updated acme state
This commit is contained in:
parent
5a6879806e
commit
41d28c1a40
38
states/acme/acmesh.sls
Normal file
38
states/acme/acmesh.sls
Normal file
@ -0,0 +1,38 @@
|
||||
# vim:syntax=yaml
|
||||
---
|
||||
{%- from "acme/map.jinja" import acme with context %}
|
||||
acmesh-install:
|
||||
cmd.run:
|
||||
- name: "curl https://get.acme.sh | sh"
|
||||
- runas: root
|
||||
- cwd: /root
|
||||
- env:
|
||||
- HOME: /root
|
||||
- unless: /bin/bash -c "[[ -f /root/.acme.sh/acme.sh ]]"
|
||||
|
||||
acmesh-upgrade:
|
||||
cmd.run:
|
||||
- name: /root/.acme.sh/acme.sh --upgrade
|
||||
- runas: root
|
||||
- cwd: /root
|
||||
- env:
|
||||
- HOME: /root
|
||||
- require:
|
||||
- cmd: acmesh-install
|
||||
|
||||
acmesh-run:
|
||||
cmd.run:
|
||||
- name: /root/.acme.sh/acme.sh --debug --issue {%- for domain in acme.domains %} -d '{{ domain }}' {% endfor -%} --dns dns_ovh --cert-file '' --fullchain-file '{{ acme.fullcertfile }}' --key-file '{{ acme.keyfile }}' -k {{ acme.keysize }}
|
||||
- env:
|
||||
- OVH_AK: '{{ acme.provider.api.application_key }}'
|
||||
- OVH_AS: '{{ acme.provider.api.application_secret }}'
|
||||
- OVH_CK: '{{ acme.provider.api.consumer_key }}'
|
||||
- HOME: '/root'
|
||||
- success_retcodes:
|
||||
- 0
|
||||
- 1
|
||||
- 2
|
||||
- runas: root
|
||||
- cwd: /root
|
||||
- require:
|
||||
- cmd: acmesh-install
|
15
states/acme/common.sls
Normal file
15
states/acme/common.sls
Normal file
@ -0,0 +1,15 @@
|
||||
# vim:syntax=yaml
|
||||
---
|
||||
{%- from "acme/map.jinja" import acme with context %}
|
||||
|
||||
{%- for dir in acme.directories %}
|
||||
acme-directories-{{ dir }}:
|
||||
file.directory:
|
||||
- name: {{ dir }}
|
||||
- makedirs: true
|
||||
{%- endfor %}
|
||||
|
||||
acme-dh-params:
|
||||
cmd.run:
|
||||
- name: openssl dhparam -out {{ acme.dh.path }} {{ acme.dh.keysize }}
|
||||
- creates: {{ acme.dh.path }}
|
@ -9,12 +9,16 @@ acme:
|
||||
path: "/etc/acme/dh/dh.pem"
|
||||
keysize: 2048
|
||||
keysize: 4096
|
||||
domain: "*.example.com"
|
||||
domains: []
|
||||
dns: "dns_provider"
|
||||
fullcertfile: "/etc/acme/certs/certificate.crt"
|
||||
keyfile: "/etc/acme/keys/private.key"
|
||||
fullchainfile: "/etc/acme/certs/certificate.crt"
|
||||
provider:
|
||||
api:
|
||||
application_key: "test"
|
||||
application_secret: "test"
|
||||
consumer_key: "test"
|
||||
consumer_key: "test"
|
||||
pki:
|
||||
url: "https://pki"
|
||||
username: "test"
|
||||
password: "test"
|
||||
|
@ -1,50 +1,6 @@
|
||||
# vim:syntax=yaml
|
||||
---
|
||||
{%- from "acme/map.jinja" import acme with context %}
|
||||
acme-install:
|
||||
cmd.run:
|
||||
- name: "curl https://get.acme.sh | sh"
|
||||
- runas: root
|
||||
- cwd: /root
|
||||
- env:
|
||||
- HOME: /root
|
||||
- unless: /bin/bash -c "[[ -f /root/.acme.sh/acme.sh ]]"
|
||||
|
||||
acme-upgrade:
|
||||
cmd.run:
|
