1
0
mirror of https://github.com/krislamo/puppet-acme_vault synced 2024-12-15 20:30:35 +00:00

use namecheap provider directly instead of lexicon

This commit is contained in:
Bob Belnap 2021-04-20 13:11:05 -04:00
parent 71e051477f
commit 7a7bb69f10
4 changed files with 21 additions and 28 deletions

View File

@ -30,9 +30,7 @@ enabled on any machine that requires the requested certificates.
### What acme_vault affects
This module will create a new system user that is used to request and deploy
certificates. It uses [lexicon](https://github.com/AnalogJ/lexicon) to make
api requests for dns changes. We use namecheap, so the required namecheap
python library is also included. Both are installed via pip.
certificates.
This module also assumes a working installation of vault.
@ -139,7 +137,7 @@ Default value: `/secret/letsencrypt/`
#### acme_vault::request
This class uses acme.sh, and pulls down the git repo for it. It uses the
lexicon provider in acme.sh to do the dns updating for the dns-01 challenge.
namecheap provider in acme.sh to do the dns updating for the dns-01 challenge.
It configures a cron job to periodically check if a cert needs renewal.
Note: it does not automatically trigger requesting certs, but relies on cron
@ -222,21 +220,23 @@ path the the acme.sh script itself
Default value: `$acme_repo_path/acme.sh`
#### `lexicon_provider`
#### `namecheap_sourceip`
provider for lexicon to use for dns-01 challanges.
sourceip for namecheap requests (it is well known that this is ignored by their api)
Default value: `127.0.0.1`
REQUIRED
#### `lexicon_username`
#### `namecheap_username`
username for lexicon dns.
username for namecheap dns api.
REQUIRED
#### `lexicon_token`
#### `namecheap_api_key`
token for lexicon user.
token for namecheap api user.
REQUIRED

View File

@ -27,10 +27,10 @@ class acme_vault::params {
$acme_repo_path = "${home_dir}/acme.sh"
$acme_script = "${acme_repo_path}/acme.sh"
# lexicon
$lexicon_provider = undef
$lexicon_username = undef
$lexicon_token = undef
# namecheap
$namecheap_username = undef
$namecheap_api_key = undef
$namecheap_sourceip = 127.0.0.1
# settings for deploy
$cert_destination_path = '/etc/acme'

View File

@ -17,10 +17,9 @@ class acme_vault::request (
$acme_repo_path = $::acme_vault::params::acme_repo_path,
$acme_script = $::acme_vault::params::acme_script,
$lexicon_provider = $::acme_vault::params::lexicon_provider,
$lexicon_username = $::acme_vault::params::lexicon_username,
$lexicon_token = $::acme_vault::params::lexicon_token,
$namecheap_username = $::acme_vault::params::namecheap_username,
$namecheap_api_key = $::acme_vault::params::namecheap_api_key,
$namecheap_sourceip = $::acme_vault::params::namecheap_sourceip,
) inherits acme_vault::params {
@ -28,17 +27,11 @@ class acme_vault::request (
$request_bashrc_template = @(END)
export TLDEXTRACT_CACHE=$HOME/.tld_set
export PROVIDER=<%= @lexicon_provider %>
export LEXICON_<%= @lexicon_provider.upcase %>_AUTH_USERNAME=<%= @lexicon_username %>
export LEXICON_<%= @lexicon_provider.upcase %>_AUTH_TOKEN=<%= @lexicon_token %>
export NAMECHEAP_USERNAME=<%= @namecheap_username %>
export NAMECHEAP_API_KEY=<%= @namecheap_api_key %>
export NAMECHEAP_SOURCEIP=<%= @namecheap_sourceip %>
END
# install lexicon
ensure_packages(['dns-lexicon', 'PyNamecheap'], {
ensure => present,
provider => 'pip',
})
# variables in bashrc
concat::fragment { 'request_bashrc':
target => "${home_dir}/.bashrc",

View File

@ -9,7 +9,7 @@
<% } else { -%>
--server <%= $prod_url %> \
<% } -%>
--dns dns_lexicon \
--dns dns_namecheap \
--dnssleep 1800 \
--domain "<%= $domain %>" --challenge-alias <%= "$domain" %> \
<% $domains.each |$d| {