Merge pull request #197 from MEschenbacher/pillarcert

deploy certificates directly from pillar
This commit is contained in:
Niels Abspoel 2018-10-20 20:19:56 +02:00 committed by GitHub
commit 355a968a2b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 1 deletions

View File

@ -36,17 +36,25 @@ nginx_{{ domain }}_ssl_certificate:
file.managed:
- name: {{ certificates_path }}/{{ domain }}.crt
- makedirs: True
{% if salt['pillar.get']("nginx:ng:certificates:{}:public_cert_pillar".format(domain)) %}
- contents_pillar: {{salt['pillar.get']('nginx:ng:certificates:{}:public_cert_pillar'.format(domain))}}
{% else %}
- contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert
{% endif %}
- watch_in:
- service: nginx_service
{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) %}
{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) or salt['pillar.get']("nginx:ng:certificates:{}:private_key_pillar".format(domain))%}
nginx_{{ domain }}_ssl_key:
file.managed:
- name: {{ certificates_path }}/{{ domain }}.key
- mode: 600
- makedirs: True
{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key_pillar".format(domain)) %}
- contents_pillar: {{salt['pillar.get']('nginx:ng:certificates:{}:private_key_pillar'.format(domain))}}
{% else %}
- contents_pillar: nginx:ng:certificates:{{ domain }}:private_key
{% endif %}
- watch_in:
- service: nginx_service
{% endif %}

View File

@ -188,6 +188,11 @@ nginx:
# control (or use encrypted pillar data).
certificates:
'www.example.com':
# choose one of: deploying this cert by pillar (e.g. in combination with ext_pillar and file_tree)
# public_cert_pillar: certs:example.com:fullchain.pem
# private_key_pillar: certs:example.com:privkey.pem
# or directly pasting the cert
public_cert: |
-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: www.example.com.crt)