Add certbot deploy script for mosquitto
This commit is contained in:
parent
b9266ec0e7
commit
65fc0590b4
GPG key ID:
A0A812BA2249F294
28
global/overlay/etc/puppet/modules/cdn/files/mqtt/sunet-cdn-mqtt
Executable file
28
global/overlay/etc/puppet/modules/cdn/files/mqtt/sunet-cdn-mqtt
Executable file
|
|
@ -0,0 +1,28 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Mosquitto is running with a user that is not privileged enough to read files
|
||||
# directly from the certbot dirs, so copy files to where mosquitto expects
|
||||
# them.
|
||||
|
||||
set -eu
|
||||
|
||||
le_dir="/etc/letsencrypt/live/$(hostname -f)"
|
||||
mosquitto_dir="/etc/mosquitto/"
|
||||
|
||||
le_chain="$le_dir/chain.pem"
|
||||
mosquitto_chain="$mosquitto_dir/ca_certificates/chain.pem"
|
||||
cp $le_chain $mosquitto_chain
|
||||
chown mosquitto:root $mosquitto_chain
|
||||
|
||||
le_cert="$le_dir/cert.pem"
|
||||
mosquitto_cert="$mosquitto_dir/certs/cert.pem"
|
||||
cp $le_cert $mosquitto_cert
|
||||
chown mosquitto:root $mosquitto_cert
|
||||
|
||||
le_key="$le_dir/privkey.pem"
|
||||
mosquitto_key="$mosquitto_dir/certs/privkey.pem"
|
||||
cp $le_key $mosquitto_key
|
||||
chown mosquitto:root $mosquitto_key
|
||||
|
||||
# Tell mosquitto to reload certs
|
||||
pkill -x -HUP mosquitto
|
||||
|
|
@ -41,7 +41,15 @@ class cdn::mqtt(
|
|||
$dash_split = split($my_hostname,'[-]')
|
||||
$environment = $dash_split[2]
|
||||
|
||||
file { '/etc/letsencrypt/renewal-hooks/deploy/sunet-cdn-mqtt':
|
||||
ensure => file,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
content => file('cdn/mqtt/sunet-cdn-mqtt'),
|
||||
}
|
||||
|
||||
exec { "certbot certonly -n --email patlu@sunet.se --no-eff-email --agree-tos --standalone -d ${my_fqdn} --server ${acme_url[$environment]}":
|
||||
creates => "/etc/letsencrypt/live/${my_fqdn}/fullchain.pem"
|
||||
creates => "/etc/letsencrypt/live/${my_fqdn}/fullchain.pem"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue