Created
August 13, 2018 16:22
-
-
Save assertnotnull/cc891e9a7e1d33f61318c52ca255d5e5 to your computer and use it in GitHub Desktop.
chef cert-bot sync with s3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| execute 'apt-get-update' do | |
| command 'apt-get update' | |
| ignore_failure true | |
| end | |
| # on host install | |
| package 'iptables-persistent' do | |
| action :install | |
| end | |
| package 'python' do | |
| action :install | |
| end | |
| docker_service 'default' do | |
| action [:create, :start] | |
| end | |
| user 'docker' do | |
| action :create | |
| group 'docker' | |
| home '/home/docker' | |
| manage_home true | |
| notifies :run, 'ruby_block[aws-creds]', :immediately | |
| end | |
| ruby_block 'aws-creds' do | |
| block do | |
| line_region = 'export AWS_DEFAULT_REGION=us-east-1' | |
| line_sdk = 'export AWS_SDK_LOAD_CONFIG=true' | |
| file = Chef::Util::FileEdit.new('/home/docker/.bashrc') | |
| file.insert_line_if_no_match(/#{line_region}/, line_region) | |
| file.insert_line_if_no_match(/#{line_sdk}/, line_sdk) | |
| file.write_file | |
| end | |
| action :nothing | |
| end | |
| %w[/etc/letsencrypt/ /var/lib/letsencrypt].each do |path| | |
| directory path do | |
| action :create | |
| recursive true | |
| end | |
| end | |
| #install aws cli | |
| remote_file '/tmp/get-pip.py' do | |
| source 'https://bootstrap.pypa.io/get-pip.py' | |
| notifies :run, 'execute[install pip]', :immediately | |
| end | |
| execute 'install pip' do | |
| command 'python /tmp/get-pip.py' | |
| notifies :run, 'execute[install aws cli]', :immediately | |
| action :nothing | |
| end | |
| execute 'install aws cli' do | |
| command 'HOME=/home/docker pip install awscli --upgrade --user' | |
| user 'docker' | |
| action :nothing | |
| end | |
| #end install aws cli | |
| remote_file '/usr/local/bin/ghost.sh' do | |
| source 'https://ghostbin.com/ghost.sh' | |
| mode '0555' | |
| end | |
| #get & setup certbot | |
| execute 'pull certbot route53 image' do | |
| command 'docker pull certbot/dns-route53' | |
| end | |
| %w[/etc/letsencrypt/ /var/lib/letsencrypt].each do |path| | |
| directory path do | |
| action :create | |
| recursive true | |
| end | |
| end | |
| execute 'sync s3 certs to local' do | |
| command '/home/docker/.local/bin/aws s3 sync s3://certs/ /etc/letsencrypt/' | |
| environment ({ 'HOME' => ::Dir.home('docker'), 'USER' => 'docker' }) | |
| end | |
| cron_d 'cert-renewal-test' do | |
| hour '13' | |
| minute '0' | |
| day '1' | |
| month '*/1' | |
| user 'docker' | |
| command 'docker run -it --rm --name certbot -v "/etc/letsencrypt:/etc/letsencrypt" -v "/var/lib/letsencrypt:/var/lib/letsencrypt" certbot/dns-route53 renew --dry-run' | |
| end | |
| cron_d 'cert-renewal' do | |
| hour '18' | |
| minute '0' | |
| day '1' | |
| month '*/1' | |
| user 'docker' | |
| command 'docker run -it --rm --name certbot -v "/etc/letsencrypt:/etc/letsencrypt" -v "/var/lib/letsencrypt:/var/lib/letsencrypt" certbot/dns-route53 renew --dry-run' | |
| end | |
| #end get & setup certbot |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment