fix(defaults): install certbot with no plugins

BREAKING CHANGE: The formula was installing the Apache plugin by default which is not reasonable. Also, as `letsencrypt:pkgs` is a list, _adding_ another entry in the list was not replacing this default, causing undesired packages to be installed. The new default is an empty list of packages, defaulting to `certbot` in the code.
saltstack-formulas · Jun 25, 2021 · 70dafdd · 70dafdd
1 parent 261081a
commit 70dafdd
Show file tree

Hide file tree

Showing 6 changed files with 12 additions and 17 deletions.
diff --git a/docs/README.rst b/docs/README.rst
@@ -65,7 +65,6 @@ If `use_package` is `False` it installs and configures the letsencrypt cli from
 ** WARNING **
 If you set `use_package` to `True`, it will:
 
-* Default to Python3's certbot package (where possible), with Apache as the default Webserver to manage.
 * Delete all certbot's crons if they exist from a previous git-based installation (as the package uses a
   systemd's timer unit to renew all the certs)
 * Delete git-based installation's scripts (usually installed under /usr/local/bin) if they still exist declared in

diff --git a/letsencrypt/defaults.yaml b/letsencrypt/defaults.yaml
@@ -3,12 +3,13 @@
 ---
 letsencrypt:
   use_package: true
+  pkgs: []
   git_pkg: git
-  pkgs:
-    - python3-certbot-apache
   service: certbot.timer
   # Only used for the pkg install method (use_package: true), internal var
   _cli_path: /usr/bin/certbot
+  # Only used for the pkg install method (use_package: true), internal var
+  _default_pkg: certbot
   # Only used for the git install method (use_package: false)
   cli_install_dir: /opt/letsencrypt
   # Only used for the git install method (use_package: false). If you want to

diff --git a/letsencrypt/install.sls b/letsencrypt/install.sls
@@ -21,8 +21,9 @@ letsencrypt_external_repo:
 
 letsencrypt-client:
   {%- if letsencrypt.use_package %}
+    {%- set pkgs = letsencrypt.pkgs or [letsencrypt._default_pkg] %}
   pkg.installed:
-    - pkgs: {{ letsencrypt.pkgs | json }}
+    - pkgs: {{ pkgs | json }}
   {%- else %}
   pkg.installed:
     - name: {{ letsencrypt.git_pkg }}

diff --git a/letsencrypt/osfingermap.yaml b/letsencrypt/osfingermap.yaml
@@ -10,11 +10,4 @@
 # you will need to provide at least an empty dict in this file, e.g.
 # osfingermap: {}
 ---
-# os: CentOS
-CentOS Linux-7:
-  pkgs:
-    - python2-certbot-apache
-# os: OEL
-Oracle Linux Server-7:
-  pkgs:
-    - python2-certbot-apache
+osfingermap: {}
diff --git a/letsencrypt/osmap.yaml b/letsencrypt/osmap.yaml
@@ -10,7 +10,4 @@
 # you will need to provide at least an empty dict in this file, e.g.
 # osmap: {}
 ---
-# os_family: RedHat
-Amazon:
-  pkgs:
-    - python2-certbot-apache
+osmap: {}
diff --git a/pillar.example b/pillar.example
@@ -7,8 +7,12 @@ letsencrypt:
   # A list of package/s to install. To find the correct name for the variant
   # you want to use, check https://certbot.eff.org/all-instructions
   # Usually, you'll need a single one, but you can also add other plugins here.
+  # It defaults to installing the `certbot` package, but you can add other
+  # plugins for authentication/install
   pkgs:
-    - python-certbot-apache
+    - python3-certbot-apache
+    # - python3-certbot-nginx
+    # - python3-dns-route53
   # Only used for the git install method (use_package: false)
   cli_install_dir: /opt/letsencrypt
   # Only used for the git install method (use_package: false). If you want to