From d4f938770a5302b675a182004ae909a201599034 Mon Sep 17 00:00:00 2001 From: Patrik Lundin Date: Mon, 4 Nov 2024 09:14:42 +0100 Subject: [PATCH] Get internal cert for hostname Used for client cert auth to MQTT server --- .../etc/puppet/modules/cdn/manifests/cache.pp | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/global/overlay/etc/puppet/modules/cdn/manifests/cache.pp b/global/overlay/etc/puppet/modules/cdn/manifests/cache.pp index 034a060..f5a6a30 100644 --- a/global/overlay/etc/puppet/modules/cdn/manifests/cache.pp +++ b/global/overlay/etc/puppet/modules/cdn/manifests/cache.pp @@ -4,6 +4,9 @@ class cdn::cache( customer1 => 1000000000, }, String $sunet_cdnp_version = '0.0.1', + Hash[String, String] $acme_url = { + test => 'https://internal-sto3-test-ca-1.cdn.sunet.se:9000/acme/acme/directory' + } ) { include sunet::packages::certbot @@ -127,6 +130,18 @@ class cdn::cache( rule => 'add rule inet filter input meta iifname ip6tnl0 ip6 daddr 2001:6b0:2100::/48 tcp dport { 80, 443 } counter accept comment "sunet-cdn-service6"' } + # From https://wiki.sunet.se/display/sunetops/Platform+naming+standards + $my_fqdn = $facts['networking']['fqdn'] + $dot_split = split($my_fqdn, '[.]') + $my_hostname = $dot_split[0] + $dash_split = split($my_hostname,'[-]') + $environment = $dash_split[2] + + # Get client cert for connecting to MQTT bus + exec { "certbot certonly -n --email patlu@sunet.se --no-eff-email --agree-tos --standalone -d ${my_fqdn} --server ${acme_url[$environment]}": + creates => "/etc/letsencrypt/live/${my_fqdn}/fullchain.pem" + } + $sunet_cdnp_dir = '/var/lib/sunet-cdnp' $sunet_cdnp_file = "sunet-cdnp_${sunet_cdnp_version}_linux_${facts[os][architecture]}.tar.gz" $sunet_cdnp_url = "https://github.com/SUNET/sunet-cdnp/releases/download/v${sunet_cdnp_version}/${sunet_cdnp_file}"