feat: manage certbot
- add haproxy backend for be_letsencrypt - manage the certbot role/profile - create define to export certificate requests
This commit is contained in:
@@ -0,0 +1,15 @@
|
||||
# profiles::certbot::cert
|
||||
define profiles::certbot::cert (
|
||||
Stdlib::Fqdn $domain,
|
||||
Array $additional_args = ['--http-01-port=8888'],
|
||||
Boolean $manage_cron = true,
|
||||
) {
|
||||
|
||||
$location_environment = "${facts['country']}-${facts['region']}-${facts['environment']}"
|
||||
|
||||
@@letsencrypt::certonly { $domain:
|
||||
additional_args => $additional_args,
|
||||
manage_cron => $manage_cron,
|
||||
tag => $location_environment,
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,32 @@
|
||||
# profiles::certbot::server
|
||||
class profiles::certbot::server (
|
||||
String $contact,
|
||||
Array[Stdlib::Fqdn] $domains = [],
|
||||
) {
|
||||
|
||||
class { 'letsencrypt':
|
||||
configure_epel => false,
|
||||
package_ensure => 'latest',
|
||||
email => $contact,
|
||||
}
|
||||
|
||||
# set location_environment
|
||||
$location_environment = "${facts['country']}-${facts['region']}-${facts['environment']}"
|
||||
|
||||
# collect exported resources
|
||||
Letsencrypt::Certonly <<| tag == $location_environment |>>
|
||||
|
||||
# statically defined certificate
|
||||
$domains.each | $domain | {
|
||||
profiles::certbot::cert {$domain:
|
||||
domain => $domain,
|
||||
}
|
||||
}
|
||||
|
||||
# export haproxy balancemember
|
||||
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_8888":
|
||||
service => 'be_letsencrypt',
|
||||
ports => [8888],
|
||||
options => []
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,11 @@
|
||||
# a role to deploy a certbot server
|
||||
class roles::infra::pki::certbot {
|
||||
if $facts['firstrun'] {
|
||||
include profiles::defaults
|
||||
include profiles::firstrun::init
|
||||
}else{
|
||||
include profiles::defaults
|
||||
include profiles::base
|
||||
include profiles::certbot::server
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user