tabulon/cdist
1
0
Fork 0
forked from ungleich-public/cdist
Code Pull requests Activity

Merge pull request #666 from darko-poljak/fix-letsencrypt-cert

Browse source 
Fix __letsencrypt_cert type: use object id as domain
This commit is contained in:
Darko Poljak 2018-05-30 19:41:50 +02:00 committed by GitHub
commit a1a589ab59
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 28 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

8
cdist/conf/type/__letsencrypt_cert/gencode-remote
View file

@ -15,7 +15,13 @@ case "${state}" in
echo remove >> "${__messages_out:?}" echo remove >> "${__messages_out:?}"
;; ;;
present) present)
requested_domains="${__object}/parameter/domain" domain_param_file="${__object}/parameter/domain"
requested_domains=$(mktemp domain.cdist.XXXXXXXXXX)
if [ -f "${domain_param_file}" ]; then
cp "${domain_param_file}" "${requested_domains}"
else
echo "$__object_id" >> "${requested_domains}"
fi
staging=no staging=no
if [ -f "${__object}/parameter/staging" ]; then if [ -f "${__object}/parameter/staging" ]; then

26
cdist/conf/type/__letsencrypt_cert/man.rst
View file

@ -14,15 +14,13 @@ Automatically obtain a Let's Encrypt SSL certificate using Certbot.
REQUIRED PARAMETERS REQUIRED PARAMETERS
------------------- -------------------
object id
A cert name. If domain parameter is not specified then it is used
as a domain to be included in the certificate.
admin-email admin-email
Where to send Let's Encrypt emails like "certificate needs renewal". Where to send Let's Encrypt emails like "certificate needs renewal".
REQUIRED MULTIPLE PARAMETERS
----------------------------
domain
A domain to be included in the certificate.
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
@ -44,6 +42,10 @@ OPTIONAL MULTIPLE PARAMETERS
renew-hook renew-hook
Renew hook command directly passed to Certbot in cron job. Renew hook command directly passed to Certbot in cron job.
domain
Domains to be included in the certificate. When specified then object id
is not used as a domain.
BOOLEAN PARAMETERS BOOLEAN PARAMETERS
------------------ ------------------
@ -70,6 +72,17 @@ EXAMPLES
.. code-block:: sh .. code-block:: sh
# use object id as domain
__letsencrypt_cert example.com \
--admin-email root@example.com \
--automatic-renewal \
--renew-hook "service nginx reload" \
--webroot /data/letsencrypt/root
.. code-block:: sh
# domain parameter is specified so object id is not used as domain
# and example.com needs to be included again with domain parameter
__letsencrypt_cert example.com \ __letsencrypt_cert example.com \
--admin-email root@example.com \ --admin-email root@example.com \
--automatic-renewal \ --automatic-renewal \
@ -79,7 +92,6 @@ EXAMPLES
--renew-hook "service nginx reload" \ --renew-hook "service nginx reload" \
--webroot /data/letsencrypt/root --webroot /data/letsencrypt/root
AUTHORS AUTHORS
------- -------

1
cdist/conf/type/__letsencrypt_cert/parameter/optional_multiple
View file

@ -1 +1,2 @@
domain
renew-hook renew-hook

1
cdist/conf/type/__letsencrypt_cert/parameter/required_multiple
View file

@ -1 +0,0 @@
domain

1
docs/changelog
View file

@ -5,6 +5,7 @@ next:
* New type: __install_coreos (Ľubomír Kučera) * New type: __install_coreos (Ľubomír Kučera)
* Type __consul_agent: Add LSB init header (Nico Schottelius) * Type __consul_agent: Add LSB init header (Nico Schottelius)
* Type __package_yum: Fix explorer when name contains package name with exact version specified (Aleksandr Dinu) * Type __package_yum: Fix explorer when name contains package name with exact version specified (Aleksandr Dinu)
* Type __letsencrypt_cert: Use object id as domain if domain param is not specified (Darko Poljak)
4.9.0: 2018-05-17 4.9.0: 2018-05-17
* Type __docker_stack: Use --with-registry-auth option (Ľubomír Kučera) * Type __docker_stack: Use --with-registry-auth option (Ľubomír Kučera)