projects
/
mirror
/
dsa-puppet.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
5028fc1
)
Stop hardcoding /srv/puppet.debian.org/from-letsencrypt/ all over the place
author
Peter Palfrader
<peter@palfrader.org>
Tue, 3 Oct 2017 08:28:08 +0000
(08:28 +0000)
committer
Peter Palfrader
<peter@palfrader.org>
Tue, 3 Oct 2017 08:28:08 +0000
(08:28 +0000)
hieradata/common.yaml
patch
|
blob
|
history
modules/apache2/templates/ssl-key-pins.erb
patch
|
blob
|
history
modules/roles/manifests/dbmaster.pp
patch
|
blob
|
history
modules/roles/manifests/init.pp
patch
|
blob
|
history
modules/rsync/manifests/site.pp
patch
|
blob
|
history
modules/ssl/manifests/service.pp
patch
|
blob
|
history
modules/ssl/templates/crt-chain.erb
patch
|
blob
|
history
modules/ssl/templates/crt-chained.erb
patch
|
blob
|
history
modules/ssl/templates/crt.erb
patch
|
blob
|
history
modules/ssl/templates/key-chained.erb
patch
|
blob
|
history
modules/ssl/templates/key.erb
patch
|
blob
|
history
diff --git
a/hieradata/common.yaml
b/hieradata/common.yaml
index
2dd4799
..
9748602
100644
(file)
--- a/
hieradata/common.yaml
+++ b/
hieradata/common.yaml
@@
-15,6
+15,8
@@
samhain_recipients:
- 'zumbi@oron.es'
root_mail_alias:
- 'debian-admin@debian.org'
- 'zumbi@oron.es'
root_mail_alias:
- 'debian-admin@debian.org'
+paths:
+ letsencrypt_dir: '/srv/puppet.debian.org/from-letsencrypt'
roles:
bugsmx:
- buxtehude.debian.org
roles:
bugsmx:
- buxtehude.debian.org
diff --git
a/modules/apache2/templates/ssl-key-pins.erb
b/modules/apache2/templates/ssl-key-pins.erb
index
7e891a2
..
c46111d
100644
(file)
--- a/
modules/apache2/templates/ssl-key-pins.erb
+++ b/
modules/apache2/templates/ssl-key-pins.erb
@@
-6,7
+6,7
@@
<IfModule mod_macro.c>
<%=
<IfModule mod_macro.c>
<%=
- $cert_dir_le =
'/srv/puppet.debian.org/from-letsencrypt'
+ $cert_dir_le =
scope().call_function('hiera', ['paths.letsencrypt_dir'])
$cert_dir_backup = '/srv/puppet.debian.org/backup-keys'
def make_pin_macro(site)
$cert_dir_backup = '/srv/puppet.debian.org/backup-keys'
def make_pin_macro(site)
diff --git
a/modules/roles/manifests/dbmaster.pp
b/modules/roles/manifests/dbmaster.pp
index
c75713f
..
5dbc7b6
100644
(file)
--- a/
modules/roles/manifests/dbmaster.pp
+++ b/
modules/roles/manifests/dbmaster.pp
@@
-23,7
+23,7
@@
class roles::dbmaster {
ensure => present,
mode => '0440',
group => 'openldap',
ensure => present,
mode => '0440',
group => 'openldap',
- content => inline_template('<%= File.read(
"/srv/puppet.debian.org/from-letsencrypt
/db.debian.org.key") %>'),
+ content => inline_template('<%= File.read(
scope().call_function("hiera", ["paths.letsencrypt_dir"]) + "
/db.debian.org.key") %>'),
links => follow,
}
links => follow,
}
diff --git
a/modules/roles/manifests/init.pp
b/modules/roles/manifests/init.pp
index
371a99b
..
8ccca49
100644
(file)
--- a/
modules/roles/manifests/init.pp
+++ b/
modules/roles/manifests/init.pp
@@
-251,7
+251,7
@@
class roles {
ensure => present,
mode => '0440',
group => 'gobby',
ensure => present,
mode => '0440',
group => 'gobby',
- content => inline_template('<%= File.read(
"/srv/puppet.debian.org/from-letsencrypt
/gobby.debian.org.key") %>'),
+ content => inline_template('<%= File.read(
scope().call_function("hiera", ["paths.letsencrypt_dir"]) + "
/gobby.debian.org.key") %>'),
links => follow,
}
}
links => follow,
}
}
diff --git
a/modules/rsync/manifests/site.pp
b/modules/rsync/manifests/site.pp
index
60cab39
..
7011787
100644
(file)
--- a/
modules/rsync/manifests/site.pp
+++ b/
modules/rsync/manifests/site.pp
@@
-118,9
+118,10
@@
define rsync::site (
rule => '&SERVICE(tcp, 1873)',
}
rule => '&SERVICE(tcp, 1873)',
}
+ $certdir = hiera('paths.letsencrypt_dir')
dnsextras::tlsa_record{ "tlsa-${sslname}-1873":
zone => 'debian.org',
dnsextras::tlsa_record{ "tlsa-${sslname}-1873":
zone => 'debian.org',
- certfile => [ "
/srv/puppet.debian.org/from-letsencrypt
/${sslname}.crt" ],
+ certfile => [ "
${certdir}
/${sslname}.crt" ],
port => 1873,
hostname => $sslname,
}
port => 1873,
hostname => $sslname,
}
diff --git
a/modules/ssl/manifests/service.pp
b/modules/ssl/manifests/service.pp
index
c507351
..
