Start requesting ACME certs from internal CA
This commit is contained in:
parent
8f8c360c69
commit
b9266ec0e7
1 changed files with 17 additions and 1 deletions
|
@ -3,8 +3,13 @@ class cdn::mqtt(
|
|||
String $dc = '',
|
||||
Array[String] $clients = [],
|
||||
Hash[String, Hash] $bridges = {},
|
||||
Hash[String, String] $acme_url = {
|
||||
test => 'https://internal-sto3-test-ca-1.cdn.sunet.se:9000/acme/acme/directory'
|
||||
}
|
||||
)
|
||||
{
|
||||
include sunet::packages::certbot
|
||||
|
||||
package {'mosquitto': ensure => installed }
|
||||
|
||||
file { '/etc/mosquitto/aclfile':
|
||||
|
@ -23,9 +28,20 @@ class cdn::mqtt(
|
|||
content => template('cdn/mqtt/cdn.conf.erb'),
|
||||
}
|
||||
|
||||
sunet::nftables::allow { "allow-step-ca-acme":
|
||||
sunet::nftables::allow { 'allow-step-ca-acme':
|
||||
from => 'any',
|
||||
port => 80,
|
||||
proto => 'tcp',
|
||||
}
|
||||
|
||||
# From https://wiki.sunet.se/display/sunetops/Platform+naming+standards
|
||||
$my_fqdn = $facts['networking']['fqdn']
|
||||
$dot_split = split($my_fqdn, '[.]')
|
||||
$my_hostname = $dot_split[0]
|
||||
$dash_split = split($my_hostname,'[-]')
|
||||
$environment = $dash_split[2]
|
||||
|
||||
exec { "certbot certonly -n --email patlu@sunet.se --no-eff-email --agree-tos --standalone -d ${my_fqdn} --server ${acme_url[$environment]}":
|
||||
creates => "/etc/letsencrypt/live/${my_fqdn}/fullchain.pem"
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Add table
Reference in a new issue