Puppet Class: profile::acme_chief

Defined in:
modules/profile/manifests/acme_chief.pp

Overview

Parameters:

  • accounts (Hash[String, Hash[String, String]]) (defaults to: lookup('profile::acme_chief::accounts'))
  • certificates (Hash[String, Acme_chief::Certificate]) (defaults to: lookup('profile::acme_chief::certificates'))
  • shared_acme_certificates (Hash[String, Acme_chief::Certificate]) (defaults to: lookup('shared_acme_certificates', {default_value => {}}))
  • challenges (Hash[String, Hash[String, Any]]) (defaults to: lookup('profile::acme_chief::challenges'))
  • http_proxy (String) (defaults to: lookup('http_proxy'))
  • active_host (String) (defaults to: lookup('profile::acme_chief::active'))
  • passive_host (String) (defaults to: lookup('profile::acme_chief::passive'))
  • authdns_servers (Hash[Stdlib::Fqdn, Stdlib::IP::Address::Nosubnet]) (defaults to: lookup('authdns_servers'))
  • watchdog_sec (Integer) (defaults to: lookup('profile::acme_chief::watchdog_sec', {default_value => 600}))


35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# File 'modules/profile/manifests/acme_chief.pp', line 35

class profile::acme_chief (
    Hash[String, Hash[String, String]] $accounts = lookup('profile::acme_chief::accounts'),
    Hash[String, Acme_chief::Certificate] $certificates = lookup('profile::acme_chief::certificates'),
    Hash[String, Acme_chief::Certificate] $shared_acme_certificates = lookup('shared_acme_certificates', {default_value => {}}),
    Hash[String, Hash[String, Any]] $challenges = lookup('profile::acme_chief::challenges'),
    String $http_proxy = lookup('http_proxy'),
    String $active_host = lookup('profile::acme_chief::active'),
    String $passive_host = lookup('profile::acme_chief::passive'),
    Hash[Stdlib::Fqdn, Stdlib::IP::Address::Nosubnet] $authdns_servers = lookup('authdns_servers'),
    Integer $watchdog_sec = lookup('profile::acme_chief::watchdog_sec', {default_value => 600}),
) {
    $internal_domains = ['wmnet']
    $acme_chief_certificates = $certificates + $shared_acme_certificates
    $acme_chief_certificates.each |$cert, $config| {
        if $config['CN'].stdlib::end_with($internal_domains) {
            fail("${cert} CN (${config['CN']}) contains internal domain")
        }
        $config['SNI'].each |$sni| {
            if $sni.stdlib::end_with($internal_domains) {
                fail("${cert} SNI (${sni}) contains internal domain")
            }
        }
    }

    class { '::acme_chief::server':
        accounts      => $accounts,
        certificates  => $acme_chief_certificates,
        challenges    => $challenges,
        http_proxy    => $http_proxy,
        active_host   => $active_host,
        passive_host  => $passive_host,
        authdns_hosts => $authdns_servers.keys(),
        watchdog_sec  => $watchdog_sec,
    }
}