Add support for a default hook script

The default hook script can be used to reload the webserver when a new certificate has been installed.
2016-12-12 20:47:14 +01:00 · 2016-12-12 20:47:14 +01:00 · 628e6bfef4
parent f970909764
commit 628e6bfef4
6 changed files with 46 additions and 1 deletions
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@ -1,6 +1,10 @@
 letsencrypt-sh formula
 ======================

+0.3.1 (UNRELEASED)
+
+- Add support for hook script reloading a service.
+
 0.3.0 (2016-12-12)

 - Updated for version 0.3.0 of the client.
--- a/letsencrypt-sh/config.sls
+++ b/letsencrypt-sh/config.sls
@ -3,7 +3,12 @@

 {% from "letsencrypt-sh/map.jinja" import letsencrypt_sh with context %}

-letsencrypth-sh-config:
+{% set install_hook = False %}
+{% if letsencrypt_sh.hook_script_src != 'salt://letsencrypt-sh/files/hook' or letsencrypt_sh.hook_service_to_reload %}
+{% set install_hook = True %}
+{% endif %}
+
+letsencrypt-sh-config:
  file.managed:
    - name: {{ letsencrypt_sh.config_file }}
    - source: salt://letsencrypt-sh/files/config
@ -11,6 +16,19 @@ letsencrypth-sh-config:
    - user: root
    - group: root
    - template: jinja
+    - context:
+        use_default_hook: {{ install_hook }}
+
+{% if install_hook %}
+letsencrypt-sh-hook:
+  file.managed:
+    - name: {{ letsencrypt_sh.hook_script }}
+    - source: {{ letsencrypt_sh.hook_script_src }}
+    - mode: 755
+    - user: root
+    - group: root
+    - template: jinja
+{% endif %}

 letsencrypt-sh-domains:
  file.managed:
--- a/letsencrypt-sh/defaults.yaml
+++ b/letsencrypt-sh/defaults.yaml
@ -11,3 +11,6 @@ letsencrypt_sh:
  cron_hour: random
  cron_dayweek: random
  cron_enabled: True
+  hook_script: '/etc/letsencrypt.sh/hook'
+  hook_script_src: 'salt://letsencrypt-sh/files/hook'
+  hook_service_to_reload: ''
--- a/letsencrypt-sh/files/config
+++ b/letsencrypt-sh/files/config
@ -5,6 +5,9 @@
 	   'domains-txt': letsencrypt_sh.domains_txt,
   })
 -%}
+{%- if use_default_hook -%}
+{%- do cfg_client.setdefault('hook', letsencrypt_sh.hook_script) -%}
+{%- endif -%}
 {%- macro get_config(configname, default_value) -%}
 {%- set varname = configname.replace("-", "_") -%}
 {%- if configname in cfg_client -%}
--- a/letsencrypt-sh/files/hook
+++ b/letsencrypt-sh/files/hook
@ -0,0 +1,15 @@
+#!/bin/sh
+# File managed by Salt (salt://letsencrypt-sh/files/hook). Do not edit by
+# hand!
+
+{% from "letsencrypt-sh/map.jinja" import letsencrypt_sh with context %}
+{% if letsencrypt_sh.hook_service_to_reload %}
+if [ "$1" = "deploy_cert" ]; then
+    service {{ letsencrypt_sh.hook_service_to_reload }} reload
+fi
+{% else %}
+# Empty file because pillar letsencrypt-sh:lookup:hook_service_to_reload
+# was not set for this minion. Alternatively you can set
+# letsencrypt-sh:lookup:hook_script_src to point to another source
+# file.
+{% endif %}
--- a/pillar.example
+++ b/pillar.example
@ -19,4 +19,6 @@ letsencrypt-sh:
    pkg: letsencrypt.sh
    pkg_apache: letsencrypt.sh-apache2
    cron_command: cronic letsencrypt.sh --cron
+    # Service to reload after install of new cert
+    hook_service_to_reload: nginx
    # see defaults.yaml for full list