kris/puppet-acme_vault
1
0
Fork 0
mirror of https://github.com/krislamo/puppet-acme_vault synced 2024-09-19 20:40:36 +00:00
Code Issues Releases Wiki Activity

Merge pull request #1 from krislamo/master

Browse Source 
Implement script-based restart method
This commit is contained in:
rbelnap 2020-08-11 17:13:41 -04:00 committed by GitHub
commit 0e9e7262b4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 20 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
manifests/common.pp
View File

@ -1,5 +1,5 @@
# Common configuration for acme_vault # Common configuration for acme_vault
# #
class acme_vault::common ( class acme_vault::common (
$user = $::acme_vault::params::user, $user = $::acme_vault::params::user,
@ -17,12 +17,13 @@ class acme_vault::common (
) inherits acme_vault::params { ) inherits acme_vault::params {
$common_bashrc_template = @(END) $common_bashrc_template = @(END)
export PATH=$HOME:$PATH export PATH=$HOME:$PATH
export VAULT_BIN=<%= @vault_bin %> export VAULT_BIN=<%= @vault_bin %>
export VAULT_TOKEN=<%= @vault_token %> export VAULT_TOKEN=<%= @vault_token %>
export VAULT_ADDR=<%= @vault_addr %> export VAULT_ADDR=<%= @vault_addr %>
export VAULT_PREFIX=<%= @vault_prefix %> export VAULT_PREFIX=<%= @vault_prefix %>
END | END
# create acme_vault user # create acme_vault user
user { $user: user { $user:
ensure => present, ensure => present,

17
manifests/deploy.pp
View File

@ -8,8 +8,8 @@ class acme_vault::deploy(
$domains = $::acme_vault::common::domains, $domains = $::acme_vault::common::domains,
$cert_destination_path = $::acme_vault::params::cert_destination_path, $cert_destination_path = $::acme_vault::params::cert_destination_path,
$restart = $::acme_vault::params::restart, $deploy_scripts = $::acme_vault::params::deploy_scripts,
$restart_command = $::acme_vault::params::restart_command, $restart_method = $::acme_vault::params::restart_method,
) inherits acme_vault::params { ) inherits acme_vault::params {
include acme_vault::common include acme_vault::common
@ -23,25 +23,18 @@ class acme_vault::deploy(
source => 'puppet:///modules/acme_vault/check_cert.sh', source => 'puppet:///modules/acme_vault/check_cert.sh',
} }
# ensure destination path exists # ensure destination paths exist
file {$cert_destination_path: file {[$cert_destination_path, $deploy_scripts]:
ensure => directory, ensure => directory,
owner => $user, owner => $user,
group => $group, group => $group,
mode => '0750', mode => '0750',
} }
# cron job for deploy
if $restart {
$restart_suffix = "&& ${restart_command}"
} else {
$restart_suffix = ''
}
# go through each domain, setup cron, and ensure the destination dir exists # go through each domain, setup cron, and ensure the destination dir exists
$domains.each |$domain, $d_list| { $domains.each |$domain, $d_list| {
cron { "${domain}_deploy": cron { "${domain}_deploy":
command => ". \$HOME/.bashrc && ${home_dir}/check_cert.sh ${domain} ${cert_destination_path} ${restart_suffix}", command => ". \$HOME/.bashrc && ${home_dir}/check_cert.sh ${domain} ${cert_destination_path} && ${restart_method}",
user => $user, user => $user,
weekday => 2, weekday => 2,
hour => 11, hour => 11,

17
manifests/params.pp
View File

@ -26,16 +26,13 @@ class acme_vault::params {
$acme_repo_path = "${home_dir}/acme.sh" $acme_repo_path = "${home_dir}/acme.sh"
$acme_script = "${acme_repo_path}/acme.sh" $acme_script = "${acme_repo_path}/acme.sh"
# lexicon # lexicon
$lexicon_provider = undef $lexicon_provider = undef
$lexicon_username = undef $lexicon_username = undef
$lexicon_token = undef $lexicon_token = undef
# settings for deploy # settings for deploy
$cert_destination_path = '/etc/acme'
$cert_destination_path = '/etc/acme/' $deploy_scripts = "${cert_destination_path}/deploy.d"
$restart_method = "for f in ${deploy_scripts}/*.sh; do \"\$f\"; done"
$restart = false
$restart_command = 'echo restart!'
} }