Skip to content
Snippets Groups Projects
Unverified Commit 2ac6cd92 authored by Max Adamo's avatar Max Adamo
Browse files

code refactoring

parent f57221a1
No related branches found
No related tags found
No related merge requests found
# Class: geant_acme::server
## server side
the server configuration is defined in hiera as following:
```yaml
certificates_hash:
cert_1.geant.org:
ensure: 'present'
clients:
- 'test-nas01.geant.org'
- 'test-jump01.geant.org'
verbose: 'yes'
cert_2.geant.org:
ensure: 'present'
multi_domain:
- cert_3.geant.org
- cert_4.geant.org
clients:
- 'test-nas01.geant.org'
- 'test-jump01.geant.org'
```
## client side
the client runs a resource as following:
```puppet
geant_acme::client { 'postgres.geant.org':
cert_owner => 'postgres',
cert_group => 'postgres',
notify => Service['postgresql-9.6'];
}
```
......@@ -21,7 +21,7 @@ import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning #pylint: disable=E0401
BASE_URL = 'https://infoblox.geant.org/wapi/v2.6.1'
API_URL = 'https://infoblox.geant.org/wapi/v2.6.1'
SEP = '+' + 72*'-' + '+'
......@@ -44,7 +44,7 @@ def get_reference(iblox_domain, iblox_user, iblox_pw):
requests.packages.urllib3.disable_warnings(InsecureRequestWarning) #pylint: disable=E1101
ref_obj = requests.get(
'{}/record:txt?name=_acme-challenge.{}&_return_as_object=1'.format(
BASE_URL, iblox_domain),
API_URL, iblox_domain),
auth=(iblox_user, iblox_pw),
verify=False
)
......@@ -69,7 +69,7 @@ def delete_challenge(object_reference, iblox_user, iblox_pw):
""" delete txt record """
requests.packages.urllib3.disable_warnings(InsecureRequestWarning) #pylint: disable=E1101
del_req = requests.delete(
'{}/{}'.format(BASE_URL, object_reference),
'{}/{}'.format(API_URL, object_reference),
auth=(iblox_user, iblox_pw),
verify=False
)
......@@ -83,7 +83,7 @@ def create_challenge(iblox_domain, acme_token, iblox_user, iblox_pw):
print('{}\ncreating challenge _acme-challenge.{}'.format(SEP, iblox_domain))
requests.packages.urllib3.disable_warnings(InsecureRequestWarning) #pylint: disable=E1101
post_req = requests.post(
'{}/record:txt'.format(BASE_URL),
'{}/record:txt'.format(API_URL),
auth=(iblox_user, iblox_pw),
data={
'name': '_acme-challenge.{}'.format(iblox_domain),
......
......@@ -53,7 +53,7 @@ define geant_acme::client (
exec { 'fix_keydir_permissions':
path => '/usr/bin:/usr/sbin:/bin',
command => "chown ${cert_owner}:${cert_group} ${cert_dir}/private",
unless => "stat -c \"%U%G\" ${cert_dir}/private|grep \"${cert_owner}${cert_group}\"",
unless => "stat -c \"%U%G\" ${cert_dir}/private | grep \"${cert_owner}${cert_group}\"",
returns => [0, 1],
require => Package['ca-certificates'];
}
......
# == Class: geant_acme::files
#
class geant_acme::files (
$wrapped_vault_token,
$wrapped_puppet_token,
$vault_token,
$puppet_token,
$wildcard_domain,
$redis_host,
$vault_host,
$puppetdb_host,
$puppetdb_port,
$acme_server,
$wrapped_iblox_password,
$iblox_password,
$iblox_user,
) {
$vault_token = unwrap($wrapped_vault_token)
$puppet_token = unwrap($wrapped_puppet_token)
$iblox_password = unwrap($wrapped_iblox_password)
if $::environment == 'production' {
file { '/etc/letsencrypt':
ensure => link,
......
......@@ -28,8 +28,9 @@ class geant_acme::server ($certificates_hash) {
# if there is multi_domain join them as following: 'cert_2.geant.org -d cert_3.geant.org'
if $certificates_hash[$certificate]['multi_domain'] {
$_cert_list = join($certificates_hash[$certificate]['multi_domain'], ' -d ')
$cert_list = "${certificate} -d ${_cert_list}"
$concat_cert_list = concat($certificates_hash[$certificate]['multi_domain'], $certificate)
$unique_cert_list = unique($concat_cert_list)
$cert_list = join($concat_cert_list, ' -d ')
} else {
$cert_list = $certificate
}
......
[geant_acme]
# Infoblox credentials
iblox_pass = <%= $geant_acme::files::iblox_password %>
iblox_pass = <%= $geant_acme::files::iblox_password.unwrap %>
iblox_user = <%= $geant_acme::files::iblox_user %>
# Redis parameters
redis_token = <%= $geant_acme::files::puppet_token %>
redis_token = <%= $geant_acme::files::puppet_token.unwrap %>
redis_host = <%= $geant_acme::files::redis_host %>
# Vault parameters
vault_token = <%= $geant_acme::files::vault_token %>
vault_token = <%= $geant_acme::files::vault_token.unwrap %>
vault_host = <%= $geant_acme::files::vault_host %>
# PuppetDB parameters
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment