2023-04-12 18:51:15 +00:00
|
|
|
# acme_vault::deploy
|
|
|
|
|
#
|
|
|
|
|
# This class configures the deployment of certificates from HashiCorp Vault
|
|
|
|
|
# to the filesystem. It sets up the necessary directory structure, scripts,
|
|
|
|
|
# and cron jobs to periodically check for and deploy updated certificates
|
|
|
|
|
# for the specified domains.
|
|
|
|
|
#
|
|
|
|
|
# @param user The system user for the acme_vault module.
|
|
|
|
|
# @param group The system group for the acme_vault module.
|
|
|
|
|
# @param home_dir The home directory for the acme_vault user.
|
|
|
|
|
# @param domains The list of domain names for which certificates will be deployed.
|
|
|
|
|
#
|
|
|
|
|
# @param cert_destination_path The directory where certificates will be deployed on the filesystem.
|
|
|
|
|
# @param deploy_scripts The directory where deployment scripts will be stored.
|
|
|
|
|
# @param restart_method The command to run after certificate deployment (e.g., to restart dependent services).
|
2018-02-27 18:58:42 +00:00
|
|
|
#
|
2018-02-22 19:46:51 +00:00
|
|
|
class acme_vault::deploy(
|
2018-02-27 15:32:51 +00:00
|
|
|
$user = $::acme_vault::common::user,
|
|
|
|
|
$group = $::acme_vault::common::group,
|
|
|
|
|
$home_dir = $::acme_vault::common::home_dir,
|
|
|
|
|
$domains = $::acme_vault::common::domains,
|
2018-02-22 19:46:51 +00:00
|
|
|
|
|
|
|
|
$cert_destination_path = $::acme_vault::params::cert_destination_path,
|
2020-08-11 15:14:38 +00:00
|
|
|
$deploy_scripts = $::acme_vault::params::deploy_scripts,
|
|
|
|
|
$restart_method = $::acme_vault::params::restart_method,
|
2018-02-22 19:46:51 +00:00
|
|
|
|
|
|
|
|
) inherits acme_vault::params {
|
2018-02-26 18:01:25 +00:00
|
|
|
include acme_vault::common
|
|
|
|
|
|
|
|
|
|
# copy down cert check script
|
|
|
|
|
file {"${home_dir}/check_cert.sh":
|
|
|
|
|
ensure => present,
|
|
|
|
|
owner => $user,
|
|
|
|
|
group => $group,
|
2018-02-26 19:54:07 +00:00
|
|
|
mode => '0750',
|
|
|
|
|
source => 'puppet:///modules/acme_vault/check_cert.sh',
|
2018-02-26 18:01:25 +00:00
|
|
|
}
|
|
|
|
|
|
2020-08-11 15:14:38 +00:00
|
|
|
# ensure destination paths exist
|
|
|
|
|
file {[$cert_destination_path, $deploy_scripts]:
|
2018-02-27 15:32:51 +00:00
|
|
|
ensure => directory,
|
|
|
|
|
owner => $user,
|
|
|
|
|
group => $group,
|
|
|
|
|
mode => '0750',
|
|
|
|
|
}
|
|
|
|
|
|
2018-02-27 17:28:28 +00:00
|
|
|
# go through each domain, setup cron, and ensure the destination dir exists
|
2018-02-27 15:32:51 +00:00
|
|
|
$domains.each |$domain, $d_list| {
|
2018-02-26 18:01:25 +00:00
|
|
|
cron { "${domain}_deploy":
|
2020-08-11 15:14:38 +00:00
|
|
|
command => ". \$HOME/.bashrc && ${home_dir}/check_cert.sh ${domain} ${cert_destination_path} && ${restart_method}",
|
2018-02-26 19:54:07 +00:00
|
|
|
user => $user,
|
2023-01-18 19:30:51 +00:00
|
|
|
weekday => ['2-4'],
|
|
|
|
|
hour => ['11-16'],
|
|
|
|
|
minute => 30,
|
2018-02-26 18:01:25 +00:00
|
|
|
}
|
2018-02-27 17:28:28 +00:00
|
|
|
|
|
|
|
|
file {"${cert_destination_path}/${domain}":
|
|
|
|
|
ensure => directory,
|
|
|
|
|
owner => $user,
|
|
|
|
|
group => $group,
|
|
|
|
|
mode => '0750',
|
|
|
|
|
}
|
2018-02-26 18:01:25 +00:00
|
|
|
}
|
|
|
|
|
|
2018-02-22 19:46:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
