From 0a07215d422f8f606a41d822436e6c6dd93d001f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= Date: Tue, 10 Jan 2023 12:56:33 +0100 Subject: Working product. --- manifests/renew/cron.pp | 6 ------ manifests/renew/cron/setup.pp | 6 ++++++ manifests/renew/setup.pp | 19 +++++++++---------- manifests/renew/systemd.pp | 19 +++++++------------ manifests/renew/systemd/setup.pp | 23 +++++++++++++++++++++++ 5 files changed, 45 insertions(+), 28 deletions(-) delete mode 100644 manifests/renew/cron.pp create mode 100644 manifests/renew/cron/setup.pp create mode 100644 manifests/renew/systemd/setup.pp (limited to 'manifests/renew') diff --git a/manifests/renew/cron.pp b/manifests/renew/cron.pp deleted file mode 100644 index 37aa3fb..0000000 --- a/manifests/renew/cron.pp +++ /dev/null @@ -1,6 +0,0 @@ -# Handles renewal certificates through CRON -# private -class letsencrypt::renew::cron ( -) { - fail('Not yet implemented') -} diff --git a/manifests/renew/cron/setup.pp b/manifests/renew/cron/setup.pp new file mode 100644 index 0000000..d6cb51b --- /dev/null +++ b/manifests/renew/cron/setup.pp @@ -0,0 +1,6 @@ +# Handles renewal certificates through CRON +# @api private +class letsencrypt::renew::cron::setup ( +) { + fail('Not yet implemented') +} diff --git a/manifests/renew/setup.pp b/manifests/renew/setup.pp index 8b4708b..7ba6a1b 100644 --- a/manifests/renew/setup.pp +++ b/manifests/renew/setup.pp @@ -1,18 +1,17 @@ # Sets up timers for automatically renewing certificates -# TODO -# - make provider OS dependant -# - is provider the correct name? # @param provider # How the renewal should be managed. # @api private class letsencrypt::renew::setup ( - Enum['systemd', 'cron'] $provider = 'systemd', + Letsencrypt::Renewal_provider $provider = $letsencrypt::renewal_provider, ) { - file { [ - '/etc/letsencrypt/env', - ]: - ensure => directory, - } + include "::letsencrypt::renew::${provider}::setup" + + # also used by letsencrypt::cert + $renew_script = "${letsencrypt::config_dir}/renew_cert" - include "::letsencrypt::renew::${provider}" + file { $renew_script: + source => "puppet:///modules/${module_name}/run_certbot.py", + mode => '0555', + } } diff --git a/manifests/renew/systemd.pp b/manifests/renew/systemd.pp index 8c63f23..f64e7e5 100644 --- a/manifests/renew/systemd.pp +++ b/manifests/renew/systemd.pp @@ -1,16 +1,11 @@ -# Handles renewal certificates through systemd timers -# @param service_name Target name of the service file -# @param service_path Where the service file should be installed # @api private -class letsencrypt::renew::systemd ( - String $service_name = 'letsencrypt-renew', - String $service_path = '/etc/systemd/system', +define letsencrypt::renew::systemd ( + String $cert_name = $name ) { - file { "${service_path}/${service_name}@.service": - source => "puppet:///modules/${module_name}/letsencrypt-renew.service", - } - - file { "${service_path}/${service_name}@.timer": - source => "puppet:///modules/${module_name}/letsencrypt-renew.timer", + require letsencrypt::renew::systemd::setup + $service = $letsencrypt::renew::systemd::setup::service_name + service { "${service}@${cert_name}.timer": + ensure => 'running', + enable => true, } } diff --git a/manifests/renew/systemd/setup.pp b/manifests/renew/systemd/setup.pp new file mode 100644 index 0000000..5839efc --- /dev/null +++ b/manifests/renew/systemd/setup.pp @@ -0,0 +1,23 @@ +# Handles renewal certificates through systemd timers +# @param service_name Target name of the service file +# @param service_path Where the service file should be installed +# @api private +class letsencrypt::renew::systemd::setup ( + String $service_name = 'letsencrypt-renew', + String $service_path = '/etc/systemd/system', +) { + file { "${service_path}/${service_name}@.service": + source => "puppet:///modules/${module_name}/letsencrypt-renew.service", + notify => Exec['systemctl daemon-reload'], + } + + file { "${service_path}/${service_name}@.timer": + source => "puppet:///modules/${module_name}/letsencrypt-renew.timer", + notify => Exec['systemctl daemon-reload'], + } + + exec { 'systemctl daemon-reload': + refreshonly => true, + provider => shell, + } +} -- cgit v1.2.3