62 lines
1.7 KiB
Text
62 lines
1.7 KiB
Text
#install Let's Encrypt CA certificates
|
|
/etc/httpd/certs/:
|
|
file.directory:
|
|
- user: root
|
|
- group: root
|
|
- dir_mode: 500
|
|
|
|
/etc/httpd/certs/DSTRootCAX3.pem:
|
|
file.managed:
|
|
- source: salt://roles/maintain/freeipa-server/DSTRootCAX3.pem
|
|
- user: root
|
|
- group: root
|
|
- mode: 400
|
|
|
|
/etc/httpd/certs/LetsEncryptAuthorityX3.pem:
|
|
file.managed:
|
|
- source: salt://roles/maintain/freeipa-server/LetsEncryptAuthorityX3.pem
|
|
- user: root
|
|
- group: root
|
|
- mode: 400
|
|
|
|
"/etc/httpd/certs/ipa.actcur.com/":
|
|
file.recurse:
|
|
- source: salt://secure/certs/ipa.actcur.com/
|
|
- user: root
|
|
- group: root
|
|
- dir_mode: 500
|
|
- file_mode: 400
|
|
- clean: true
|
|
|
|
install_cacerts:
|
|
cmd.run:
|
|
- name: 'ipa-cacert-manage install "/etc/httpd/certs/DSTRootCAX3.pem" -n DSTRootCAX3 -t C,,;ipa-cacert-manage install "/etc/httpd/certs/LetsEncryptAuthorityX3.pem" -n letsencryptx3 -t C,,;ipa-certupdate -v'
|
|
- onchanges:
|
|
- file: /etc/httpd/certs/DSTRootCAX3.pem
|
|
- file: /etc/httpd/certs/LetsEncryptAuthorityX3.pem
|
|
|
|
set_dm_password:
|
|
environ.setenv:
|
|
- name: DM_PASSWORD
|
|
- value: "{%- include 'secure/passwords/ipa_DM_password.txt' -%}"
|
|
- onchanges:
|
|
- file: /etc/httpd/certs/ipa.actcur.com/*
|
|
|
|
install_cert:
|
|
cmd.run:
|
|
- name: 'ipa-server-certinstall -p $DM_PASSWORD --pin="" -w -d /etc/httpd/certs/ipa.actcur.com/privkey.pem /etc/httpd/certs/ipa.actcur.com/fullchain.pem'
|
|
- onchanges:
|
|
- file: /etc/httpd/certs/ipa.actcur.com/*
|
|
|
|
unset_dm_password:
|
|
environ.setenv:
|
|
- name: DM_PASSWORD
|
|
- value: "False"
|
|
- false_unsets: true
|
|
|
|
restart_apache:
|
|
service.running:
|
|
- name: httpd
|
|
- enable: false
|
|
- watch:
|
|
- cmd: install_cert
|