Skip to content

Commit

Permalink
refactor(install): change use_package to install_method
Browse files Browse the repository at this point in the history
Change the use_package boolean to install_method string. This will allow
different installation methods besides system packages and git in the
future.
  • Loading branch information
Xeryus Stokkel committed Aug 2, 2021
1 parent cdd3976 commit 852f110
Show file tree
Hide file tree
Showing 11 changed files with 38 additions and 30 deletions.
6 changes: 3 additions & 3 deletions docs/README.rst
Original file line number Diff line number Diff line change
Expand Up @@ -55,15 +55,15 @@ Available states

This is a shortcut for letsencrypt.install letsencrypt.config and letsencrypt.domains.

If `use_package` is `True` (the default), the formula will try to install the *certbot* package from your Distro's repo.
if `install_method` is `package` (the default), the formula will try to install the *certbot* package from your Distro's repo.
Keep in mind that most distros don't have a package available by default: Ie, previous stable Debian (Stretch) requires a backports repo installed.
Centos 7 requires EPEL, etc. This formula **DOES NOT** manage these repositories. Use the `apt-formula <https://github.com/saltstack-formulas/apt-formula>`_
or the `epel-formula <https://github.com/saltstack-formulas/epel-formula>`_ to manage them.

If `use_package` is `False` it installs and configures the letsencrypt cli from git, creates the requested certificates and installs renewal cron job.
If `install_method` is `git` it installs and configures the letsencrypt cli from git, creates the requested certificates and installs renewal cron job.

** WARNING **
If you set `use_package` to `True`, it will:
If you set `install_method` to `package`, it will:

* Delete all certbot's crons if they exist from a previous git-based installation (as the package uses a
systemd's timer unit to renew all the certs)
Expand Down
15 changes: 7 additions & 8 deletions letsencrypt/defaults.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,20 +2,19 @@
# vim: ft=yaml
---
letsencrypt:
use_package: true
install_method: package
pkgs: []
git_pkg: git
service: certbot.timer
# Only used for the pkg install method (use_package: true), internal var
# Only used for the pkg install method (install_method = package), internal var
_cli_path: /usr/bin/certbot
# Only used for the pkg install method (use_package: true), internal var
# Only used for the pkg install method (install_method = package), internal var
_default_pkg: certbot
# Only used for the git install method (use_package: false)
# Only used for the git install methods (install_method = git)
cli_install_dir: /opt/letsencrypt
# Only used for the git install method (use_package: false). If you want to
# have specific version of certbot you can enable it. The version value
# should match a certbot/certbot branch
# version: 0.30.x
# Only used for the git install methods (install_method = git).
# If you want to have specific version of certbot you can enable it. The
# version value should match a certbot/certbot branch version: 0.30.x
config_dir:
path: /etc/letsencrypt
user: root
Expand Down
10 changes: 5 additions & 5 deletions letsencrypt/domains.sls
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

{% from "letsencrypt/map.jinja" import letsencrypt with context %}
{% if letsencrypt.use_package %}
{% if letsencrypt.install_method == 'package' %}
{% set check_cert_cmd = letsencrypt._cli_path ~ ' certificates --cert-name' %}
{% set renew_cert_cmd = letsencrypt._cli_path ~ ' renew' %}
{% set create_cert_cmd = letsencrypt._cli_path %}
Expand Down Expand Up @@ -63,11 +63,11 @@ create-initial-cert-{{ setname }}-{{ domainlist | join('+') }}:
{{ installer }} \
--cert-name {{ setname }} \
-d {{ domainlist|join(' -d ') }}
{% if not letsencrypt.use_package %}
{% if letsencrypt.install_method != 'package' %}
- cwd: {{ letsencrypt.cli_install_dir }}
{% endif %}
- unless:
{% if letsencrypt.use_package %}
{% if letsencrypt.install_method == 'package' %}
- fun: cmd.run
python_shell: true
cmd: |
Expand All @@ -78,7 +78,7 @@ create-initial-cert-{{ setname }}-{{ domainlist | join('+') }}:
- {{ check_cert_cmd }} {{ setname }} {{ domainlist | join(' ') }}
{% endif %}
- require:
{% if letsencrypt.use_package %}
{% if letsencrypt.install_method == 'package' %}
- pkg: letsencrypt-client
{% else %}
- file: {{ check_cert_cmd }}
Expand All @@ -95,7 +95,7 @@ letsencrypt-crontab-{{ setname }}-{{ domainlist[0] }}:
- identifier: letsencrypt-{{ setname }}-{{ domainlist[0] }}
- require:
- cmd: create-initial-cert-{{ setname }}-{{ domainlist | join('+') }}
{% if letsencrypt.use_package %}
{% if letsencrypt.install_method == 'package' %}
- pkg: letsencrypt-client
{% else %}
- file: {{ renew_cert_cmd }}
Expand Down
6 changes: 3 additions & 3 deletions letsencrypt/install.sls
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
{%- from "letsencrypt/map.jinja" import letsencrypt with context %}
{#- Use empty default for `grains.osfinger`, which isn't available in all distros #}
{%- if letsencrypt.use_package and
{%- if letsencrypt.install_method == 'package' and
grains.osfinger|d('') == 'Amazon Linux-2' %}
{%- set rhel_ver = '7' %}
letsencrypt_external_repo:
Expand All @@ -20,11 +20,11 @@ letsencrypt_external_repo:
{%- endif %}
letsencrypt-client:
{%- if letsencrypt.use_package %}
{%- if letsencrypt.install_method == 'package' %}
{%- set pkgs = letsencrypt.pkgs or [letsencrypt._default_pkg] %}
pkg.installed:
- pkgs: {{ pkgs | json }}
{%- else %}
{%- elif letsencrypt.install_method == 'git' %}
pkg.installed:
- name: {{ letsencrypt.git_pkg }}
{%- if letsencrypt.version is defined and letsencrypt.version|length %}
Expand Down
9 changes: 9 additions & 0 deletions letsencrypt/map.jinja
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,12 @@
),
base='letsencrypt')
%}

