Puppet Class: certspotter

Defined in:
modules/certspotter/manifests/init.pp

Overview

Parameters:

  • domains (Any)
  • address (Any)


22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
# File 'modules/certspotter/manifests/init.pp', line 22

class certspotter(
  $domains,
  $address,
) {
    package { 'certspotter':
        ensure => present,
    }

    $homedir = '/var/lib/certspotter'
    $statedir = "${homedir}/state"
    $configdir = '/etc/certspotter'
    $watchlist = "${configdir}/watchlist"

    user { 'certspotter':
        ensure     => present,
        home       => $homedir,
        shell      => '/bin/sh',
        comment    => 'certspotter user',
        gid        => 'certspotter',
        system     => true,
        managehome => true,
        require    => Group['certspotter'],
    }

    group { 'certspotter':
        ensure => present,
        system => true,
    }

    file { $configdir:
        ensure => directory,
        owner  => 'root',
        group  => 'root',
        mode   => '0755',
    }

    file { $watchlist:
        ensure  => present,
        owner   => 'root',
        group   => 'root',
        mode    => '0444',
        content => inline_template("<%= @domains.join(\"\n\") %>\n"),
    }

    # 20180423 - cron disabled (with ensure => absent) to squelch cron errors
    # until certspotter can be upgraded -herron
    $cmd = "/usr/bin/certspotter -watchlist ${watchlist} -state_dir ${statedir}"
    cron { 'certspotter':
        ensure      => absent,
        command     => $cmd,
        environment => "MAILTO=${address}",
        user        => 'certspotter',
        minute      => fqdn_rand(30, 'certspotter'),
        hour        => '*',
        require     => [
            User['certspotter'],
            Package['certspotter'],
            File[$watchlist],
        ],
    }

}