diff options
| author | alex <alex@pdp7.net> | 2023-06-03 18:38:07 +0200 |
|---|---|---|
| committer | alex <alex@pdp7.net> | 2023-06-03 18:38:07 +0200 |
| commit | feb7806c176cb39be01d9a1473ea2957204dad99 (patch) | |
| tree | aeebaeba2f7ceffc5c867777c1bdd98aa468cd98 /personal_infra/puppet/modules/proxmox | |
| parent | d7b2b8287ab8cdbc6c0d301543f4b0d6b56a02e7 (diff) | |
Improve proxmox proxy handling
* Just set proxmox certs instead of notifying and using a cron
* Add hosts to copy certs to inside hosts
Diffstat (limited to 'personal_infra/puppet/modules/proxmox')
| -rw-r--r-- | personal_infra/puppet/modules/proxmox/manifests/proxy.pp | 15 | ||||
| -rw-r--r-- | personal_infra/puppet/modules/proxmox/manifests/proxy_host.pp | 21 |
2 files changed, 25 insertions, 11 deletions
diff --git a/personal_infra/puppet/modules/proxmox/manifests/proxy.pp b/personal_infra/puppet/modules/proxmox/manifests/proxy.pp index b8c1b9de..cb3c0bd4 100644 --- a/personal_infra/puppet/modules/proxmox/manifests/proxy.pp +++ b/personal_infra/puppet/modules/proxmox/manifests/proxy.pp @@ -39,17 +39,14 @@ class proxmox::proxy ($mail, $base_hostname) { content => @("EOT"/$) #!/bin/sh - mail $mail -s "Restart apache2 on $base_hostname for certificate \$1" </dev/null + systemctl restart apache2 + pvenode cert set /etc/apache2/md/domains/$base_hostname/pubcert.pem /etc/apache2/md/domains/$base_hostname/privkey.pem --force 1 --restart 1 + + for hook in /usr/local/bin/notify_md_renewal_hook_* ; do + \$hook + done | EOT , mode => '0755', } - - package {'cronic':} - - cron {'pve-certs': - command => "/usr/bin/cronic /usr/bin/pvenode cert set /etc/apache2/md/domains/$base_hostname/pubcert.pem /etc/apache2/md/domains/$base_hostname/privkey.pem --force 1 --restart 1", - user => 'root', - special => 'daily', - } } diff --git a/personal_infra/puppet/modules/proxmox/manifests/proxy_host.pp b/personal_infra/puppet/modules/proxmox/manifests/proxy_host.pp index d1c6faf6..9592572c 100644 --- a/personal_infra/puppet/modules/proxmox/manifests/proxy_host.pp +++ b/personal_infra/puppet/modules/proxmox/manifests/proxy_host.pp @@ -1,4 +1,4 @@ -define proxmox::proxy_host (String[1] $target) { +define proxmox::proxy_host (String[1] $target, Optional[String[1]] $overwrite_rh_certs) { file {"/etc/apache2/sites-enabled/$title.conf": content => @("EOT") MDomain $title @@ -11,11 +11,28 @@ define proxmox::proxy_host (String[1] $target) { ProxyPassReverse "/" "$target" ProxyPreservehost On SSLProxyEngine on - </VirtualHost> | EOT , } ~> Service['apache2'] + + if $overwrite_rh_certs { + $pveid = lookup("hostvars.'$overwrite_rh_certs'.proxmox.id"); + + file {"/usr/local/bin/notify_md_renewal_hook_$overwrite_rh_certs": + content => @("EOT"/$) + #!/bin/sh + + cp /etc/apache2/md/domains/$title/pubcert.pem /rpool/data/subvol-$pveid-disk-0/etc/pki/tls/certs/localhost.crt + cp /etc/apache2/md/domains/$title/privkey.pem /rpool/data/subvol-$pveid-disk-0/etc/pki/tls/private/localhost.key + pct exec $pveid systemctl restart httpd + | EOT + , + mode => '0755', + } + } + + } |