                subprocess.call(["/etc/init.d/%s" % service_name,
+                                 "restart"])