diff --git a/CHANGELOG.md b/CHANGELOG.md index 0150434..bdcf543 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,21 @@ Changelog of Git Changelog.

No issue

+500c46fa1cae78d Jenkins Server 2017-07-22 11:38:55 +

+

recommit for updates in build 46

+ +

+a38ace2f06f6f22 Arne Teuke 2017-07-22 11:38:36 +

+

reversing steps to create cert

+ +

+d5a5afcfc3c501a Arne Teuke 2017-07-22 11:23:28 +

+

reversing steps to create cert

+ +

92e809e1c65f745 Jenkins Server 2017-07-21 16:38:00

recommit for updates in build 44

diff --git a/REPOSTRUCTURE.md b/REPOSTRUCTURE.md index da7b7d0..c945adf 100644 --- a/REPOSTRUCTURE.md +++ b/REPOSTRUCTURE.md @@ -9,6 +9,7 @@ | | |-- full_list.js | | `-- jquery.js | |-- puppet_classes +| | |-- cd_nagios_3A_3Acertbot_3A_3Acerts.html | | |-- cd_nagios_3A_3Acertbot_3A_3Aconfig.html | | |-- cd_nagios_3A_3Aclient_3A_3Atarget.html | | |-- cd_nagios_3A_3Afirewall_3A_3Aiptables.html @@ -78,4 +79,4 @@ |-- README.md `-- REPOSTRUCTURE.md -18 directories, 60 files +18 directories, 61 files diff --git a/doc/_index.html b/doc/_index.html index a39bef2..00adb51 100644 --- a/doc/_index.html +++ b/doc/_index.html @@ -186,7 +186,7 @@ diff --git a/doc/file.README.html b/doc/file.README.html index d54d745..8f2ebfd 100644 --- a/doc/file.README.html +++ b/doc/file.README.html @@ -304,7 +304,7 @@ environments.

diff --git a/doc/index.html b/doc/index.html index 41991e4..9f04e40 100644 --- a/doc/index.html +++ b/doc/index.html @@ -304,7 +304,7 @@ environments.

diff --git a/doc/puppet_classes/cd_nagios.html b/doc/puppet_classes/cd_nagios.html index a2523cf..0f45275 100644 --- a/doc/puppet_classes/cd_nagios.html +++ b/doc/puppet_classes/cd_nagios.html @@ -139,7 +139,7 @@ class cd_nagios { diff --git a/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Acerts.html b/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Acerts.html index 9acbada..269d547 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Acerts.html +++ b/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Acerts.html @@ -169,41 +169,7 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.

60 61 62 -63 -64 -65 -66 -67 -68 -69 -70 -71 -72 -73 -74 -75 -76 -77 -78 -79 -80 -81 -82 -83 -84 -85 -86 -87 -88 -89 -90 -91 -92 -93 -94 -95 -96 -97 +63 
# File 'manifests/certbot/certs.pp', line 23
@@ -219,33 +185,6 @@ class cd_nagios::certbot::certs (
         require cd_certbot
         require cd_apache
 
-        # ensure there is no forward vhost file
-
-        exec { 'remove_forward_vhost':
-          command   =>  "rm -Rf ${ng_forward_conf}",
-          creates   =>  '/etc/httpd/conf.d/.cert_created',
-        }
-
-        exec { 'remove_nagios_conf':
-          command   =>  "rm -Rf ${ng_nagios_conf}",
-          creates   =>  '/etc/httpd/conf.d/.cert_created',
-          require   =>  Exec['remove_forward_vhost'],
-        }
-
-        exec { 'remove_index_html':
-          command   =>  "rm -Rf ${ng_index_html_file}",
-          creates   =>  '/etc/httpd/conf.d/.cert_created',
-          require   =>  Exec['remove_nagios_conf'],
-          notify    =>  Service[$ae_service],
-        }
-
-        exec { 'disable_selinux_temporarily':
-          command   =>  'setenforce 0',
-          path      =>  ['/usr/sbin'],
-          creates   =>  '/etc/httpd/conf.d/.cert_created',
-          require   =>  Exec['remove_index_html'],
-        }
-
         # create cert
 
         exec { 'create_cert':
@@ -255,14 +194,7 @@ class cd_nagios::certbot::certs (
           provider  =>  'shell',
           unless    =>  template('cd_nagios/certbot/unless_get_cert.erb'),
           notify    =>  Service['httpd'],
-          creates   =>  '/etc/httpd/conf.d/.cert_created',
-        }
-
-        exec { 'enable_selinux':
-          command   =>  'setenforce 1',
-          path      =>  ['/usr/sbin'],
-          creates   =>  '/etc/httpd/conf.d/.cert_created',
-          require   =>  Exec['create_cert'],
+          creates   =>  $ng_certbot_cert,
         }
 
