CentOS6.X: letsencrypt, cronjob e errado “versão pip”

3

Estou tentando escrever um script que atualizará o certificado letsencrypt automaticamente através do cronjob em CentOS6.x atualizado.

Para fazer isso, escrevi o seguinte script:

#!/bin/sh

#
# get newest "Let's Encrypt" version
#
cd /opt/letsencrypt
git pull

# bug fix #201600233: update pip
echo "****************************************************************"
echo pip --version
pip --version
echo "****************************************************************"

pip install --upgrade pip

#
# update certs
#

# stop httpd
/etc/init.d/httpd stop

# renew certs
/opt/letsencrypt/letsencrypt-auto renew > /var/log/letsencrypt/renew.log 2>&1
LE_STATUS=$?

# start httpd
/etc/init.d/httpd start

# check "Let's Encrypt" result
if [ "$LE_STATUS" != 0 ]; then
    echo Automated renewal failed:
    cat /var/log/letsencrypt/renew.log
    exit 1
fi

Toda vez que eu executo este script da linha commando, tudo bem. O script está sendo executado sem erros. Mas toda vez que eu inicio o script via cronjob eu recebo o erro

You are using pip version 8.0.3, however version 8.1.2 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.

Não sei por que esses ocorrências ... Há alguma variável de ambiente ausente?

Aqui, todas as saídas do cronjob. Note também que a saída do cronjob diz que a versão do pip é "8.1.2".

