feat: update certbot module

- update documentation
- add option to notify services
- set haproxy role to notify the haproxy service
This commit is contained in:
2024-10-07 13:16:41 +11:00
parent 4bf4b42fdf
commit 2ef4fb0bf8
3 changed files with 28 additions and 4 deletions
+15
View File
@@ -1,7 +1,13 @@
# a define for creating a single certificate
# - domain: the domain to generate a certificate for
# - webserver: where to download the certificate from
# - destination: the data directory on the client
# - notify_service: what service to notify when the concat exec completes
define certbot::client::cert (
Stdlib::Fqdn $domain,
Stdlib::Fqdn $webserver,
Stdlib::Absolutepath $destination = "/etc/pki/tls/letsencrypt/${domain}",
Optional[String] $notify_service = undef,
) {
file { $destination:
@@ -34,8 +40,16 @@ define certbot::client::cert (
}
}
# create file resources
create_resources(file, $files_to_create)
# if notify_service is specified
if $notify_service != undef {
$service = Service[$notify_service]
}else{
$service = undef
}
exec { "concat_${domain}_certs":
command => "cat ${destination}/fullchain.pem ${destination}/privkey.pem > ${destination}/fullchain_combined.pem",
path => ['/bin', '/usr/bin'],
@@ -44,6 +58,7 @@ define certbot::client::cert (
File["${destination}/fullchain.pem"],
File["${destination}/privkey.pem"],
],
notify => $service,
}
} else {
notify { 'Certificates are not yet ready on the generator server.': }