From f6ad5b95fa8dadec2ff57f289ac3a980fdc0ac59 Mon Sep 17 00:00:00 2001 From: lvicainne Date: Mon, 2 Jan 2017 12:24:17 +0100 Subject: [PATCH 1/6] fix(packages): Correct package name for Debian 8 --- manifests/params.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 45c03d63..f541e7d2 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -14,10 +14,10 @@ 'server' => 'https://acme-v01.api.letsencrypt.org/directory', } - if $::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0 { + if $::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8') >= 0 { $install_method = 'package' - $package_name = 'letsencrypt' - $package_command = 'letsencrypt' + $package_name = 'certbot' + $package_command = 'certbot' } elsif $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '16.04') >= 0 { $install_method = 'package' $package_name = 'letsencrypt' From f241866cbdbdf8dd05baed03502fff17db959582 Mon Sep 17 00:00:00 2001 From: lvicainne Date: Mon, 2 Jan 2017 12:30:57 +0100 Subject: [PATCH 2/6] feat(certonly): I propose to add the full support from Hiera using the create_resource to instanciate some certonly ressource --- manifests/init.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/init.pp b/manifests/init.pp index 5aa2b7b2..49c82289 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -46,6 +46,8 @@ # A flag to agree to the Let's Encrypt Terms of Service. # [*unsafe_registration*] # A flag to allow using the 'register-unsafely-without-email' flag. +# [*certonly*] +# A hash containing all the configuration for creating a certonly # class letsencrypt ( $email = undef, @@ -66,6 +68,7 @@ $install_method = $letsencrypt::params::install_method, $agree_tos = $letsencrypt::params::agree_tos, $unsafe_registration = $letsencrypt::params::unsafe_registration, + $certonly = {}, ) inherits letsencrypt::params { validate_string($path, $repo, $version, $config_file, $package_name, $package_command) if $email { @@ -103,4 +106,8 @@ environment => concat([ "VENV_PATH=${venv_path}" ], $environment), refreshonly => true, } + + $real_certonly = hiera_hash('letsencrypt::certonly', $certonly) + create_resources(::letsencrypt::certonly, $real_certonly) + } From 73881d9917bd5b406a6af399f3dc47b431a5be86 Mon Sep 17 00:00:00 2001 From: lvicainne Date: Mon, 2 Jan 2017 12:35:02 +0100 Subject: [PATCH 3/6] feat(certonly): I propose to add the full support from Hiera using the create_resource to instanciate some certonly ressource --- manifests/params.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index f541e7d2..45c03d63 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -14,10 +14,10 @@ 'server' => 'https://acme-v01.api.letsencrypt.org/directory', } - if $::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8') >= 0 { + if $::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0 { $install_method = 'package' - $package_name = 'certbot' - $package_command = 'certbot' + $package_name = 'letsencrypt' + $package_command = 'letsencrypt' } elsif $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '16.04') >= 0 { $install_method = 'package' $package_name = 'letsencrypt' From 882a772c64b86a3656a57512a9d81cfff9fd9e8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Mon, 5 Dec 2016 18:29:10 +0100 Subject: [PATCH 4/6] rename environment parameter to unbreak hiera This is a fix for #63. We rename the `environment` to `venv_vars` in order to ensure that hiera calls do *not* break, as soon as a puppet execution flow enters our module. For consistency's sake, we change `environment` not only in the main class (where it's definitely needed: https://github.com/rodjek/puppet-lint/issues/574), but also in the `certonly` define. --- manifests/certonly.pp | 10 +++++----- manifests/init.pp | 8 ++++---- manifests/install.pp | 2 +- spec/classes/letsencrypt_spec.rb | 2 +- spec/defines/letsencrypt_certonly_spec.rb | 4 ++-- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/manifests/certonly.pp b/manifests/certonly.pp index b8fb9895..b200f8a8 100644 --- a/manifests/certonly.pp +++ b/manifests/certonly.pp @@ -19,7 +19,7 @@ # [*additional_args*] # An array of additional command line arguments to pass to the # `letsencrypt-auto` command. -# [*environment*] +# [*venv_vars*] # An optional array of environment variables (in addition to VENV_PATH). # [*manage_cron*] # Boolean indicating whether or not to schedule cron job for renewal. @@ -36,7 +36,7 @@ $webroot_paths = undef, $letsencrypt_command = $letsencrypt::command, $additional_args = undef, - $environment = [], + $venv_vars = [], $manage_cron = false, $cron_before_command = undef, $cron_success_command = undef, @@ -52,7 +52,7 @@ if $additional_args { validate_array($additional_args) } - validate_array($environment) + validate_array($venv_vars) validate_bool($manage_cron) $command_start = "${letsencrypt_command} --agree-tos certonly -a ${plugin} " @@ -68,7 +68,7 @@ exec { "letsencrypt certonly ${title}": command => $command, path => $::path, - environment => concat([ $venv_path_var ], $environment), + environment => concat([ $venv_path_var ], $venv_vars), creates => $live_path, require => Class['letsencrypt'], } @@ -89,7 +89,7 @@ $cron_minute = fqdn_rand(60, $title ) # 0 - 59, seed is title plus fqdn cron { "letsencrypt renew cron ${title}": command => $cron_cmd, - environment => concat([ $venv_path_var ], $environment), + environment => concat([ $venv_path_var ], $venv_vars), user => root, hour => $cron_hour, minute => $cron_minute, diff --git a/manifests/init.pp