Initial version

Dockerfile

@@ -0,0 +1,11 @@
+FROM python:3.5.1-alpine 
+MAINTAINER Chris Smith <chris87@gmail.com> 
+
+RUN \
+  pip install \
+    python-etcd
+
+COPY *.py /
+
+VOLUME ["/letsencrypt"]
+ENTRYPOINT ["python", "/generate.py"]

README.md

@@ -0,0 +1,56 @@
+# Automatic Let's Encrypt certificate generator 
+
+This connects my [docker-service-reporter](https://github.com/csmith/docker-service-reporter/)
+and [docker-letsencrypt-lexicon](https://github.com/csmith/docker-letsencrypt-lexicon)
+containers together. Between the three, they create a pipeline
+to automatically obtain Let's Encrypt certificates for
+containers as they're added or modified. 
+
+## How? 
+
+The `service-reporter` container populates `etcd` with details about
+known containers.
+
+This container monitors `etcd` for a label specifying vhosts, and builds a
+list of domain names and alternatives that need certificates.
+
+Finally, `letsencrypt-lexicon` takes in the list of domain names and
+obtains the actual certificates for them.
+
+## Usage
+
+Create a named volume to use for the domains list and resulting
+certificates:
+
+```bash
+docker volume create --name letsencrypt-data
+```
+
+You should mount this volume in the `letsencrypt-lexicon` container at
+`/letsencrypt`.
+
+Then run this container. It takes the same arguments as `service-reporter`:
+
+```
+  --etcd-host (default: etcd) hostname where ectd is running
+  --etcd-port (default: 2379) port to connect to ectd on
+  --etcd-prefix (default: /docker) prefix to read keys from
+  --name (default: unknown) name of the host running docker
+```
+
+So running the container will look something like:
+
+```bash
+docker run -d \
+  --name service-letsencrypt \
+  --restart always \
+  -v letsencrypt-data:/letsencrypt \
+  csmith/service-letsencrypt:latest \
+  --<arguments>
+```
+
+## Current known issues
+
+* **The container performs one update and then exits.** It does not yet monitor
+  for changes to etcd.
+

fetcher.py

@@ -0,0 +1,23 @@
+#!/usr/bin/env python3
+
+import etcd
+
+
+class Fetcher:
+
+  def __init__(self, host, port, prefix):
+    self._client = etcd.Client(host=host, port=port)
+    self._prefix = prefix
+
+
+  def _read_recursive(self, key):
+    try:
+      return self._client.read(self._prefix + key, recursive=True)
+    except etcd.EtcdKeyNotFound:
+      return None 
+
+
+  def get_label(self, label):
+    node = self._read_recursive('/labels/%s' % label)
+    return {child.key.split('/')[-1]: child.value for child in node.children}
+

generate.py

@@ -0,0 +1,34 @@
+#!/usr/bin/env python3
+
+from collections import defaultdict
+from fetcher import Fetcher
+import argparse
+import os
+
+parser = argparse.ArgumentParser()
+parser.add_argument('--name', help='Name of the docker host to request certificates for', default='unknown')
+parser.add_argument('--etcd-port', type=int, help='Port to connect to etcd on', default=2379)
+parser.add_argument('--etcd-host', help='Host to connect to etcd on', default='etcd')
+parser.add_argument('--etcd-prefix', help='Prefix to use when retrieving keys from etcd', default='/docker')
+args = parser.parse_args()
+
+domains = defaultdict(set)
+fetcher = Fetcher(args.etcd_host, args.etcd_port, args.etcd_prefix)
+for container, values in fetcher.get_label('com.chameth.vhost').items():
+  parts = values.split(',')
+  domains[parts[0].strip()] |= set([] if len(parts) == 1 else parts[1:])
+
+with open('/letsencrypt/domains.txt.new', 'w') as f:
+  for domain, alts in domains.items():
+    f.write(domain)
+    if len(alts):
+      f.write(' ' + ' ' .join(alts))
+    f.write('\n')
+
+try:
+  os.remove('/letsencrypt/domains.txt')
+except OSError:
+  pass
+
+os.rename('/letsencrypt/domains.txt.new', '/letsencrypt/domains.txt')
+