diff --git a/Vagrantfile b/Vagrantfile --- a/Vagrantfile +++ b/Vagrantfile @@ -6,7 +6,7 @@ environment_path = "/tmp/puppet/environments" manifest_file = "site.pp" manifests_path = "swh-site/manifests" -puppet_options = "--verbose" # --debug --trace for more +puppet_options = "--fileserverconfig=/etc/puppet/fileserver.conf --verbose" # --debug --trace for more puppet_default_facts = { "vagrant_testing" => "1", "testing" => "vagrant", @@ -14,12 +14,12 @@ } # local configuration -#$global_debian10_box = "debian10-20201001-0747" -#$global_debian10_box_url = "file:///path/to/packer/builds/swh-debian-10.6-amd64-20201001-0747.box" +$global_debian10_box = "debian10-20201006-0832" +$global_debian10_box_url = "file:///path/to/packer/builds/swh-debian-10.6-amd64-20201006-0832.box" # http configuration -$global_debian10_box = "debian10-20201001-0747" -$global_debian10_box_url = "https://annex.softwareheritage.org/public/isos/virtualbox/debian/swh-debian-10.6-amd64-20201001-0747.box" +$global_debian10_box = "debian10-20201006-0832" +$global_debian10_box_url = "https://annex.softwareheritage.org/public/isos/virtualbox/debian/swh-debian-10.6-amd64-20201006-0832.box" Vagrant.configure("2") do |global_config| ################ @@ -36,6 +36,8 @@ config.vm.network :private_network, ip: "10.168.128.8", netmask: "255.255.255.0" config.vm.synced_folder "/tmp/puppet/", "/tmp/puppet", type: 'nfs' + # ssl certificates share + config.vm.synced_folder "vagrant/le_certs", "/etc/puppet/le_certs", type: 'nfs' config.vm.provider "virtualbox" do |vb| vb.name = "staging-webapp" @@ -64,6 +66,8 @@ config.vm.network :private_network, ip: "10.168.128.5", netmask: "255.255.255.0" config.vm.synced_folder "/tmp/puppet/", "/tmp/puppet", type: 'nfs' + # ssl certificates share + config.vm.synced_folder "vagrant/le_certs", "/etc/puppet/le_certs", type: 'nfs' config.vm.provider "virtualbox" do |vb| vb.name = "staging-worker0" @@ -99,6 +103,8 @@ config.vm.network :private_network, ip: "10.168.100.199", netmask: "255.255.255.0" config.vm.synced_folder "/tmp/puppet/", "/tmp/puppet", type: 'nfs' + # ssl certificates share + config.vm.synced_folder "vagrant/le_certs", "/etc/puppet/le_certs", type: 'nfs' config.vm.provider "virtualbox" do |vb| vb.name = "bojimans" @@ -130,6 +136,8 @@ config.vm.network :private_network, ip: "10.168.100.21", netmask: "255.255.255.0" config.vm.synced_folder "/tmp/puppet/", "/tmp/puppet", type: 'nfs' + # ssl certificates share + config.vm.synced_folder "vagrant/le_certs", "/etc/puppet/le_certs", type: 'nfs' config.vm.provider "virtualbox" do |vb| vb.name = "worker01" @@ -167,6 +175,8 @@ config.vm.network "forwarded_port", guest: 10030, host: 22 config.vm.synced_folder "/tmp/puppet/", "/tmp/puppet", type: 'nfs' + # ssl certificates share + config.vm.synced_folder "vagrant/le_certs", "/etc/puppet/le_certs", type: 'nfs' config.vm.provider "virtualbox" do |vb| vb.name = "test" diff --git a/packer/scripts/post-install.sh b/packer/scripts/post-install.sh --- a/packer/scripts/post-install.sh +++ b/packer/scripts/post-install.sh @@ -40,6 +40,14 @@ #### apt-get install -y puppet +# Configure the fileserver for the "le_certs" share +# In the vm, this directory is a mount of the vagrant/le_certs directory configured on the vagrantfile +cat > /etc/puppet/fileserver.conf < +``` diff --git a/vagrant/le_certs/generate_certificate b/vagrant/le_certs/generate_certificate new file mode 100755 --- /dev/null +++ b/vagrant/le_certs/generate_certificate @@ -0,0 +1,27 @@ +#!/bin/bash + +set -eu + +SCRIPT_PATH=$(dirname $0) +CERTS_DIR=$SCRIPT_PATH + +if [ $# -ne 1 ]; then + echo "Usage: $0 " + exit 1 +fi + +CERT_NAME=$1 + +echo "Creating the certificate directory ${CERTS_DIR}/${CERT_NAME}..." +mkdir -p ${CERTS_DIR}/${CERT_NAME} + +pushd ${CERTS_DIR}/${CERT_NAME} + +echo "Creating the key and the certificate..." +openssl req -x509 -nodes -days 999 -newkey rsa:2048 -keyout privkey.pem -out cert.pem --subj "/C=FR/ST=Paris/CN=vagrant.local." + +echo "Creating the chain certificates..." +cp -v cert.pem chain.pem +cp -v cert.pem fullchain.pem + +echo "New certificate ${CERT_NAME} created" diff --git a/vagrant/le_certs/netbox/cert.pem b/vagrant/le_certs/netbox/cert.pem new file mode 100644 --- /dev/null +++ b/vagrant/le_certs/netbox/cert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDTTCCAjWgAwIBAgIUW4bW4uo+/Q4cn3C5FZL2QwqAoFUwDQYJKoZIhvcNAQEL +BQAwNjELMAkGA1UEBhMCRlIxDjAMBgNVBAgMBVBhcmlzMRcwFQYDVQQDDA52YWdy +YW50LmxvY2FsLjAeFw0yMDEwMDYwODUwNDZaFw0yMzA3MDIwODUwNDZaMDYxCzAJ +BgNVBAYTAkZSMQ4wDAYDVQQIDAVQYXJpczEXMBUGA1UEAwwOdmFncmFudC5sb2Nh +bC4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC77tYvrZJOkeL6Scs0 +cebDcsGZkeZDy5QNxhu2L83Ev9twwfkb9AzCzvZ+vP6qBvBzPCw9l6HzOYvJ0eix +FdVnCHR3ZL8l1pfK2mEJhp7aJ6hVX238m1WPSzWIfVYZ2tUK+4of/f0wEiu7jC61 +bMkFjrNlCT4uHkqw+uYngrCqTS2ACPeKHnajp9ugvJpdfB8EwMj7aLl4jIfoTXXt +ayXb2nhuvRgKdfp7D7DJDlgmAH1bok7QlKwfN1TM+62bAzLo4myCtHa/ZH3bjxaA +Bl5aN3PiY6EotzI3usRSvXXFZpd3n/Y4GPyUSn1U4QrtUNcx6oNfNlgkFkD7VxUF +8yuxAgMBAAGjUzBRMB0GA1UdDgQWBBRXo/M8AjJQEGItg1a70BgqgIXB/zAfBgNV +HSMEGDAWgBRXo/M8AjJQEGItg1a70BgqgIXB/zAPBgNVHRMBAf8EBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4IBAQCyG5zWd5Fo04vQqBskRV2HJkHIHnmCch9WJwVIycTJ +60y0MI8LDtYWc5iQLdkGP6kpzt9fTT5uogyVOYJ9cL3xwb0PE0Fa3mgfvcFIZq6o +zO9GgmhSihDhGG1TzY0LsEloPesZkPatyLNwkzmxs19O2J9nJ+7OKWEh23+ps5LO +pzSHByelvts+7Vl8OOlSdMps/aUofAmCF92uu3BeMhgVjV+gLFnfEO839dsTcZjL +lnqNuep7bAx4+UdkRHB2sr175cwtt2ePlpRcFYGt64vjAvXtcoBJZlaSR+fSUFvE +4DRvHofoPBk6cxSZKRQy/An8A1WzTm7m1grswlA4qhNa +-----END CERTIFICATE----- diff --git a/vagrant/le_certs/netbox/chain.pem b/vagrant/le_certs/netbox/chain.pem new file mode 100644 --- /dev/null +++ b/vagrant/le_certs/netbox/chain.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDTTCCAjWgAwIBAgIUW4bW4uo+/Q4cn3C5FZL2QwqAoFUwDQYJKoZIhvcNAQEL +BQAwNjELMAkGA1UEBhMCRlIxDjAMBgNVBAgMBVBhcmlzMRcwFQYDVQQDDA52YWdy +YW50LmxvY2FsLjAeFw0yMDEwMDYwODUwNDZaFw0yMzA3MDIwODUwNDZaMDYxCzAJ +BgNVBAYTAkZSMQ4wDAYDVQQIDAVQYXJpczEXMBUGA1UEAwwOdmFncmFudC5sb2Nh +bC4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC77tYvrZJOkeL6Scs0 +cebDcsGZkeZDy5QNxhu2L83Ev9twwfkb9AzCzvZ+vP6qBvBzPCw9l6HzOYvJ0eix +FdVnCHR3ZL8l1pfK2mEJhp7aJ6hVX238m1WPSzWIfVYZ2tUK+4of/f0wEiu7jC61 +bMkFjrNlCT4uHkqw+uYngrCqTS2ACPeKHnajp9ugvJpdfB8EwMj7aLl4jIfoTXXt +ayXb2nhuvRgKdfp7D7DJDlgmAH1bok7QlKwfN1TM+62bAzLo4myCtHa/ZH3bjxaA +Bl5aN3PiY6EotzI3usRSvXXFZpd3n/Y4GPyUSn1U4QrtUNcx6oNfNlgkFkD7VxUF +8yuxAgMBAAGjUzBRMB0GA1UdDgQWBBRXo/M8AjJQEGItg1a70BgqgIXB/zAfBgNV +HSMEGDAWgBRXo/M8AjJQEGItg1a70BgqgIXB/zAPBgNVHRMBAf8EBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4IBAQCyG5zWd5Fo04vQqBskRV2HJkHIHnmCch9WJwVIycTJ +60y0MI8LDtYWc5iQLdkGP6kpzt9fTT5uogyVOYJ9cL3xwb0PE0Fa3mgfvcFIZq6o +zO9GgmhSihDhGG1TzY0LsEloPesZkPatyLNwkzmxs19O2J9nJ+7OKWEh23+ps5LO +pzSHByelvts+7Vl8OOlSdMps/aUofAmCF92uu3BeMhgVjV+gLFnfEO839dsTcZjL +lnqNuep7bAx4+UdkRHB2sr175cwtt2ePlpRcFYGt64vjAvXtcoBJZlaSR+fSUFvE +4DRvHofoPBk6cxSZKRQy/An8A1WzTm7m1grswlA4qhNa +-----END CERTIFICATE----- diff --git a/vagrant/le_certs/netbox/fullchain.pem b/vagrant/le_certs/netbox/fullchain.pem new file mode 100644 --- /dev/null +++ b/vagrant/le_certs/netbox/fullchain.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDTTCCAjWgAwIBAgIUW4bW4uo+/Q4cn3C5FZL2QwqAoFUwDQYJKoZIhvcNAQEL +BQAwNjELMAkGA1UEBhMCRlIxDjAMBgNVBAgMBVBhcmlzMRcwFQYDVQQDDA52YWdy +YW50LmxvY2FsLjAeFw0yMDEwMDYwODUwNDZaFw0yMzA3MDIwODUwNDZaMDYxCzAJ +BgNVBAYTAkZSMQ4wDAYDVQQIDAVQYXJpczEXMBUGA1UEAwwOdmFncmFudC5sb2Nh +bC4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC77tYvrZJOkeL6Scs0 +cebDcsGZkeZDy5QNxhu2L83Ev9twwfkb9AzCzvZ+vP6qBvBzPCw9l6HzOYvJ0eix +FdVnCHR3ZL8l1pfK2mEJhp7aJ6hVX238m1WPSzWIfVYZ2tUK+4of/f0wEiu7jC61 +bMkFjrNlCT4uHkqw+uYngrCqTS2ACPeKHnajp9ugvJpdfB8EwMj7aLl4jIfoTXXt +ayXb2nhuvRgKdfp7D7DJDlgmAH1bok7QlKwfN1TM+62bAzLo4myCtHa/ZH3bjxaA +Bl5aN3PiY6EotzI3usRSvXXFZpd3n/Y4GPyUSn1U4QrtUNcx6oNfNlgkFkD7VxUF +8yuxAgMBAAGjUzBRMB0GA1UdDgQWBBRXo/M8AjJQEGItg1a70BgqgIXB/zAfBgNV +HSMEGDAWgBRXo/M8AjJQEGItg1a70BgqgIXB/zAPBgNVHRMBAf8EBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4IBAQCyG5zWd5Fo04vQqBskRV2HJkHIHnmCch9WJwVIycTJ +60y0MI8LDtYWc5iQLdkGP6kpzt9fTT5uogyVOYJ9cL3xwb0PE0Fa3mgfvcFIZq6o +zO9GgmhSihDhGG1TzY0LsEloPesZkPatyLNwkzmxs19O2J9nJ+7OKWEh23+ps5LO +pzSHByelvts+7Vl8OOlSdMps/aUofAmCF92uu3BeMhgVjV+gLFnfEO839dsTcZjL +lnqNuep7bAx4+UdkRHB2sr175cwtt2ePlpRcFYGt64vjAvXtcoBJZlaSR+fSUFvE +4DRvHofoPBk6cxSZKRQy/An8A1WzTm7m1grswlA4qhNa +-----END CERTIFICATE----- diff --git a/vagrant/le_certs/netbox/privkey.pem b/vagrant/le_certs/netbox/privkey.pem new file mode 100644 --- /dev/null +++ b/vagrant/le_certs/netbox/privkey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC77tYvrZJOkeL6 +Scs0cebDcsGZkeZDy5QNxhu2L83Ev9twwfkb9AzCzvZ+vP6qBvBzPCw9l6HzOYvJ +0eixFdVnCHR3ZL8l1pfK2mEJhp7aJ6hVX238m1WPSzWIfVYZ2tUK+4of/f0wEiu7 +jC61bMkFjrNlCT4uHkqw+uYngrCqTS2ACPeKHnajp9ugvJpdfB8EwMj7aLl4jIfo +TXXtayXb2nhuvRgKdfp7D7DJDlgmAH1bok7QlKwfN1TM+62bAzLo4myCtHa/ZH3b +jxaABl5aN3PiY6EotzI3usRSvXXFZpd3n/Y4GPyUSn1U4QrtUNcx6oNfNlgkFkD7 +VxUF8yuxAgMBAAECggEAQzLxr3a3HBUaPjjoykX4J+b+xvTei1teA1bVTd3mC/Y2 +dylE8/PeJEJw7XyS6yU0EWBwyU1RAXGQRIgkVj3iYscpLg/+MX98I3LWw9s5LfSE +QpKu92Zrv6M67yUyBmizSQwMpcfiIrA8pwFHKmRNtQkDqJsXetImDwaICZS3qwzz +zhcTCmL8a54QYyvgMu4U+fapfHpmJ0uZ5S2bkh0YlfQ6AJldvwDwZVUL+GeMFhKX +AimqCeGR2+aptozPEWYzsGZHMxKICPvu5gR/kUHASLw5AG7nbCxrnM4A9cbsKdxK +ypNSKCtbFZ8eRpPfk/9ENYnqBuQdU4ia9qoIaC4QgQKBgQD2XRyRJ5DL8xx4mDiq +qV1xrJNXwImAWD8R/5TlpD3jkSLa6Uq/kYuLU5ltTleXFs0TZRidoBpRHXojjtCE +zxyb7/H/s56MznXG+oeS1XM1WE+vq219TXVr2oEwypF3MIMhqWNayc8QcbTCB1FO +lu+sHxEHvPivMVADGTB9tKMpKQKBgQDDSKV3kFkGUOhrCcebuwry6O2sGXd6p0kv +5cx1ojPZfplKObRYr9BU6TiuFatdm9U2esIaX5wSGpM/TNLDnQWJjQHohdSH3jr9 +Nc75hTMICFha600C/AJ7WDQ0QKmleXarPOB2r+Ixg/vUzblEpvhFWUQnDI35F8PK +DNT/KWPXSQKBgQDmX01OQsQ4op31+snKdFNH78tcHFO3q01W5Dr0vi+NM/N25v4Z +wtzNLSBkQQTQ6OZdg4SQKN1TCpBi3bII7q7e9nHB3NGe85TYuv65hFWWBX2GVHQu +3pa1gv6ZhGKgJMIKYR3iEKJKyzju0u7p4WQ+/FHtfXzCPgeGzjA07AxCeQKBgHKB +emStQ0Ys0ttQlLZ/6l+crSAonqJQzN1FBapEPdreHMwlIdaO4L2pMw8ArcbpxQ94 +06/bOAx1gLmxNjR1MfYBtIi/UGuKp1Qp5P7yV4XyPryxFCsX0ey5P4MUF2Vr32Vx +AL0XTK50EYoqRuQ2c4VWXlv3RJg2kxs6gvpLLrvhAoGBAKAZMypv2Dh8PIYjJRcw +HBhkZwd1mEUijxLWQFT0rxGT86plPz9maW546yulCO5PxJ7Fr0HcumLfRCZcabXY +ifi4phpFRKZ44hcc/DMktaZ65tMQ/QBdpD+HOmEbRa3v6HQT7s7WJvIO4WN/ke6Q +n3xAPplO3VLW9zwGl5+FxKCg +-----END PRIVATE KEY-----