b/manifests/init.pp index 5aa2b7b2..250d21c0 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -9,7 +9,7 @@ # precedence over an 'email' setting defined in $config. # [*path*] # The path to the letsencrypt installation. -# [*environment*] +# [*venv_vars*] # An optional array of environment variables (in addition to VENV_PATH) # [*repo*] # A Git URL to install the Let's encrypt client from. @@ -51,7 +51,7 @@ $email = undef, $path = $letsencrypt::params::path, $venv_path = $letsencrypt::params::venv_path, - $environment = [], + $venv_vars = [], $repo = $letsencrypt::params::repo, $version = $letsencrypt::params::version, $package_name = $letsencrypt::params::package_name, @@ -71,7 +71,7 @@ if $email { validate_string($email) } - validate_array($environment) + validate_array($venv_vars) validate_bool($manage_config, $manage_install, $manage_dependencies, $configure_epel, $agree_tos, $unsafe_registration) validate_hash($config) validate_re($install_method, ['^package$', '^vcs$']) @@ -100,7 +100,7 @@ exec { 'initialize letsencrypt': command => "${command_init} -h", path => $::path, - environment => concat([ "VENV_PATH=${venv_path}" ], $environment), + environment => concat([ "VENV_PATH=${venv_path}" ], $venv_vars), refreshonly => true, } } diff --git a/manifests/install.pp b/manifests/install.pp index 8f2cf612..a638f54e 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -26,7 +26,7 @@ # method. # [*package_name*] # Name of package to use when installing the client with the `package` -# method. +# method. # class letsencrypt::install ( $manage_install = $letsencrypt::manage_install, diff --git a/spec/classes/letsencrypt_spec.rb b/spec/classes/letsencrypt_spec.rb index b7437442..3e6c9802 100644 --- a/spec/classes/letsencrypt_spec.rb +++ b/spec/classes/letsencrypt_spec.rb @@ -40,7 +40,7 @@ end describe 'with custom environment variables' do - let(:additional_params) { { environment: ['FOO=bar', 'FIZZ=buzz'] } } + let(:additional_params) { { venv_vars: ['FOO=bar', 'FIZZ=buzz'] } } it { is_expected.to contain_exec('initialize letsencrypt').with_environment(['VENV_PATH=/opt/letsencrypt/.venv', 'FOO=bar', 'FIZZ=buzz']) } end diff --git a/spec/defines/letsencrypt_certonly_spec.rb b/spec/defines/letsencrypt_certonly_spec.rb index 56867df7..581fdf07 100644 --- a/spec/defines/letsencrypt_certonly_spec.rb +++ b/spec/defines/letsencrypt_certonly_spec.rb @@ -98,13 +98,13 @@ describe 'when specifying custom environment variables' do let(:title) { 'foo.example.com' } - let(:params) { { environment: ['FOO=bar', 'FIZZ=buzz'] } } + let(:params) { { venv_vars: ['FOO=bar', 'FIZZ=buzz'] } } it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_environment(['VENV_PATH=/opt/letsencrypt/.venv', 'FOO=bar', 'FIZZ=buzz']) } end context 'with custom environment variables and manage cron' do let(:title) { 'foo.example.com' } - let(:params) { { environment: ['FOO=bar', 'FIZZ=buzz'], manage_cron: true } } + let(:params) { { venv_vars: ['FOO=bar', 'FIZZ=buzz'], manage_cron: true } } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_environment(['VENV_PATH=/opt/letsencrypt/.venv', 'FOO=bar', 'FIZZ=buzz']) } end From cf63f9b144416b7e80706a6b7665b22aa87a563e Mon Sep 17 00:00:00 2001 From: John Noss Date: Mon, 15 May 2017 16:25:17 -0400 Subject: [PATCH 5/6] rename parameter for certs to be created This changes the name to avoid potential confusion with the letsencrypt::certonly defined type; now the certs to be created via this create_resources are specified via the hiera or class param letsencrypt::certs. --- manifests/init.pp | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 1a770c25..895c0e48 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -48,8 +48,8 @@ # A flag to allow using the 'register-unsafely-without-email' flag. # [*cron_scripts_path*] # The path to put the script we'll call with cron. Defaults to $puppet_vardir/letsencrypt. -# [*certonly*] -# A hash containing all the configuration for creating a certonly +# [*certs*] +# A hash of letsencrypt::certonly certs to be created via create_resources # class letsencrypt ( $email = undef, @@ -71,7 +71,7 @@ $install_method = $letsencrypt::params::install_method, $agree_tos = $letsencrypt::params::agree_tos, $unsafe_registration = $letsencrypt::params::unsafe_registration, - $certonly = {}, + $certs = {}, ) inherits letsencrypt::params { validate_string($path, $repo, $version, $config_file, $package_name, $package_command, $cron_scripts_path) if $email { @@ -110,7 +110,6 @@ refreshonly => true, } - $real_certonly = hiera_hash('letsencrypt::certonly', $certonly) - create_resources(::letsencrypt::certonly, $real_certonly) + create_resources(::letsencrypt::certonly, $certs) } From 8e4961e1ceca0842795e721c4332af67dcdbdd8b Mon Sep 17 00:00:00 2001 From: John Noss Date: Mon, 15 May 2017 16:38:41 -0400 Subject: [PATCH 6/6] update require for certonly type create_resources This updates what the certonly type requires - to be used via the create_resources in init, can't depend on the whole class. For now just depend on the exec. --- manifests/certonly.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/certonly.pp b/manifests/certonly.pp index bd493e7f..b8062b2c 100644 --- a/manifests/certonly.pp +++ b/manifests/certonly.pp @@ -72,7 +72,7 @@ path => $::path, environment => concat([ $venv_path_var ], $venv_vars), creates => $live_path, - require => Class['letsencrypt'], + require => Exec['initialize letsencrypt'], } if $manage_cron {