61 lines
1.4 KiB
Text
61 lines
1.4 KiB
Text
#install Let's Encrypt CA certificates
|
|
/etc/httpd/certs/:
|
|
file.directory:
|
|
- user: root
|
|
- group: root
|
|
- dir_mode: 500
|
|
|
|
/etc/httpd/certs/cacerts/:
|
|
file.directory:
|
|
- user: root
|
|
- group: root
|
|
- dir_mode: 500
|
|
|
|
/etc/httpd/certs/cacerts:
|
|
file.recurse:
|
|
- source: salt://roles/maintain/freeipa-server/cacerts
|
|
- clean: true
|
|
- user: root
|
|
- group: root
|
|
- file_mode: 400
|
|
|
|
"/etc/httpd/certs/ipa.actcur.com/":
|
|
file.recurse:
|
|
- source: salt://secure/certs/ipa.actcur.com/
|
|
- user: root
|
|
- group: root
|
|
- dir_mode: 500
|
|
- file_mode: 400
|
|
- clean: true
|
|
|
|
install_cacerts:
|
|
cmd.run:
|
|
- name: 'cd /etc/httpd/certs/cacerts/;for cert in `ls ./`; do ipa-cacert-manage install $cert;done;ipa-certupdate -v'
|
|
- onchanges:
|
|
- file: /etc/httpd/certs/cacerts/*
|
|
|
|
set_dm_password:
|
|
environ.setenv:
|
|
- name: DM_PASSWORD
|
|
- value: "{%- include 'secure/passwords/ipa_DM_password.txt' -%}"
|
|
- onchanges:
|
|
- file: /etc/httpd/certs/ipa.actcur.com/*
|
|
|
|
install_cert:
|
|
cmd.run:
|
|
- name: 'ipa-server-certinstall -p $DM_PASSWORD --pin="" -w -d /etc/httpd/certs/ipa.actcur.com/privkey.pem /etc/httpd/certs/ipa.actcur.com/cert.pem'
|
|
- onchanges:
|
|
- file: /etc/httpd/certs/ipa.actcur.com/*
|
|
|
|
unset_dm_password:
|
|
environ.setenv:
|
|
- name: DM_PASSWORD
|
|
- value: "False"
|
|
- false_unsets: true
|
|
|
|
restart_apache:
|
|
service.running:
|
|
- name: httpd
|
|
- enable: false
|
|
- watch:
|
|
- cmd: install_cert
|