add deploy class, check_cert.sh, cron setup

2025-09-09 11:59:29 +00:00 · 2018-02-26 13:01:25 -05:00
parent 95273e46d4
commit 8a5abc08c6
5 changed files with 130 additions and 3 deletions
--- a/manifests/common.pp
+++ b/manifests/common.pp
@@ -2,6 +2,7 @@ class acme_vault::common (
    $user               = $::acme_vault::params::user,
    $group              = $::acme_vault::params::group,
    $home_dir           = $::acme_vault::params::home_dir,
+    $contact_email      = $::acme_vault::params::contact_email,

    $vault_token        = $::acme_vault::params::vault_token,
    $vault_addr         = $::acme_vault::params::vault_addr,
@@ -59,6 +60,14 @@ END
      order   => "01",
    }

+    # common dummy cron job to set MAILTO
+    cron { "dummy_mailto":
+      command     => "/bin/true",
+      user        => $user,
+      month       => 7,
+      environment => "MAILTO=${contact_email}",
+    }
+
    #		file { "$home_dir/.bashrc":
    #			ensure  => present,
    #			owner   => $user,
--- a/manifests/deploy.pp
+++ b/manifests/deploy.pp
@@ -5,8 +5,40 @@ class acme_vault::deploy(

    $cert_destination_path = $::acme_vault::params::cert_destination_path,
    $domains               = $::acme_vault::params::domains,
+    $restart               = $::acme_vault::params::restart,
+    $restart_command       = $::acme_vault::params::restart_command,

 ) inherits acme_vault::params {
+  include acme_vault::common
+
+  # copy down cert check script
+  file {"${home_dir}/check_cert.sh":
+    ensure => present,
+    owner  => $user,
+    group  => $group,
+    mode   => "0750",
+    source => "puppet:///modules/acme_vault/check_cert.sh",
+  }
+
+  if $restart {
+    $cron_command = "${home_dir}/check_cert.sh $domain $cert_destination_path && $restart_command"
+  } else {
+    $cron_command = "${home_dir}/check_cert.sh $domain $cert_destination_path"
+  }
+
+
+  notice($user)
+  $domains.each |$domain| {
+    cron { "${domain}_deploy":
+      command     => $cron_command,
+      user        => $user,
+      weekday     => 2,
+    }
+  }
+
+
+
+

 }

--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -8,14 +8,13 @@ class acme_vault::params {
    $staging     = true
    $staging_url = 'https://acme-staging-v02.api.letsencrypt.org/directory'
    $prod_url    = 'https://acme-v02.api.letsencrypt.org/directory'
+    #TODO configurue email
    $contact_email = ''

    $acme_revision = 'HEAD'
    $acme_repo_path = "$home_dir/acme.sh"
    $acme_script    = "$acme_repo_path/acme.sh"
    $vault_prefix   = '/secret/letsencrypt/'
-    # domains list TODO should be a mapping name -> domains
-
    $domains     = ''

    # authentication
@@ -32,4 +31,7 @@ class acme_vault::params {

    $cert_destination_path = '/etc/acme/'

+    $restart         = false
+    $restart_command = "echo restart!"
+
 }
--- a/manifests/requestor.pp
+++ b/manifests/requestor.pp
@@ -74,7 +74,6 @@ END
        command     => "${home_dir}/${domain}.sh",
        user        => $user,
        weekday     => 1,
-        environment => "MAILTO=${contact_email}",
      }
    }