confdroid/confdroid_nagios
3
0
Fork 0
Code Issues Projects Wiki Activity

re-chained certbot

Browse Source
This commit is contained in:
Arne Teuke
2017-07-21 16:15:59 +01:00
parent 3923a4adc5
commit 0d2f0ae3e8
5 changed files with 164 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
manifests/certbot/config.pp
View File

@@ -29,6 +29,24 @@ class cd_nagios::certbot::config (
require cd_certbot require cd_certbot
# ensure there is no forward vhost file
exec { 'remove forward vhost':
command => "rm -Rf $ng_forward_conf",
creates => '/etc/httpd/conf.d/.cert_created',
}
# create temp vhost file
exec { 'create_temp_vhost':
command => template('cd_nagios/certbot/create_tempfile.erb'),
cwd => '/tmp',
path => ['/bin','/usr/bin'],
provider => 'shell',
creates => '/etc/httpd/conf.d/.created',
notify => Service['httpd'],
}
# create cert # create cert
exec { 'create_cert': exec { 'create_cert':
@@ -41,6 +59,18 @@ class cd_nagios::certbot::config (
creates => '/etc/httpd/conf.d/.cert_created', creates => '/etc/httpd/conf.d/.cert_created',
} }
# remove temp_vhost
exec { 'remove_temp_vhost':
command => "rm -Rf ${ng_certbot_temp_file}",
cwd => '/tmp',
path => ['/bin','/usr/bin'],
provider => 'shell',
notify => Service['httpd'],
require => Exec['create_cert'],
creates => "/etc/letsencrypt/live/${ng_nagios_server}/cert.pem",
}
# renew certs # renew certs
exec { 'renew_cert': exec { 'renew_cert':

5
manifests/main/config.pp
View File

@@ -37,11 +37,6 @@ class cd_nagios::main::config (
if $ng_use_selinux_tools == true { if $ng_use_selinux_tools == true {
include cd_nagios::selinux::config include cd_nagios::selinux::config
} }
if $ng_enable_certbot == true {
include cd_nagios::certbot::config
}
} }
if $::fqdn != $ng_nagios_server { if $::fqdn != $ng_nagios_server {

4
manifests/params.pp
View File

@@ -374,7 +374,9 @@ $ng_forward_conf = '/etc/httpd/conf.d/nagios_forward.conf'
$ng_forward_conf_erb = 'cd_nagios/httpd/forward_conf.erb' $ng_forward_conf_erb = 'cd_nagios/httpd/forward_conf.erb'
$ng_get_cert_erb = 'cd_nagios/certbot/get_cert.erb' $ng_get_cert_erb = 'cd_nagios/certbot/get_cert.erb'
$ng_unless_get_cert = 'cd_nagios/certbot/unless_get_cert.erb' $ng_unless_get_cert = 'cd_nagios/certbot/unless_get_cert.erb'
$ng_unless_renew_erb = 'cd_nagios/certbot/unless_renew_cert.erb' $ng_unless_renew_erb = 'cd_nagios/certbot/unless_renew_cert.erb'
$ng_create_tempvhost = 'cd_nagios/certbot/create_tempfile.erb'
$ng_certbot_temp_file = '/etc/httpd/conf.d/certbot_temp.conf'
# includes must be last # includes must be last

164
manifests/server/files.pp
View File

@@ -25,49 +25,34 @@ class cd_nagios::server::files (
) inherits cd_nagios::params { ) inherits cd_nagios::params {
if $::fqdn == $ng_nagios_server { if $::fqdn == $ng_nagios_server {
if $ng_enable_certbot == true {
require cd_nagios::certbot::config
require cd_nagios::main::dirs
require cd_nagios::main::dirs # manage nagios.cfg
# manage nagios.cfg
# manage cgi.cfg # manage cgi.cfg
file { $ng_cgi_cfg_file: file { $ng_cgi_cfg_file:
ensure => file,
path => $ng_cgi_cfg_file,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => nagios_etc_t,
seluser => system_u,
content => template($ng_cgi_cfg_erb),
notify => Service[$ng_service],
}
# manage nagios.conf for httpd
file { $ng_nagios_conf:
ensure => file,
path => $ng_nagios_conf,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ng_nagios_conf_erb),
notify => Service[$ae_service],
}
if $ng_http_https_fw == true {
file { $ng_forward_conf:
ensure => file, ensure => file,
path => $ng_forward_conf, path => $ng_cgi_cfg_file,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => nagios_etc_t,
seluser => system_u,
content => template($ng_cgi_cfg_erb),
notify => Service[$ng_service],
}
# manage nagios.conf for httpd
file { $ng_nagios_conf:
ensure => file,
path => $ng_nagios_conf,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0644', mode => '0644',
@@ -75,18 +60,73 @@ class cd_nagios::server::files (
selrole => object_r, selrole => object_r,
seltype => httpd_config_t, seltype => httpd_config_t,
seluser => system_u, seluser => system_u,
content => template($ng_forward_conf_erb), content => template($ng_nagios_conf_erb),
notify => Service[$ae_service], notify => Service[$ae_service],
} }
if $ng_http_https_fw == true {
file { $ng_forward_conf:
ensure => file,
path => $ng_forward_conf,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ng_forward_conf_erb),
notify => Service[$ae_service],
}
}
# manage welcome.conf for nagios web server
if $ng_disable_welcome == true {
file { $ng_welcome_conf:
ensure => file,
path => $ng_welcome_conf,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ng_welcome_conf_erb),
notify => Service[$ae_service],
}
}
} }
# manage welcome.conf for nagios web server else {
if $ng_disable_welcome == true { require cd_nagios::main::dirs
file { $ng_welcome_conf: # manage nagios.cfg
# manage cgi.cfg
file { $ng_cgi_cfg_file:
ensure => file, ensure => file,
path => $ng_welcome_conf, path => $ng_cgi_cfg_file,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => nagios_etc_t,
seluser => system_u,
content => template($ng_cgi_cfg_erb),
notify => Service[$ng_service],
}
# manage nagios.conf for httpd
file { $ng_nagios_conf:
ensure => file,
path => $ng_nagios_conf,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0644', mode => '0644',
@@ -94,9 +134,45 @@ class cd_nagios::server::files (
selrole => object_r, selrole => object_r,
seltype => httpd_config_t, seltype => httpd_config_t,
seluser => system_u, seluser => system_u,
content => template($ng_welcome_conf_erb), content => template($ng_nagios_conf_erb),
notify => Service[$ae_service], notify => Service[$ae_service],
} }
if $ng_http_https_fw == true {
file { $ng_forward_conf:
ensure => file,
path => $ng_forward_conf,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ng_forward_conf_erb),
notify => Service[$ae_service],
}
}
# manage welcome.conf for nagios web server
if $ng_disable_welcome == true {
file { $ng_welcome_conf:
ensure => file,
path => $ng_welcome_conf,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ng_welcome_conf_erb),
notify => Service[$ae_service],
}
}
} }
} }
} }

11
templates/certbot/create_tempfile.erb Normal file
View File

@@ -0,0 +1,11 @@
echo "# temporary vhost file
<VirtualHost *:80>
ServerAdmin root@localhost
DocumentRoot /var/www/html
ServerName <%= @ng_nagios_server %>
<Directory />
AllowOverride All
</Directory>
</VirtualHost>
" > <%= @ng_certbot_temp_file %>
touch /etc/httpd/conf.d/.created