Comments (23)
removing ".cycle" from letsencrypt certonly.pp and using a matching-size array of web roots makes this work... not sure why cycle() doesn't work the same way in puppet as it does in irb.
from puppet-letsencrypt.
I can +1 this issue with .cycle
.
Master Puppet 3.7.5, Ruby 1.8.7
Agent Puppet 3.4.3, Ruby 2.1.5p273
from puppet-letsencrypt.
@akomakom just want to confirm: you're running 1.8.7 on the agent but 2.1.2 on the master? It would make sense with 1.8.7 on the master. This module isn't tested against 1.8.7 and, to be quite honest, I have no desire to support such an old Ruby version.
from puppet-letsencrypt.
@danzilio You are right, the master is using 1.8.7, even though I have 2.1.2 installed also, my mistake. Most of our infrastructure is running on Centos 6 and that's the ruby you get, so I'll stick with my hack until we can test newer ruby.
Thanks!
from puppet-letsencrypt.
@akomakom Can you make a fork with that workaround?
from puppet-letsencrypt.
@ways I made a fork: https://github.com/akomakom/puppet-letsencrypt , but it reduces functionality (The two arrays must always be the same size).
from puppet-letsencrypt.
@akomakom Ok. I made one at https://github.com/copyleft/puppet-letsencrypt/ with a new plugin called cli, which just allows you to specify everything via additional_args.
from puppet-letsencrypt.
@ways interesting. that's something I would consider merging. although I'd rather change the name from cli
to something like none
or manual
to differentiate it from an actual letsencrypt
plugin.
from puppet-letsencrypt.
@danzilio Cool. I'll be happy to change it. I started out calling it 'manual', but that can be confused with letsencrypts manual verification. 'none', 'noop' or 'ways_rulez!' sounds OK to me. Want a pull-request for one of those?
from puppet-letsencrypt.
@ways I'm starting to wonder if we have too much indirection/abstraction around the command that gets run. Thoughts?
from puppet-letsencrypt.
@danzilio Hm. Not sure what you mean. After inserting this hack? I don't see any problem with it. As long as the documentation is solid. I think it's a short-lived solution for us stuck with old setups, and most people can ignore it.
from puppet-letsencrypt.
@ways i'm just wondering if the more durable solution is to give the user more access to the command that gets run... Let me mull this over a bit!
from puppet-letsencrypt.
@danzilio Ah, understood. No rush.
from puppet-letsencrypt.
@danzilio Any progress?
from puppet-letsencrypt.
I opened #40 with a compatible equivalent of the existing #cycle call, though for my personal use of this module I'd also be happy removing cycle entirely and having a fixed domains -> webroot_paths list (per akomakom@bf99c26 which I'm currently using).
I like the existing abstraction over the webroot command, it makes writing wrappers much easier.
from puppet-letsencrypt.
Hmm...I feel like @akomakom's solution is cleaner. Is this the more intuitive solution?
from puppet-letsencrypt.
I agree having the array lengths match is the cleaner interface - the zipping behaviour might be useful for some, but I think it's a minority feature. The downside is that it's an API change, but since the module's 0.x, perhaps you're OK accepting it?
from puppet-letsencrypt.
but since the module's 0.x, perhaps you're OK accepting it?
Correction, it's 1.x now, so it'd probably be considered a major version change.
from puppet-letsencrypt.
I'm fine bumping the major version. There are some big changes coming in the next release, the major version bump will raise some awareness.
from puppet-letsencrypt.
The webroot_paths and domain array should not need to match. it's possible to specify one webroot path and multiple domains on the cli. This standard case should be reflected.
at least one-for-all and matching numbers should be supported. I don't know how mismatched lengths should be handled best. Just append the remaining domains with no webroot specified, perhaps? -w 1 -d 1 -w 2 -d 2 -d 3 -d 4
from puppet-letsencrypt.
@pgassmann ah nice, you're right - the CLI arguments don't need to match.
I don't know how mismatched lengths should be handled best. Just append the remaining domains with no webroot specified, perhaps? -w 1 -d 1 -w 2 -d 2 -d 3 -d 4
The docs show this format with mismatched lengths is supported, any additional domains use the last webroot path. The current behaviour of this module with the cycle is to repeat from the first webroot path, so we ought to just remove that and allow the regular certbot behaviour.
from puppet-letsencrypt.
master...domcleal:28-no-cycle for that last suggested change.
from puppet-letsencrypt.
@domcleal looks good to me! i'll pull this in
from puppet-letsencrypt.
Related Issues (20)
- certbot has a python problem on centos 7 HOT 8
- Cut new version with puppet-epel dependency? HOT 1
- RHEL8 support for dns-rfc2136
- Logrotate for the letsencrypt logs HOT 1
- certbot-auto no longer works on any OS HOT 2
- Adding domains to existing certificate leads to duplicate certs/renewal configs with pattern <cert>-0001,2 etc HOT 3
- Raise compatible puppet version from <7.0 to <8.0 HOT 2
- Drop VCS install method support
- Recent update causes problems with the nginx plugin HOT 1
- CONFIGDIR/renwal/domain.conf not updated HOT 2
- Manage Cron parameter on letsencrypt::certonly will not cleanup resources. HOT 2
- feature request: cron_after_command
- `register-unsafely-without-email` config key is kept when turning `unsafe_registration` back to `false`
- Could not find class ::epel when declaring Letsencrypt class HOT 1
- New release please? HOT 3
- letsencrypt-domain-validation case sensitivity
- Documentation/examples for certonly `suppress_cron_output` not updated after removal of parameter HOT 1
- Circular dependency caused by nginx plugin HOT 2
- No certificate issued
- Unknown resource type: 'ini_setting' HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puppet-letsencrypt.