updated acme state

states/acme/acmesh.sls

@@ -0,0 +1,38 @@
+# vim:syntax=yaml
+---
+{%- from "acme/map.jinja" import acme with context %}
+acmesh-install:
+  cmd.run:
+    - name: "curl https://get.acme.sh | sh"
+    - runas: root
+    - cwd: /root
+    - env:
+      - HOME: /root
+    - unless: /bin/bash -c "[[ -f /root/.acme.sh/acme.sh ]]"
+
+acmesh-upgrade:
+  cmd.run:
+    - name: /root/.acme.sh/acme.sh --upgrade
+    - runas: root
+    - cwd: /root
+    - env:
+      - HOME: /root
+    - require:
+      - cmd: acmesh-install
+
+acmesh-run:
+  cmd.run:
+    - name: /root/.acme.sh/acme.sh --debug --issue {%- for domain in acme.domains %} -d '{{ domain }}' {% endfor -%} --dns dns_ovh --cert-file '' --fullchain-file '{{ acme.fullcertfile }}' --key-file '{{ acme.keyfile }}' -k {{ acme.keysize }}
+    - env:
+      - OVH_AK: '{{ acme.provider.api.application_key }}'
+      - OVH_AS: '{{ acme.provider.api.application_secret }}'
+      - OVH_CK: '{{ acme.provider.api.consumer_key }}'
+      - HOME: '/root'
+    - success_retcodes:
+      - 0
+      - 1
+      - 2
+    - runas: root
+    - cwd: /root
+    - require:
+      - cmd: acmesh-install

states/acme/common.sls

@@ -0,0 +1,15 @@
+# vim:syntax=yaml
+---
+{%- from "acme/map.jinja" import acme with context %}
+
+{%- for dir in acme.directories %}
+acme-directories-{{ dir }}:
+  file.directory:
+    - name: {{ dir }}
+    - makedirs: true
+{%- endfor %}
+
+acme-dh-params:
+  cmd.run:
+    - name: openssl dhparam -out {{ acme.dh.path }} {{ acme.dh.keysize }}
+    - creates: {{ acme.dh.path }}

states/acme/defaults.yaml

@@ -9,12 +9,16 @@ acme:
     path: "/etc/acme/dh/dh.pem"
     keysize: 2048
   keysize: 4096
-  domain: "*.example.com"
+  domains: []
   dns: "dns_provider"
+  fullcertfile: "/etc/acme/certs/certificate.crt"
   keyfile: "/etc/acme/keys/private.key"
-  fullchainfile: "/etc/acme/certs/certificate.crt"
   provider:
     api:
       application_key: "test"
       application_secret: "test"
       consumer_key: "test"
+    pki:
+      url: "https://pki"
+      username: "test"
+      password: "test"

states/acme/init.sls

@@ -1,50 +1,6 @@
 # vim:syntax=yaml
 ---
-{%- from "acme/map.jinja" import acme with context %}
+include:
-acme-install:
+  - .common
-  cmd.run:
+  - .pkic
-    - name: "curl https://get.acme.sh | sh"
+  #  - .acmesh
-    - runas: root
-    - cwd: /root
-    - env:
-      - HOME: /root
-    - unless: /bin/bash -c "[[ -f /root/.acme.sh/acme.sh ]]"
-
-acme-upgrade:
-  cmd.run:
-    - name: /root/.acme.sh/acme.sh --upgrade
-    - runas: root
-    - cwd: /root
-    - env:
-      - HOME: /root
-    - require:
-      - cmd: acme-install
-
-{%- for dir in acme.directories %}
-acme-directories-{{ dir }}:
-  file.directory:
-    - name: {{ dir }}
-    - makedirs: true
-{%- endfor %}
-
-acme-dh-params:
-  cmd.run:
-    - name: openssl dhparam -out {{ acme.dh.path }} {{ acme.dh.keysize }}
-    - creates: {{ acme.dh.path }}
-
-acme-certs:
-  cmd.run:
-    - name: /root/.acme.sh/acme.sh --debug --issue {%- for dom in acme.domains %} -d '{{ dom }}' {% endfor -%} --dns dns_ovh --cert-file '' --key-file '{{ acme.keyfile }}' --fullchain-file '{{ acme.fullchainfile }}' -k {{ acme.keysize }}
-    - env:
-      - OVH_AK: '{{ acme.provider.api.application_key }}'
-      - OVH_AS: '{{ acme.provider.api.application_secret }}'
-      - OVH_CK: '{{ acme.provider.api.consumer_key }}'
-      - HOME: '/root'
-    - success_retcodes:
-      - 0
-      - 1
-      - 2
-    - runas: root
-    - cwd: /root
-    - require:
-      - cmd: acme-install

states/acme/pkic.py.j2

@@ -0,0 +1,30 @@
+#!python3
+# vim:syntax=python
+
+import os
+import requests
+
+URL=os.environ("URL")
+DOMAINS=os.environ("DOMAINS")
+FULLCERTFILE=os.environ("FULLCERTFILE")
+KEYFILE=os.environ("KEYFILE")
+USERNAME=os.environ("USERNAME")
+PASSWORD=os.environ("PASSWORD")
+
+def main():
+  res = requests.request(method="GET", url=f"{URL}/domain/{DOMAINS}", auth=(USERNAME, PASSWORD))
+  resj = res.json()
+
+  try:
+    with open(FULLCERTFILE) as fcf:
+      os.write(ffcf, resj["certificate"])
+
+    with open(KEYFILE) as fkf:
+      os.write(fkf, resj["privatekey"])
+  except Exception as e:
+    return e
+
+  return
+
+if __name__ == "__main__":
+  main()

states/acme/pkic.sls

@@ -0,0 +1,21 @@
+# vim:syntax=yaml
+---
+{%- from "acme/map.jinja" import acme with context %}
+pkic-install:
+  file.managed:
+    - name: /etc/acme/pkic.py
+    - template: jinja
+    - source: salt://acme/pkic.py.j2
+    - mode: 755
+
+pkic-run:
+  cmd.run:
+    - name: /etc/acme/pkic.py
+    - env:
+      - URL: '{{ acme.provider.pki.url }}'
+      - FULLCERTFILE: '{{ acme.fullcertfile }}'
+      - KEYFILE: '{{ acme.keyfile }}'
+      - USERNAME: '{{ acme.provider.pki.username }}'
+      - PASSWORD: '{{ acme.provider.pki.password }}'
+    - require:
+      - cmd: pkic-install