diff options
Diffstat (limited to 'personal_infra/puppet')
| -rw-r--r-- | personal_infra/puppet/modules/proxmox/manifests/proxy.pp | 15 | ||||
| -rw-r--r-- | personal_infra/puppet/modules/proxmox/manifests/proxy_host.pp | 21 | ||||
| -rw-r--r-- | personal_infra/puppet/site/h1.pdp7.net.pp | 1 |
3 files changed, 26 insertions, 11 deletions
diff --git a/personal_infra/puppet/modules/proxmox/manifests/proxy.pp b/personal_infra/puppet/modules/proxmox/manifests/proxy.pp index b8c1b9de..cb3c0bd4 100644 --- a/personal_infra/puppet/modules/proxmox/manifests/proxy.pp +++ b/personal_infra/puppet/modules/proxmox/manifests/proxy.pp @@ -39,17 +39,14 @@ class proxmox::proxy ($mail, $base_hostname) { content => @("EOT"/$) #!/bin/sh - mail $mail -s "Restart apache2 on $base_hostname for certificate \$1" </dev/null + systemctl restart apache2 + pvenode cert set /etc/apache2/md/domains/$base_hostname/pubcert.pem /etc/apache2/md/domains/$base_hostname/privkey.pem --force 1 --restart 1 + + for hook in /usr/local/bin/notify_md_renewal_hook_* ; do + \$hook + done | EOT , mode => '0755', } - - package {'cronic':} - - cron {'pve-certs': - command => "/usr/bin/cronic /usr/bin/pvenode cert set /etc/apache2/md/domains/$base_hostname/pubcert.pem /etc/apache2/md/domains/$base_hostname/privkey.pem --force 1 --restart 1", - user => 'root', - special => 'daily', - } } diff --git a/personal_infra/puppet/modules/proxmox/manifests/proxy_host.pp b/personal_infra/puppet/modules/proxmox/manifests/proxy_host.pp index d1c6faf6..9592572c 100644 --- a/personal_infra/puppet/modules/proxmox/manifests/proxy_host.pp +++ b/personal_infra/puppet/modules/proxmox/manifests/proxy_host.pp @@ -1,4 +1,4 @@ -define proxmox::proxy_host (String[1] $target) { +define proxmox::proxy_host (String[1] $target, Optional[String[1]] $overwrite_rh_certs) { file {"/etc/apache2/sites-enabled/$title.conf": content => @("EOT") MDomain $title @@ -11,11 +11,28 @@ define proxmox::proxy_host (String[1] $target) { ProxyPassReverse "/" "$target" ProxyPreservehost On SSLProxyEngine on - </VirtualHost> | EOT , } ~> Service['apache2'] + + if $overwrite_rh_certs { + $pveid = lookup("hostvars.'$overwrite_rh_certs'.proxmox.id"); + + file {"/usr/local/bin/notify_md_renewal_hook_$overwrite_rh_certs": + content => @("EOT"/$) + #!/bin/sh + + cp /etc/apache2/md/domains/$title/pubcert.pem /rpool/data/subvol-$pveid-disk-0/etc/pki/tls/certs/localhost.crt + cp /etc/apache2/md/domains/$title/privkey.pem /rpool/data/subvol-$pveid-disk-0/etc/pki/tls/private/localhost.key + pct exec $pveid systemctl restart httpd + | EOT + , + mode => '0755', + } + } + + } diff --git a/personal_infra/puppet/site/h1.pdp7.net.pp b/personal_infra/puppet/site/h1.pdp7.net.pp index 875b213d..3be76531 100644 --- a/personal_infra/puppet/site/h1.pdp7.net.pp +++ b/personal_infra/puppet/site/h1.pdp7.net.pp @@ -12,5 +12,6 @@ node 'h1.pdp7.net' { proxmox::proxy_host {'ipsilon-test.pdp7.net': target => 'https://ipsilon-test.h1.int.pdp7.net/', + overwrite_rh_certs => 'ipsilon-test.h1.int.pdp7.net', } } |