kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 28 Pull Requests 3 Projects 2 Activity

Add the missing certbot command to generate the LDAP TLS cert

Browse Source 
This had been done manually on barnard. This will not be executed on
barnard again since the cert exists
This commit is contained in:
Greg Karékinian 2020-04-20 19:10:15 +02:00
parent d01c9a4d0a
commit 5e3c8066f9
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
site-cookbooks/kosmos-dirsrv/resources/instance.rb
View File

@ -129,9 +129,21 @@ nsslapd-allow-anonymous-access: off
source 'nginx_conf_empty.erb' source 'nginx_conf_empty.erb'
owner node["nginx"]["user"] owner node["nginx"]["user"]
mode 0640 mode 0640
notifies :reload, 'service[nginx]', :delayed
end end
nginx_certbot_site new_resource.hostname do nginx_certbot_site new_resource.hostname do
notifies :run, "letsencrypt cert for #{domain}", :delayed
end
# Generate a Let's Encrypt cert (only if the nginx vhost exists and no cert
# has been generated before. The renew cron will take care of renewing
execute "letsencrypt cert for #{domain}" do
command "/usr/bin/certbot certonly --webroot --agree-tos --email ops@kosmos.org --webroot-path #{root_directory} --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/dirsrv -d #{domain} -n"
only_if do
::File.exist?("#{node['nginx']['dir']}/sites-enabled/#{domain}_certbot") &&
!::File.exist?("/etc/letsencrypt/live/#{domain}/fullchain.pem")
end
notifies :run, "execute[add tls config]", :immediately notifies :run, "execute[add tls config]", :immediately
end end