         # renew certs
@@ -290,7 +222,7 @@ class cd_nagios::certbot::certs (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html b/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html
index 7ff66c8..c21c7d7 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html
@@ -368,7 +368,7 @@ class cd_nagios::client::target (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html
index d7b66d0..8ecb3f4 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html
@@ -207,7 +207,7 @@ class cd_nagios::firewall::iptables (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html
index 5655755..8d12a61 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html
@@ -170,13 +170,13 @@ class cd_nagios::main::config (
   if $::fqdn == $ng_nagios_server {
 #    include cd_nagios::server::service
 
-#    if $ng_include_fw == true {
-#      include cd_nagios::firewall::iptables
-#    }
+    if $ng_include_fw == true {
+      include cd_nagios::firewall::iptables
+    }
 
-#    if $ng_use_selinux_tools == true {
-#      include cd_nagios::selinux::config
-#    }
+    if $ng_use_selinux_tools == true {
+      include cd_nagios::selinux::config
+    }
 
     if $ng_enable_certbot == true {
       require cd_nagios::certbot::certs
@@ -195,7 +195,7 @@ class cd_nagios::main::config (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html
index 76a2201..2edfd7d 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html
@@ -468,7 +468,7 @@ class cd_nagios::main::dirs (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html
index 53b933c..c8b23b6 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html
@@ -235,7 +235,7 @@ class cd_nagios::main::install (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html
index e28c0fe..9d59f54 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html
@@ -200,7 +200,7 @@ class cd_nagios::main::user (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aparams.html b/doc/puppet_classes/cd_nagios_3A_3Aparams.html
index 41b91e6..843fa47 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aparams.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aparams.html
@@ -1887,8 +1887,6 @@ certificate management

         (string)
       
       
-        (defaults to: '/var/www/html')
-      
       
         —
         

@@ -1962,6 +1960,19 @@ required for certbot and used in the web templates.

       
     
   
+    
  • 
+      
+        ng_certbot_webroot
+      
+      
+        (Any)
+      
+      
+        (defaults to: '/var/www/html')
+      
+      
+    
    • 
+  
 
 
 
@@ -2152,7 +2163,13 @@ required for certbot and used in the web templates.
    
 386
 387
 388
-389
    +389 +390 +391 +392 +393 +394 +395 
    # File 'manifests/params.pp', line 216
@@ -2271,7 +2288,7 @@ $ng_enable_index      = true,
 
 # certbot
 $ng_enable_certbot    = true,
-$ng_certbot_cert_path = '/var/www/html',
+$ng_certbot_webroot   = '/var/www/html',
 $ng_webserver_name    = "nagios.${::domain}",
 
 ) {
@@ -2326,6 +2343,12 @@ $ng_unless_renew_erb  = 'cd_nagios/certbot/unless_renew_cert.erb'
 $ng_index_html_file   = '/var/www/html/index.html'
 $ng_index_html_erb    = 'cd_nagios/httpd/index_html.erb'
 
+# certbot
+$ng_certbot_main_dir  = '/etc/letsencrypt'
+$ng_certbot_archive   = "${ng_certbot_main_dir}/archive"
+$ng_certbot_cert      = "${ng_certbot_archive}/${ng_webserver_name}/cert1.pem"
+
+
 # includes must be last
 
   include cd_nagios::main::config
@@ -2338,7 +2361,7 @@ $ng_index_html_erb    = 'cd_nagios/httpd/index_html.erb'
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html b/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
index 7590646..9c2554a 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
@@ -249,7 +249,7 @@ class cd_nagios::selinux::config (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html
index 5d2427b..c1d7829 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html
@@ -195,7 +195,7 @@ class cd_nagios::server::access_rules (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html
index 37dcd28..f1255b9 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html
@@ -344,7 +344,7 @@ class cd_nagios::server::files (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html
index 6e9a14a..c8afbbd 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html
@@ -174,7 +174,7 @@ class cd_nagios::server::service (
 
 
       
diff --git a/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html b/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html
index 7803e5f..a4d5945 100644
--- a/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html
+++ b/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html
@@ -220,7 +220,7 @@ $ng_service       = $::cd_nagios::params::ng_service
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index de429ee..d0f9889 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -90,7 +90,7 @@
 
 
       
diff --git a/manifests/certbot/certs.pp b/manifests/certbot/certs.pp
index fd80273..d315d05 100644
--- a/manifests/certbot/certs.pp
+++ b/manifests/certbot/certs.pp
@@ -31,33 +31,6 @@ class cd_nagios::certbot::certs (
         require cd_certbot
         require cd_apache
 
-        # ensure there is no forward vhost file
-
-        exec { 'remove_forward_vhost':
-          command   =>  "rm -Rf ${ng_forward_conf}",
-          creates   =>  '/etc/httpd/conf.d/.cert_created',
-        }
-
-        exec { 'remove_nagios_conf':
-          command   =>  "rm -Rf ${ng_nagios_conf}",
-          creates   =>  '/etc/httpd/conf.d/.cert_created',
-          require   =>  Exec['remove_forward_vhost'],
-        }
-
-        exec { 'remove_index_html':
-          command   =>  "rm -Rf ${ng_index_html_file}",
-          creates   =>  '/etc/httpd/conf.d/.cert_created',
-          require   =>  Exec['remove_nagios_conf'],
-          notify    =>  Service[$ae_service],
-        }
-
-        exec { 'disable_selinux_temporarily':
-          command   =>  'setenforce 0',
-          path      =>  ['/usr/sbin'],
-          creates   =>  '/etc/httpd/conf.d/.cert_created',
-          require   =>  Exec['remove_index_html'],
-        }
-
         # create cert
 
         exec { 'create_cert':
@@ -67,14 +40,7 @@ class cd_nagios::certbot::certs (
           provider  =>  'shell',
           unless    =>  template('cd_nagios/certbot/unless_get_cert.erb'),
           notify    =>  Service['httpd'],
-          creates   =>  '/etc/httpd/conf.d/.cert_created',
-        }
-
-        exec { 'enable_selinux':
-          command   =>  'setenforce 1',
-          path      =>  ['/usr/sbin'],
-          creates   =>  '/etc/httpd/conf.d/.cert_created',
-          require   =>  Exec['create_cert'],
+          creates   =>  $ng_certbot_cert,
         }
 
         # renew certs
diff --git a/manifests/main/config.pp b/manifests/main/config.pp
index a4dc910..4e34dcb 100644
--- a/manifests/main/config.pp
+++ b/manifests/main/config.pp
@@ -30,13 +30,13 @@ class cd_nagios::main::config (
   if $::fqdn == $ng_nagios_server {
 #    include cd_nagios::server::service
 
-#    if $ng_include_fw == true {
-#      include cd_nagios::firewall::iptables
-#    }
+    if $ng_include_fw == true {
+      include cd_nagios::firewall::iptables
+    }
 
-#    if $ng_use_selinux_tools == true {
-#      include cd_nagios::selinux::config
-#    }
+    if $ng_use_selinux_tools == true {
+      include cd_nagios::selinux::config
+    }
 
     if $ng_enable_certbot == true {
       require cd_nagios::certbot::certs
diff --git a/manifests/params.pp b/manifests/params.pp
index 0d2a440..a9ec8f6 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -327,7 +327,7 @@ $ng_enable_index      = true,
 
 # certbot
 $ng_enable_certbot    = true,
-$ng_certbot_cert_path = '/var/www/html',
+$ng_certbot_webroot   = '/var/www/html',
 $ng_webserver_name    = "nagios.${::domain}",
 
 ) {
@@ -382,6 +382,12 @@ $ng_unless_renew_erb  = 'cd_nagios/certbot/unless_renew_cert.erb'
 $ng_index_html_file   = '/var/www/html/index.html'
 $ng_index_html_erb    = 'cd_nagios/httpd/index_html.erb'
 
+# certbot
+$ng_certbot_main_dir  = '/etc/letsencrypt'
+$ng_certbot_archive   = "${ng_certbot_main_dir}/archive"
+$ng_certbot_cert      = "${ng_certbot_archive}/${ng_webserver_name}/cert1.pem"
+
+
 # includes must be last
 
   include cd_nagios::main::config
diff --git a/templates/certbot/get_cert.erb b/templates/certbot/get_cert.erb
index 0883a39..9d5599e 100644
--- a/templates/certbot/get_cert.erb
+++ b/templates/certbot/get_cert.erb
@@ -1,2 +1 @@
-certbot certonly -t -n --agree-tos --webroot -w <%= @ng_certbot_cert_path %>/ -d www.<%= @ng_webserver_name %> -d <%= @ng_webserver_name %> --email <%= @ng_mail_user %>
-touch /etc/httpd/conf.d/.cert_created
+certbot certonly -t -n --agree-tos --webroot -w <%= @ng_certbot_webroot %>/ -d www.<%= @ng_webserver_name %> -d <%= @ng_webserver_name %> --email <%= @ng_mail_user %>