From 843d7416696c2693410434a220900e88765e68bb Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Tue, 3 Oct 2017 08:28:08 +0000 Subject: [PATCH] Stop hardcoding /srv/puppet.debian.org/from-letsencrypt/ all over the place --- hieradata/common.yaml | 2 ++ modules/apache2/templates/ssl-key-pins.erb | 2 +- modules/roles/manifests/dbmaster.pp | 2 +- modules/roles/manifests/init.pp | 2 +- modules/rsync/manifests/site.pp | 3 ++- modules/ssl/manifests/service.pp | 3 ++- modules/ssl/templates/crt-chain.erb | 3 ++- modules/ssl/templates/crt-chained.erb | 3 ++- modules/ssl/templates/crt.erb | 3 ++- modules/ssl/templates/key-chained.erb | 6 ++++-- modules/ssl/templates/key.erb | 3 ++- 11 files changed, 21 insertions(+), 11 deletions(-) diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 2dd47996d..974860260 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -15,6 +15,8 @@ samhain_recipients: - 'zumbi@oron.es' root_mail_alias: - 'debian-admin@debian.org' +paths: + letsencrypt_dir: '/srv/puppet.debian.org/from-letsencrypt' roles: bugsmx: - buxtehude.debian.org diff --git a/modules/apache2/templates/ssl-key-pins.erb b/modules/apache2/templates/ssl-key-pins.erb index 7e891a293..c46111d8c 100644 --- a/modules/apache2/templates/ssl-key-pins.erb +++ b/modules/apache2/templates/ssl-key-pins.erb @@ -6,7 +6,7 @@ <%= - $cert_dir_le = '/srv/puppet.debian.org/from-letsencrypt' + $cert_dir_le = scope().call_function('hiera', ['paths.letsencrypt_dir']) $cert_dir_backup = '/srv/puppet.debian.org/backup-keys' def make_pin_macro(site) diff --git a/modules/roles/manifests/dbmaster.pp b/modules/roles/manifests/dbmaster.pp index c75713f5a..5dbc7b62d 100644 --- a/modules/roles/manifests/dbmaster.pp +++ b/modules/roles/manifests/dbmaster.pp @@ -23,7 +23,7 @@ class roles::dbmaster { ensure => present, mode => '0440', group => 'openldap', - content => inline_template('<%= File.read("/srv/puppet.debian.org/from-letsencrypt/db.debian.org.key") %>'), + content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.letsencrypt_dir"]) + "/db.debian.org.key") %>'), links => follow, } diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp index 371a99bab..8ccca492c 100644 --- a/modules/roles/manifests/init.pp +++ b/modules/roles/manifests/init.pp @@ -251,7 +251,7 @@ class roles { ensure => present, mode => '0440', group => 'gobby', - content => inline_template('<%= File.read("/srv/puppet.debian.org/from-letsencrypt/gobby.debian.org.key") %>'), + content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.letsencrypt_dir"]) + "/gobby.debian.org.key") %>'), links => follow, } } diff --git a/modules/rsync/manifests/site.pp b/modules/rsync/manifests/site.pp index 60cab396d..7011787f3 100644 --- a/modules/rsync/manifests/site.pp +++ b/modules/rsync/manifests/site.pp @@ -118,9 +118,10 @@ define rsync::site ( rule => '&SERVICE(tcp, 1873)', } + $certdir = hiera('paths.letsencrypt_dir') dnsextras::tlsa_record{ "tlsa-${sslname}-1873": zone => 'debian.org', - certfile => [ "/srv/puppet.debian.org/from-letsencrypt/${sslname}.crt" ], + certfile => [ "${certdir}/${sslname}.crt" ], port => 1873, hostname => $sslname, } diff --git a/modules/ssl/manifests/service.pp b/modules/ssl/manifests/service.pp index c507351e0..069df0a6f 100644 --- a/modules/ssl/manifests/service.pp +++ b/modules/ssl/manifests/service.pp @@ -48,9 +48,10 @@ define ssl::service($ensure = present, $tlsaport = 443, $notify = [], $key = fal if (size($tlsaports) > 0 and $ssl_ensure == "present") { $portlist = join($tlsaports, "-") + $certdir = hiera('paths.letsencrypt_dir') dnsextras::tlsa_record{ "tlsa-${name}-${portlist}": zone => 'debian.org', - certfile => [ "/srv/puppet.debian.org/from-letsencrypt/${name}.crt" ], + certfile => [ "${certdir}/${name}.crt" ], port => $tlsaport, hostname => "$name", } diff --git a/modules/ssl/templates/crt-chain.erb b/modules/ssl/templates/crt-chain.erb index 94cd70878..4caa8b213 100644 --- a/modules/ssl/templates/crt-chain.erb +++ b/modules/ssl/templates/crt-chain.erb @@ -1,5 +1,6 @@ <%= - fn = "/srv/puppet.debian.org/from-letsencrypt/#{@name}.crt-chain" + dir = scope().call_function('hiera', ['paths.letsencrypt_dir']) + fn = "#{dir}/#{@name}.crt-chain" out = File.read(fn) out %> diff --git a/modules/ssl/templates/crt-chained.erb b/modules/ssl/templates/crt-chained.erb index aba48f6a9..aa914b625 100644 --- a/modules/ssl/templates/crt-chained.erb +++ b/modules/ssl/templates/crt-chained.erb @@ -1,5 +1,6 @@ <%= - fn = "/srv/puppet.debian.org/from-letsencrypt/#{@name}.crt-chained" + dir = scope().call_function('hiera', ['paths.letsencrypt_dir']) + fn = "#{dir}/#{@name}.crt-chained" out = File.read(fn) out %> diff --git a/modules/ssl/templates/crt.erb b/modules/ssl/templates/crt.erb index 52f639ab0..df0975f3a 100644 --- a/modules/ssl/templates/crt.erb +++ b/modules/ssl/templates/crt.erb @@ -1,5 +1,6 @@ <%= - fn = "/srv/puppet.debian.org/from-letsencrypt/#{@name}.crt" + dir = scope().call_function('hiera', ['paths.letsencrypt_dir']) + fn = "#{dir}/#{@name}.crt" out = File.read(fn) out %> diff --git a/modules/ssl/templates/key-chained.erb b/modules/ssl/templates/key-chained.erb index a3f944531..52cd0399a 100644 --- a/modules/ssl/templates/key-chained.erb +++ b/modules/ssl/templates/key-chained.erb @@ -1,10 +1,12 @@ <%= - fn = "/srv/puppet.debian.org/from-letsencrypt/#{@name}.key" + dir = scope().call_function('hiera', ['paths.letsencrypt_dir']) + + fn = "#{dir}/#{@name}.key" out = File.read(fn) out %> <%= - fn = "/srv/puppet.debian.org/from-letsencrypt/#{@name}.crt-chained" + fn = "#{dir}/#{@name}.crt-chained" out = File.read(fn) out %> diff --git a/modules/ssl/templates/key.erb b/modules/ssl/templates/key.erb index 3fc07945f..d3148b826 100644 --- a/modules/ssl/templates/key.erb +++ b/modules/ssl/templates/key.erb @@ -1,5 +1,6 @@ <%= - fn = "/srv/puppet.debian.org/from-letsencrypt/#{@name}.key" + dir = scope().call_function('hiera', ['paths.letsencrypt_dir']) + fn = "#{dir}/#{@name}.key" out = File.read(fn) out %> -- 2.20.1