unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
2ef4fb0bf8
puppet-prod/modules/certbot/manifests/client/cert.pp
Ben Vincent 2ef4fb0bf8 feat: update certbot module 
- update documentation
- add option to notify services
- set haproxy role to notify the haproxy service
2024-10-07 13:40:53 +11:00

67 lines
2.0 KiB
Puppet
Raw Blame History

# a define for creating a single certificate
# - domain: the domain to generate a certificate for
# - webserver: where to download the certificate from
# - destination: the data directory on the client
# - notify_service: what service to notify when the concat exec completes
define certbot::client::cert (
Stdlib::Fqdn $domain,
Stdlib::Fqdn $webserver,
Stdlib::Absolutepath $destination = "/etc/pki/tls/letsencrypt/${domain}",
Optional[String] $notify_service = undef,
) {
file { $destination:
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
$cert_ready_nodes = puppetdb_query("
facts {
name = 'certbot_available_certs' and value ~ '${domain}' and certname = '${webserver}'
}"
)
# Define the certificate files
$cert_files = ['cert.pem', 'chain.pem', 'fullchain.pem', 'privkey.pem']
if !empty($cert_ready_nodes) {
$files_to_create = $cert_files.reduce({}) |$acc, $file| {
$acc + {
"${destination}/${file}" => {
ensure => 'file',
source => "https://${webserver}/${domain}/${file}",
owner => 'root',
group => 'root',
mode => '0644',
notify => Exec["concat_${domain}_certs"],
}
}
}
# create file resources
create_resources(file, $files_to_create)
# if notify_service is specified
if $notify_service != undef {
$service = Service[$notify_service]
}else{
$service = undef
}
exec { "concat_${domain}_certs":
command => "cat ${destination}/fullchain.pem ${destination}/privkey.pem > ${destination}/fullchain_combined.pem",
path => ['/bin', '/usr/bin'],
refreshonly => true,
require => [
File["${destination}/fullchain.pem"],
File["${destination}/privkey.pem"],
],
notify => $service,
}
} else {
notify { 'Certificates are not yet ready on the generator server.': }
}
}
Reference in New Issue View Git Blame Copy Permalink