Defined Type: letsencrypt::cert::integrated

Defined in:
modules/letsencrypt/manifests/cert/integrated.pp

Overview

Parameters:

  • subjects (Any)
  • puppet_svc (Any)
  • system_svc (Any)
  • key_user (Any) (defaults to: 'root')
  • key_group (Any) (defaults to: 'root')


112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
# File 'modules/letsencrypt/manifests/cert/integrated.pp', line 112

define letsencrypt::cert::integrated($subjects, $puppet_svc, $system_svc, $key_user='root', $key_group='root') {
    require ::letsencrypt

    $safe_title = regsubst($title, '\W', '_', 'G')
    $base_cmd = "/usr/local/sbin/acme-setup -i ${safe_title} -s ${subjects} --key-user ${key_user} --key-group ${key_group}"

    # Pre-setup with self-signed cert if necessary, to let $puppet_svc start
    exec { "acme-setup-self-${safe_title}":
        command => $base_cmd,
        creates => "/etc/acme/cert/${safe_title}.crt",
        before  => Service[$puppet_svc],
    }

    if hiera('do_acme', true) {
        # Post-setup and renewal - runs on every puppet run, creates a new ACME
        # cert and reloads the webserver iff existing cert is self-signed from
        # above or reaches expiry threshold (30-44 days left, deterministically
        # random per unique certificate (will change on renewal)).
        exec { "acme-setup-acme-${safe_title}":
            command => "${base_cmd} -m acme -w ${system_svc}",
            require => Service[$puppet_svc],
        }
    }
}