소스 검색

deploy certificates directly from pillar

... by providing a pillar string. I developed this for use in
combination with ext_pillar and file_tree to deploy letsencrypt
certificates.
tags/v0.55.0
Maximilian Eschenbacher 6 년 전
부모
커밋
cb030b04ac
2개의 변경된 파일14개의 추가작업 그리고 1개의 파일을 삭제
  1. +9
    -1
      nginx/ng/certificates.sls
  2. +5
    -0
      pillar.example

+ 9
- 1
nginx/ng/certificates.sls 파일 보기

@@ -36,17 +36,25 @@ nginx_{{ domain }}_ssl_certificate:
file.managed:
- name: {{ certificates_path }}/{{ domain }}.crt
- makedirs: True
{% if salt['pillar.get']("nginx:ng:certificates:{}:public_cert_pillar".format(domain)) %}
- contents_pillar: {{salt['pillar.get']('nginx:ng:certificates:{}:public_cert_pillar'.format(domain))}}
{% else %}
- contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert
{% endif %}
- watch_in:
- service: nginx_service

{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) %}
{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) or salt['pillar.get']("nginx:ng:certificates:{}:private_key_pillar".format(domain))%}
nginx_{{ domain }}_ssl_key:
file.managed:
- name: {{ certificates_path }}/{{ domain }}.key
- mode: 600
- makedirs: True
{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key_pillar".format(domain)) %}
- contents_pillar: {{salt['pillar.get']('nginx:ng:certificates:{}:private_key_pillar'.format(domain))}}
{% else %}
- contents_pillar: nginx:ng:certificates:{{ domain }}:private_key
{% endif %}
- watch_in:
- service: nginx_service
{% endif %}

+ 5
- 0
pillar.example 파일 보기

@@ -182,6 +182,11 @@ nginx:
# control (or use encrypted pillar data).
certificates:
'www.example.com':

# choose one of: deploying this cert by pillar (e.g. in combination with ext_pillar and file_tree)
# public_cert_pillar: certs:example.com:fullchain.pem
# private_key_pillar: certs:example.com:privkey.pem
# or directly pasting the cert
public_cert: |
-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: www.example.com.crt)

Loading…
취소
저장