updated acme state

This commit is contained in:
Paul 2021-01-24 20:04:03 +01:00
parent 5a6879806e
commit 41d28c1a40
6 changed files with 115 additions and 51 deletions

38
states/acme/acmesh.sls Normal file
View File

@ -0,0 +1,38 @@
# vim:syntax=yaml
---
{%- from "acme/map.jinja" import acme with context %}
acmesh-install:
cmd.run:
- name: "curl https://get.acme.sh | sh"
- runas: root
- cwd: /root
- env:
- HOME: /root
- unless: /bin/bash -c "[[ -f /root/.acme.sh/acme.sh ]]"
acmesh-upgrade:
cmd.run:
- name: /root/.acme.sh/acme.sh --upgrade
- runas: root
- cwd: /root
- env:
- HOME: /root
- require:
- cmd: acmesh-install
acmesh-run:
cmd.run:
- name: /root/.acme.sh/acme.sh --debug --issue {%- for domain in acme.domains %} -d '{{ domain }}' {% endfor -%} --dns dns_ovh --cert-file '' --fullchain-file '{{ acme.fullcertfile }}' --key-file '{{ acme.keyfile }}' -k {{ acme.keysize }}
- env:
- OVH_AK: '{{ acme.provider.api.application_key }}'
- OVH_AS: '{{ acme.provider.api.application_secret }}'
- OVH_CK: '{{ acme.provider.api.consumer_key }}'
- HOME: '/root'
- success_retcodes:
- 0
- 1
- 2
- runas: root
- cwd: /root
- require:
- cmd: acmesh-install

15
states/acme/common.sls Normal file
View File

@ -0,0 +1,15 @@
# vim:syntax=yaml
---
{%- from "acme/map.jinja" import acme with context %}
{%- for dir in acme.directories %}
acme-directories-{{ dir }}:
file.directory:
- name: {{ dir }}
- makedirs: true
{%- endfor %}
acme-dh-params:
cmd.run:
- name: openssl dhparam -out {{ acme.dh.path }} {{ acme.dh.keysize }}
- creates: {{ acme.dh.path }}

View File

@ -9,12 +9,16 @@ acme:
path: "/etc/acme/dh/dh.pem"
keysize: 2048
keysize: 4096
domain: "*.example.com"
domains: []
dns: "dns_provider"
fullcertfile: "/etc/acme/certs/certificate.crt"
keyfile: "/etc/acme/keys/private.key"
fullchainfile: "/etc/acme/certs/certificate.crt"
provider:
api:
application_key: "test"
application_secret: "test"
consumer_key: "test"
pki:
url: "https://pki"
username: "test"
password: "test"

View File

@ -1,50 +1,6 @@
# vim:syntax=yaml
---
{%- from "acme/map.jinja" import acme with context %}
acme-install:
cmd.run:
- name: "curl https://get.acme.sh | sh"
- runas: root
- cwd: /root
- env:
- HOME: /root
- unless: /bin/bash -c "[[ -f /root/.acme.sh/acme.sh ]]"
acme-upgrade:
cmd.run:
- name: /root/.acme.sh/acme.sh --upgrade
- runas: root
- cwd: /root
- env:
- HOME: /root
- require:
- cmd: acme-install
{%- for dir in acme.directories %}
acme-directories-{{ dir }}:
file.directory:
- name: {{ dir }}
- makedirs: true
{%- endfor %}
acme-dh-params:
cmd.run:
- name: openssl dhparam -out {{ acme.dh.path }} {{ acme.dh.keysize }}
- creates: {{ acme.dh.path }}
acme-certs:
cmd.run:
- name: /root/.acme.sh/acme.sh --debug --issue {%- for dom in acme.domains %} -d '{{ dom }}' {% endfor -%} --dns dns_ovh --cert-file '' --key-file '{{ acme.keyfile }}' --fullchain-file '{{ acme.fullchainfile }}' -k {{ acme.keysize }}
- env:
- OVH_AK: '{{ acme.provider.api.application_key }}'
- OVH_AS: '{{ acme.provider.api.application_secret }}'
- OVH_CK: '{{ acme.provider.api.consumer_key }}'
- HOME: '/root'
- success_retcodes:
- 0
- 1
- 2
- runas: root
- cwd: /root
- require:
- cmd: acme-install
include:
- .common
- .pkic
# - .acmesh

30
states/acme/pkic.py.j2 Normal file
View File

@ -0,0 +1,30 @@
#!python3
# vim:syntax=python
import os
import requests
URL=os.environ("URL")
DOMAINS=os.environ("DOMAINS")
FULLCERTFILE=os.environ("FULLCERTFILE")
KEYFILE=os.environ("KEYFILE")
USERNAME=os.environ("USERNAME")
PASSWORD=os.environ("PASSWORD")
def main():
res = requests.request(method="GET", url=f"{URL}/domain/{DOMAINS}", auth=(USERNAME, PASSWORD))
resj = res.json()
try:
with open(FULLCERTFILE) as fcf:
os.write(ffcf, resj["certificate"])
with open(KEYFILE) as fkf:
os.write(fkf, resj["privatekey"])
except Exception as e:
return e
return
if __name__ == "__main__":
main()

21
states/acme/pkic.sls Normal file
View File

@ -0,0 +1,21 @@
# vim:syntax=yaml
---
{%- from "acme/map.jinja" import acme with context %}
pkic-install:
file.managed:
- name: /etc/acme/pkic.py
- template: jinja
- source: salt://acme/pkic.py.j2
- mode: 755
pkic-run:
cmd.run:
- name: /etc/acme/pkic.py
- env:
- URL: '{{ acme.provider.pki.url }}'
- FULLCERTFILE: '{{ acme.fullcertfile }}'
- KEYFILE: '{{ acme.keyfile }}'
- USERNAME: '{{ acme.provider.pki.username }}'
- PASSWORD: '{{ acme.provider.pki.password }}'
- require:
- cmd: pkic-install