069df0a
100644
(file)
--- a/
modules/ssl/manifests/service.pp
+++ b/
modules/ssl/manifests/service.pp
@@
-48,9
+48,10
@@
define ssl::service($ensure = present, $tlsaport = 443, $notify = [], $key = fal
if (size($tlsaports) > 0 and $ssl_ensure == "present") {
$portlist = join($tlsaports, "-")
if (size($tlsaports) > 0 and $ssl_ensure == "present") {
$portlist = join($tlsaports, "-")
+ $certdir = hiera('paths.letsencrypt_dir')
dnsextras::tlsa_record{ "tlsa-${name}-${portlist}":
zone => 'debian.org',
dnsextras::tlsa_record{ "tlsa-${name}-${portlist}":
zone => 'debian.org',
- certfile => [ "
/srv/puppet.debian.org/from-letsencrypt
/${name}.crt" ],
+ certfile => [ "
${certdir}
/${name}.crt" ],
port => $tlsaport,
hostname => "$name",
}
port => $tlsaport,
hostname => "$name",
}
diff --git
a/modules/ssl/templates/crt-chain.erb
b/modules/ssl/templates/crt-chain.erb
index
94cd708
..
4caa8b2
100644
(file)
--- a/
modules/ssl/templates/crt-chain.erb
+++ b/
modules/ssl/templates/crt-chain.erb
@@
-1,5
+1,6
@@
<%=
<%=
- fn = "/srv/puppet.debian.org/from-letsencrypt/#{@name}.crt-chain"
+ dir = scope().call_function('hiera', ['paths.letsencrypt_dir'])
+ fn = "#{dir}/#{@name}.crt-chain"
out = File.read(fn)
out
%>
out = File.read(fn)
out
%>
diff --git
a/modules/ssl/templates/crt-chained.erb
b/modules/ssl/templates/crt-chained.erb
index
aba48f6
..
aa914b6
100644
(file)
--- a/
modules/ssl/templates/crt-chained.erb
+++ b/
modules/ssl/templates/crt-chained.erb
@@
-1,5
+1,6
@@
<%=
<%=
- fn = "/srv/puppet.debian.org/from-letsencrypt/#{@name}.crt-chained"
+ dir = scope().call_function('hiera', ['paths.letsencrypt_dir'])
+ fn = "#{dir}/#{@name}.crt-chained"
out = File.read(fn)
out
%>
out = File.read(fn)
out
%>
diff --git
a/modules/ssl/templates/crt.erb
b/modules/ssl/templates/crt.erb
index
52f639a
..
df0975f
100644
(file)
--- a/
modules/ssl/templates/crt.erb
+++ b/
modules/ssl/templates/crt.erb
@@
-1,5
+1,6
@@
<%=
<%=
- fn = "/srv/puppet.debian.org/from-letsencrypt/#{@name}.crt"
+ dir = scope().call_function('hiera', ['paths.letsencrypt_dir'])
+ fn = "#{dir}/#{@name}.crt"
out = File.read(fn)
out
%>
out = File.read(fn)
out
%>
diff --git
a/modules/ssl/templates/key-chained.erb
b/modules/ssl/templates/key-chained.erb
index
a3f9445
..
52cd039
100644
(file)
--- a/
modules/ssl/templates/key-chained.erb
+++ b/
modules/ssl/templates/key-chained.erb
@@
-1,10
+1,12
@@
<%=
<%=
- fn = "/srv/puppet.debian.org/from-letsencrypt/#{@name}.key"
+ dir = scope().call_function('hiera', ['paths.letsencrypt_dir'])
+
+ fn = "#{dir}/#{@name}.key"
out = File.read(fn)
out
%>
<%=
out = File.read(fn)
out
%>
<%=
- fn = "
/srv/puppet.debian.org/from-letsencrypt
/#{@name}.crt-chained"
+ fn = "
#{dir}
/#{@name}.crt-chained"
out = File.read(fn)
out
%>
out = File.read(fn)
out
%>
diff --git
a/modules/ssl/templates/key.erb
b/modules/ssl/templates/key.erb
index
3fc0794
..
d3148b8
100644
(file)
--- a/
modules/ssl/templates/key.erb
+++ b/
modules/ssl/templates/key.erb
@@
-1,5
+1,6
@@
<%=
<%=
- fn = "/srv/puppet.debian.org/from-letsencrypt/#{@name}.key"
+ dir = scope().call_function('hiera', ['paths.letsencrypt_dir'])
+ fn = "#{dir}/#{@name}.key"
out = File.read(fn)
out
%>
out = File.read(fn)
out
%>