Autocert Charmers Autocert
- Autocert Charmers
- Security
| Channel | Revision | Published | Runs on |
|---|---|---|---|
| latest/stable | 132 | 25 Jun 2024 | |
| latest/stable | 131 | 25 Jun 2024 | |
| latest/stable | 130 | 25 Jun 2024 | |
| latest/stable | 129 | 25 Jun 2024 | |
| latest/stable | 116 | 08 Sep 2023 | |
| latest/stable | 25 | 02 Feb 2022 | |
| latest/candidate | 29 | 17 Oct 2022 | |
| latest/candidate | 19 | 18 Mar 2021 | |
| latest/beta | 128 | 25 Jun 2024 | |
| latest/beta | 127 | 25 Jun 2024 | |
| latest/beta | 125 | 25 Jun 2024 | |
| latest/beta | 126 | 25 Jun 2024 | |
| latest/beta | 24 | 02 Feb 2022 | |
| latest/edge | 138 | 23 Sep 2024 | |
| latest/edge | 137 | 23 Sep 2024 | |
| latest/edge | 136 | 23 Sep 2024 | |
| latest/edge | 135 | 23 Sep 2024 | |
| latest/edge | 134 | 23 Sep 2024 | |
| latest/edge | 133 | 23 Sep 2024 |
juju deploy autocert-charmers-autocert
Deploy universal operators easily with Juju, the Universal Operator Lifecycle Manager.
Platform:
-
autocert_ca_cert | string
X.509 CA certificate for the above, if running without a root-trusted certificate. Copy and paste a PEM-encoded CA certificate into this field.
-
autocert_host | string
IP address or hostname of service to contact
-
cert_additional_names | string
A list of comma-separated, key=value pairs specifiying additional names for certificates to be mapped to via symbolic links. The value is a colon separated list of supplementary names, e.g. "test1.example.com=default:example.com, test2.example.com=mail.example.com" Alternatively, multiple key=value pairs can be specified as a YAML list.
-
cert_auth_pairs | string
A list of comma-separated, key=value pairs representing the certificates to be managed, along with their respective auth tokens, e.g. "test1.example.com=DEADBEEF, test2.example.com=FEEDFACE, test3.example.com=BAADF00D" Alternatively, multiple key=value pairs can be specified as a YAML list.
-
cert_kubernetes_names | string
A list of comma-separated, key=value pairs specifying certificate to kubernetes secret mappings. The value is a slash separated kubernetes namespace and secret name, e.g. "test1.example.com=production/test1-tls, test2.example.com=staging/test2-tls" Alternatively, multiple key=value pairs can be specified as a YAML list.
-
chain_required | boolean
Default: True
Whether an intermediate chain is required for this service
-
dir_certs | string
Default: /etc/ssl/certs
Directory to save certs (and chain certs) to (will be created if it does not exist)
-
dir_keys | string
Default: /etc/ssl/private
Directory to save private keys to (will be created if it does not exist)
-
extra_packages | string
Space separated list of extra deb packages to install.
-
filename_prefix | string
Prefix for saved cert/key files, e.g. "autocert" for "autocert_<foo.example.com>.crt"
-
install_keys | string
List of signing keys for install_sources package sources, per charmhelpers standard format (a yaml list of strings encoded as a string). The keys should be the full ASCII armoured GPG public keys. While GPG key ids are also supported and looked up on a keyserver, operators should be aware that this mechanism is insecure. null can be used if a standard package signing key is used that will already be installed on the machine, and for PPA sources where the package signing key is securely retrieved from Launchpad.
-
install_sources | string
Default: ppa:autocert-devs/stable
PPA or repository to install the package from
-
nagios_context | string
Default: juju
Used by the nrpe subordinate charms. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
-
nagios_servicegroups | string
A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup
-
package_status | string
Default: install
The status of service-affecting packages will be set to this value in the dpkg database. Valid values are "install" and "hold".
-
run_weekdays | boolean
Only run autocert refreshes on weekdays.
-
service_action | string
Action to run in "service <service_name> <service_action>", e.g. "reload" when certificate changes (one of service_action or service_action_cmd must be specified).
-
service_action_cmd | string
Command to run when certificate changes (one of service_action or service_action_cmd must be specified).
-
service_name | string
Service name - this will be used for the /etc/autocert/<service_name> config directory, as well as in "service <service_name> <service_action", if service_action is set.
-
service_test_cmd | string
Optional command to parse and verify the existing config before restarting/reloading the service, e.g. "/usr/sbin/apachectl configtest". If the return code is 0, then "service <service_name> <service_action>" will be run automatically. If not, then an error will be raised.
-
suffix_cert | string
Default: .crt
Suffix for cert files, e.g. ".crt" for "<foo.example.com>.crt"
-
suffix_chain | string
Default: _chain.crt
Suffix for CA chain files, e.g. "_chain.crt" for "<foo.example.com>_chain.crt"
-
suffix_key | string
Default: .key
Suffix for key files, e.g. ".key" for "<foo.example.com>.key"