{# Make backwards compatible with use_package #}
{% if letsencrypt.use_package is defined %}
{% if letsencrypt.use_package %}
{{ letsencrypt | set_dict_key_value('install_method', 'package') }}
{% else %}
{{ letsencrypt | set_dict_key_value('install_method', 'git') }}
{% endif %}
{% endif %}
2 changes: 1 addition & 1 deletion letsencrypt/osfamilymap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
RedHat:
service: certbot-renew.timer
FreeBSD:
# Only used for the pkg install method (use_package: true), internal var
# Only used for the pkg install method (install_method: package), internal var
_cli_path: /usr/local/bin/certbot
Gentoo:
git_pkg: dev-vcs/git
2 changes: 1 addition & 1 deletion letsencrypt/service.sls
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

{% from "letsencrypt/map.jinja" import letsencrypt with context %}
{% if letsencrypt.use_package %}
{% if letsencrypt.install_method == 'package' %}
letsencrypt-service-timer:
service.running:
- name: {{ letsencrypt.service }}
Expand Down
12 changes: 6 additions & 6 deletions pillar.example
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
# vim: ft=yaml
---
letsencrypt:
# Install using packages instead of git
use_package: true
# Install using package, git or pip
install_method: package
# A list of package/s to install. To find the correct name for the variant
# you want to use, check https://certbot.eff.org/all-instructions
# Usually, you'll need a single one, but you can also add other plugins here.
Expand All @@ -13,11 +13,11 @@ letsencrypt:
- python3-certbot-apache
# - python3-certbot-nginx
# - python3-dns-route53
# Only used for the git install method (use_package: false)
# Only used for the git install methods (install_method = git)
cli_install_dir: /opt/letsencrypt
# Only used for the git install method (use_package: false). If you want to
# have specific version of certbot you can enable it. The version value
# should match a certbot/certbot branch.
# Only used for the git install methods (install_method = git).
# If you want to have specific version of certbot you can enable it. The
# version value should match a certbot/certbot branch.
version: 0.30.x
# Subcommand used for certificates' first generation cmd ( run | certonly | renew )
create_init_cert_subcmd: certonly
Expand Down
2 changes: 1 addition & 1 deletion test/salt/pillar/deb.sls
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# vim: ft=yaml
---
letsencrypt:
use_package: true
install_method: package
config: |
server = https://acme-staging.api.letsencrypt.org/directory
email = saltstack-letsencrypt-formula@example.com
Expand Down
2 changes: 1 addition & 1 deletion test/salt/pillar/git.sls
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# vim: ft=yaml
---
letsencrypt:
use_package: false
install_method: git
version: 0.26.x
config: |
server = https://acme-staging.api.letsencrypt.org/directory
Expand Down
2 changes: 1 addition & 1 deletion test/salt/pillar/rpm.sls
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# vim: ft=yaml
---
letsencrypt:
use_package: true
install_method: package
config:
server: https://acme-staging.api.letsencrypt.org/directory
email: saltstack-letsencrypt-formula@example.com
Expand Down

0 comments on commit 852f110

Please sign in to comment.