Already up-to-date.
****************************************************************
pip --version
pip 8.1.2 from /usr/lib/python2.6/site-packages (python 2.6)
****************************************************************
DEPRECATION: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of pip will drop support for Python 2.6
Requirement already up-to-date: pip in /usr/lib/python2.6/site-packages
httpd beenden: [  OK  ]^M
httpd starten: [  OK  ]^M
Automated renewal failed:
Bootstrapping dependencies for RedHat-based OSes...
yum ist /usr/bin/yum
Geladene Plugins: fastestmirror, refresh-packagekit, security, verify
Einrichten des Installationsprozess
Loading mirror speeds from cached hostfile
 * base: centosmirror.netcup.net
 * epel: mirrors.n-ix.net
 * extras: centosmirror.netcup.net
 * updates: mirror.ratiokontakt.de
 * webtatic: uk.repo.webtatic.com
Paket gcc-4.4.7-17.el6.x86_64 ist bereits in der neusten Version installiert.
Paket dialog-1.1-9.20080819.1.el6.x86_64 ist bereits in der neusten Version installiert.
Paket augeas-libs-1.0.0-10.el6.x86_64 ist bereits in der neusten Version installiert.
Paket openssl-1.0.1e-48.el6_8.1.x86_64 ist bereits in der neusten Version installiert.
Paket openssl-devel-1.0.1e-48.el6_8.1.x86_64 ist bereits in der neusten Version installiert.
Paket libffi-devel-3.0.5-3.2.el6.x86_64 ist bereits in der neusten Version installiert.
Paket redhat-rpm-config-9.0.3-51.el6.centos.noarch ist bereits in der neusten Version installiert.
Paket ca-certificates-2015.2.6-65.0.1.el6_7.noarch ist bereits in der neusten Version installiert.
Paket python-2.6.6-64.el6.x86_64 ist bereits in der neusten Version installiert.
Paket python-devel-2.6.6-64.el6.x86_64 ist bereits in der neusten Version installiert.
Paket python-virtualenv-1.10.1-1.el6.noarch ist bereits in der neusten Version installiert.
Paket python-tools-2.6.6-64.el6.x86_64 ist bereits in der neusten Version installiert.
Paket python-pip-7.1.0-1.el6.noarch ist bereits in der neusten Version installiert.
Paket 1:mod_ssl-2.2.15-53.el6.centos.x86_64 ist bereits in der neusten Version installiert.
Nichts zu tun
Creating virtual environment...
Installing Python packages...
Had a problem while installing Python packages:
DEPRECATION: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of pip will drop support for Python 2.6
Requirement already satisfied (use --upgrade to upgrade): argparse==1.4.0 in /.local/share/letsencrypt/lib/python2.6/site-packages (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 5))
Collecting pycparser==2.14 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 11))
//.local/share/letsencrypt/lib64/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:315: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning.
  SNIMissingWarning
//.local/share/letsencrypt/lib64/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
  Downloading pycparser-2.14.tar.gz (223kB)
Collecting cffi==1.4.2 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 14))
  Downloading cffi-1.4.2.tar.gz (365kB)
Collecting ConfigArgParse==0.10.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 31))
  Downloading ConfigArgParse-0.10.0.tar.gz
Collecting configobj==5.0.6 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 33))
  Downloading configobj-5.0.6.tar.gz
Collecting cryptography==1.2.3 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 35))
  Downloading cryptography-1.2.3.tar.gz (373kB)
Collecting enum34==1.1.2 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 57))
  Downloading enum34-1.1.2.tar.gz (46kB)
Collecting funcsigs==0.4 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 60))
  Downloading funcsigs-0.4-py2.py3-none-any.whl
Collecting idna==2.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 63))
  Downloading idna-2.0-py2.py3-none-any.whl (61kB)
Collecting ipaddress==1.0.16 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 66))
  Downloading ipaddress-1.0.16.tar.gz
Collecting linecache2==1.0.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 69))
  Downloading linecache2-1.0.0-py2.py3-none-any.whl
Collecting ndg-httpsclient==0.4.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 72))
  Downloading ndg_httpsclient-0.4.0.tar.gz
Collecting ordereddict==1.1 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 74))
  Downloading ordereddict-1.1.tar.gz
Collecting parsedatetime==2.1 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 76))
  Downloading parsedatetime-2.1-py2-none-any.whl
Collecting pbr==1.8.1 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 79))
  Downloading pbr-1.8.1-py2.py3-none-any.whl (89kB)
Collecting psutil==3.3.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 82))
  Downloading psutil-3.3.0.tar.gz (261kB)
Collecting pyasn1==0.1.9 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 104))
  Downloading pyasn1-0.1.9-py2.py3-none-any.whl
Collecting pyOpenSSL==0.15.1 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 116))
  Downloading pyOpenSSL-0.15.1-py2.py3-none-any.whl (102kB)
Collecting pyRFC3339==1.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 119))
  Downloading pyRFC3339-1.0-py2.py3-none-any.whl
Collecting python-augeas==0.5.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 122))
  Downloading python-augeas-0.5.0.tar.gz (90kB)
Collecting python2-pythondialog==3.3.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 124))
  Downloading python2-pythondialog-3.3.0.tar.bz2 (1.8MB)
Collecting pytz==2015.7 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 127))
  Downloading pytz-2015.7-py2.py3-none-any.whl (476kB)
Collecting requests==2.9.1 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 141))
  Downloading requests-2.9.1-py2.py3-none-any.whl (501kB)
Collecting six==1.10.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 144))
  Downloading six-1.10.0-py2.py3-none-any.whl
Collecting traceback2==1.4.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 147))
  Downloading traceback2-1.4.0-py2.py3-none-any.whl
Collecting unittest2==1.1.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 150))
  Downloading unittest2-1.1.0-py2.py3-none-any.whl (96kB)
Collecting zope.component==4.2.2 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 153))
  Downloading zope.component-4.2.2.tar.gz (546kB)
Collecting zope.event==4.1.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 155))
  Downloading zope.event-4.1.0.tar.gz (476kB)
Collecting zope.interface==4.1.3 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 157))
  Downloading zope.interface-4.1.3.tar.gz (141kB)
Collecting mock==1.0.1 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 175))
  Downloading mock-1.0.1.zip (861kB)
Collecting letsencrypt==0.7.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 178))
  Downloading letsencrypt-0.7.0-py2-none-any.whl
Collecting acme==0.8.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 184))
  Downloading acme-0.8.0-py2.py3-none-any.whl (91kB)
Collecting certbot==0.8.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 187))
  Downloading certbot-0.8.0-py2-none-any.whl (215kB)
Collecting certbot-apache==0.8.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 190))
  Downloading certbot_apache-0.8.0-py2-none-any.whl (103kB)
Collecting setuptools>=1.0 (from cryptography==1.2.3->-r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 35))
In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
    setuptools>=1.0 from https://pypi.python.org/packages/a6/2b/803bd512ae9a69164ccfc29d289c99fa1b50cdfeb57aa3ab2239094e4751/setuptools-22.0.2-py2.py3-none-any.whl#md5=51dcd17dd15db58ee090565e99b0e94d (from cryptography==1.2.3->-r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 35))
//.local/share/letsencrypt/lib64/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
You are using pip version 8.0.3, however version 8.1.2 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
    
por Steffen 03.06.2016 / 17:38

1 resposta

4

Primeiro: Obrigado ao "Jeremy Dover". Seus comentários foram muito úteis para mim! : -)

Depois de definir a variável de ambiente HOME como /root , isso funciona. Parece que o letsencrypt leva a instalação do pip em qualquer lugar de /root/.local/share/letsencrypt/ (porque eu instalei o letsencrypt como usuário root) e quando a variável HOME não estava correta, o letsencrypt não pode encontrá-lo ...

    
por 03.06.2016 / 18:44