new: [zato] auto schedule crt renew from letsencrypt certs

zato/actions/renew_crt

@@ -0,0 +1,11 @@
+#!/bin/bash
+# compose: no-hooks
+
+## Merged letsencrypt certificate for load_balancer in zato 
+
+. $CHARM_PATH/lib/common
+
+DOMAIN=$(relation:get "$SERVICE_NAME":web-proxy domain)
+
+
+merge_crt_letsencrypt "$DOMAIN" || exit 1 

zato/hooks/web_proxy-relation-joined

@@ -1,14 +1,13 @@
 #!/bin/bash
 
+. lib/common
+
 DOMAIN=$(relation-get domain) || exit 1
-DEST_LETSENCRYPT_FULLCHAIN="$SERVICE_DATASTORE/opt/zato/letsencrypt-fullchain.pem"
 CUSTOM_CREATE_LB_PATH="/opt/zato/3.2.0/code/zato-cli/src/zato/cli/create_lb.py"
 
 set -e
 
-mkdir -p "${DEST_LETSENCRYPT_FULLCHAIN%/*}"
-
-cat $DATASTORE/letsencrypt/etc/letsencrypt/live/$DOMAIN/{fullchain,privkey}.pem > "$DEST_LETSENCRYPT_FULLCHAIN" || exit 1
+merge_crt_letsencrypt "$DOMAIN"
 
 # adding custom config file to handle https in load_balancer with letsencrypt-fullchain certificate
 
@@ -20,4 +19,4 @@ services:
       - $DEST_LETSENCRYPT_FULLCHAIN:/opt/zato/letsencrypt-fullchain.pem
 "
 
-info "Configured $SERVICE_NAME load_balancer with HTTPS support."
+info "Configured $SERVICE_NAME load_balancer with HTTPS support."

zato/lib/common

@@ -37,3 +37,15 @@ exec_as_zato_in_container() {
         return 1
     fi
 }
+
+## merge certificate for zato HapProxy to handle https API calls
+merge_crt_letsencrypt(){
+    local DOMAIN="$1"
+    
+    DEST_LETSENCRYPT_FULLCHAIN="$SERVICE_DATASTORE/opt/zato/letsencrypt-fullchain.pem"
+    mkdir -p "${DEST_LETSENCRYPT_FULLCHAIN%/*}"
+    cat $DATASTORE/letsencrypt/etc/letsencrypt/live/$DOMAIN/{fullchain,privkey}.pem > "$DEST_LETSENCRYPT_FULLCHAIN" || return 1
+    info "Letsencrypt {fullchain,privkey}.pem have been concat to /opt/zato/letsencrypt-fullchain.pem for zato hapProxy conf"
+}
+
+

zato/metadata.yml

@@ -20,6 +20,13 @@ uses:
     auto: summon
     solves:
       database: "main storage"
+  schedule-command:
+    constraint: required
+    auto: pair
+    solves:
+      maintenance: "Auto renew crt for hapProxy in zato"
+    default-options: !var-expand
+      (35 3 * * 7) {-D -p 10} compose renew_crt "$BASE_SERVICE_NAME"
   backup:
     constraint: recommended
     auto: pair