||||
- name: /root/.acme.sh/acme.sh --upgrade
|
||||
- runas: root
|
||||
- cwd: /root
|
||||
- env:
|
||||
- HOME: /root
|
||||
- require:
|
||||
- cmd: acme-install
|
||||
|
||||
{%- for dir in acme.directories %}
|
||||
acme-directories-{{ dir }}:
|
||||
file.directory:
|
||||
- name: {{ dir }}
|
||||
- makedirs: true
|
||||
{%- endfor %}
|
||||
|
||||
acme-dh-params:
|
||||
cmd.run:
|
||||
- name: openssl dhparam -out {{ acme.dh.path }} {{ acme.dh.keysize }}
|
||||
- creates: {{ acme.dh.path }}
|
||||
|
||||
acme-certs:
|
||||
cmd.run:
|
||||
- name: /root/.acme.sh/acme.sh --debug --issue {%- for dom in acme.domains %} -d '{{ dom }}' {% endfor -%} --dns dns_ovh --cert-file '' --key-file '{{ acme.keyfile }}' --fullchain-file '{{ acme.fullchainfile }}' -k {{ acme.keysize }}
|
||||
- env:
|
||||
- OVH_AK: '{{ acme.provider.api.application_key }}'
|
||||
- OVH_AS: '{{ acme.provider.api.application_secret }}'
|
||||
- OVH_CK: '{{ acme.provider.api.consumer_key }}'
|
||||
- HOME: '/root'
|
||||
- success_retcodes:
|
||||
- 0
|
||||
- 1
|
||||
- 2
|
||||
- runas: root
|
||||
- cwd: /root
|
||||
- require:
|
||||
- cmd: acme-install
|
||||
include:
|
||||
- .common
|
||||
- .pkic
|
||||
# - .acmesh
|
||||
|
30
states/acme/pkic.py.j2
Normal file
30
states/acme/pkic.py.j2
Normal file
@ -0,0 +1,30 @@
|
||||
#!python3
|
||||
# vim:syntax=python
|
||||
|
||||
import os
|
||||
import requests
|
||||
|
||||
URL=os.environ("URL")
|
||||
DOMAINS=os.environ("DOMAINS")
|
||||
FULLCERTFILE=os.environ("FULLCERTFILE")
|
||||
KEYFILE=os.environ("KEYFILE")
|
||||
USERNAME=os.environ("USERNAME")
|
||||
PASSWORD=os.environ("PASSWORD")
|
||||
|
||||
def main():
|
||||
res = requests.request(method="GET", url=f"{URL}/domain/{DOMAINS}", auth=(USERNAME, PASSWORD))
|
||||
resj = res.json()
|
||||
|
||||
try:
|
||||
with open(FULLCERTFILE) as fcf:
|
||||
os.write(ffcf, resj["certificate"])
|
||||
|
||||
with open(KEYFILE) as fkf:
|
||||
os.write(fkf, resj["privatekey"])
|
||||
except Exception as e:
|
||||
return e
|
||||
|
||||
return
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
21
states/acme/pkic.sls
Normal file
21
states/acme/pkic.sls
Normal file
@ -0,0 +1,21 @@
|
||||
# vim:syntax=yaml
|
||||
---
|
||||
{%- from "acme/map.jinja" import acme with context %}
|
||||
pkic-install:
|
||||
file.managed:
|
||||
- name: /etc/acme/pkic.py
|
||||
- template: jinja
|
||||
- source: salt://acme/pkic.py.j2
|
||||
- mode: 755
|
||||
|
||||
pkic-run:
|
||||
cmd.run:
|
||||
- name: /etc/acme/pkic.py
|
||||
- env:
|
||||
- URL: '{{ acme.provider.pki.url }}'
|
||||
- FULLCERTFILE: '{{ acme.fullcertfile }}'
|
||||
- KEYFILE: '{{ acme.keyfile }}'
|
||||
- USERNAME: '{{ acme.provider.pki.username }}'
|
||||
- PASSWORD: '{{ acme.provider.pki.password }}'
|
||||
- require:
|
||||
- cmd: pkic-install
|
Loading…
Reference in New Issue
Block a user