-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Mick Hilhorst
committed
Sep 25, 2023
1 parent
b72ae6a
commit b30c21f
Showing
13 changed files
with
533 additions
and
2,238 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
99 changes: 99 additions & 0 deletions
99
terraform/citrix-adc/modules/netscaler.letsencrypt/lec_config.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
|
||
|
||
# Create Private Key | ||
resource "tls_private_key" "le_private_key" { | ||
algorithm = var.letsencrypt_certificate.private_key_algorithm | ||
ecdsa_curve = var.letsencrypt_certificate.private_key_ecdsa_curve | ||
rsa_bits = var.letsencrypt_certificate.private_key_rsa_bits | ||
} | ||
|
||
# Register with ACME | ||
resource "acme_registration" "le_registration" { | ||
account_key_pem = tls_private_key.le_private_key.private_key_pem | ||
email_address = var.letsencrypt_certificate.registration_email_address | ||
|
||
depends_on = [ | ||
tls_private_key.le_private_key | ||
] | ||
} | ||
|
||
# Create Certificate | ||
resource "acme_certificate" "le_certificate" { | ||
account_key_pem = acme_registration.le_registration.account_key_pem | ||
common_name = var.letsencrypt_certificate.common_name | ||
subject_alternative_names = var.letsencrypt_certificate-san | ||
|
||
http_challenge { | ||
} | ||
|
||
depends_on = [ | ||
acme_registration.le_registration | ||
] | ||
} | ||
|
||
# Upload cert files to /nsconfig/ssl on ADC | ||
resource "citrixadc_systemfile" "le_upload_cert" { | ||
filename = "${var.letsencrypt_certificate.common_name}_certificate.cer" | ||
filelocation = "/nsconfig/ssl" | ||
filecontent = lookup(acme_certificate.le_certificate,"certificate_pem") | ||
|
||
depends_on = [ | ||
acme_certificate.le_certificate | ||
] | ||
} | ||
|
||
resource "citrixadc_systemfile" "le_upload_key" { | ||
filename = "${var.letsencrypt_certificate.common_name}_privatekey.cer" | ||
filelocation = "/nsconfig/ssl" | ||
filecontent = nonsensitive(lookup(acme_certificate.le_certificate,"private_key_pem")) | ||
|
||
depends_on = [ | ||
acme_certificate.le_certificate | ||
] | ||
} | ||
|
||
resource "citrixadc_systemfile" "le_upload_root" { | ||
filename = "${var.letsencrypt_certificate.common_name}_rootca.cer" | ||
filelocation = "/nsconfig/ssl" | ||
filecontent = lookup(acme_certificate.le_certificate,"issuer_pem") | ||
|
||
depends_on = [ | ||
acme_certificate.le_certificate | ||
] | ||
} | ||
|
||
# Implement root certificate | ||
resource "citrixadc_sslcertkey" "le_implement_rootca" { | ||
certkey = "ssl_cert_${var.letsencrypt_certificate.common_name}_RootCA" | ||
cert = "/nsconfig/ssl/${var.letsencrypt_certificate.common_name}_rootca.cer" | ||
expirymonitor = "DISABLED" | ||
|
||
depends_on = [ | ||
citrixadc_systemfile.le_upload_cert, | ||
citrixadc_systemfile.le_upload_key | ||
] | ||
} | ||
|
||
# Implement server certificate | ||
resource "citrixadc_sslcertkey" "le_implement_certkeypair" { | ||
certkey = "ssl_cert_${var.letsencrypt_certificate.common_name}_Server" | ||
cert = "/nsconfig/ssl/${var.letsencrypt_certificate.common_name}_certificate.cer" | ||
key = "/nsconfig/ssl/${var.letsencrypt_certificate.common_name}_privatekey.cer" | ||
expirymonitor = "DISABLED" | ||
linkcertkeyname = "ssl_cert_${var.letsencrypt_certificate.common_name}_RootCA" | ||
|
||
depends_on = [ | ||
citrixadc_sslcertkey.le_implement_rootca | ||
] | ||
} | ||
|
||
# Save config | ||
resource "citrixadc_nsconfig_save" "le_save" { | ||
all = true | ||
timestamp = timestamp() | ||
|
||
depends_on = [ | ||
citrixadc_sslcertkey.le_implement_certkeypair, | ||
citrixadc_sslcertkey.le_implement_rootca | ||
] | ||
} |
66 changes: 66 additions & 0 deletions
66
terraform/citrix-adc/modules/netscaler.letsencrypt/lec_loadbalancer.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
# Add LB Server | ||
resource "citrixadc_server" "le_lb_install_server" { | ||
name = var.letsencrypt_lb.lb_srv_name | ||
ipaddress = var.letsencrypt_lb.backend_ip | ||
} | ||
|
||
# Add LB Service Groups | ||
resource "citrixadc_servicegroup" "le_lb_install_servicegroup" { | ||
|
||
servicegroupname = var.letsencrypt_lb.lb_sg_name | ||
servicetype = var.letsencrypt_lb.servicetype | ||
healthmonitor = var.letsencrypt_lb.lb_sg_healthmonitor | ||
|
||
depends_on = [ | ||
citrixadc_server.le_lb_install_server | ||
] | ||
} | ||
|
||
# Bind LB Server to Service Groups | ||
resource "citrixadc_servicegroup_servicegroupmember_binding" "le_lb_install_sg_server_binding" { | ||
servicegroupname = citrixadc_servicegroup.le_lb_install_servicegroup.servicegroupname | ||
servername = citrixadc_server.le_lb_install_server.name | ||
port = var.letsencrypt_lb.port | ||
|
||
depends_on = [ | ||
citrixadc_servicegroup.le_lb_install_servicegroup | ||
] | ||
} | ||
|
||
##### | ||
# Add and configure LB vServer _ Type http | ||
##### | ||
resource "citrixadc_lbvserver" "le_lb_install_vserver_http" { | ||
name = var.letsencrypt_lb.lb_vs_name | ||
servicetype = var.letsencrypt_lb.servicetype | ||
ipv46 = var.letsencrypt_lb.frontend_ip | ||
port = var.letsencrypt_lb.port | ||
lbmethod = var.letsencrypt_lb.lb_vs_lbmethod | ||
persistencetype = var.letsencrypt_lb.lb_vs_persistencetype | ||
timeout = var.letsencrypt_lb.lb_vs_timeout | ||
|
||
depends_on = [ | ||
citrixadc_servicegroup_servicegroupmember_binding.le_lb_install_sg_server_binding | ||
] | ||
} | ||
|
||
# Bind LB Service Groups to LB vServers | ||
resource "citrixadc_lbvserver_servicegroup_binding" "le_lb_install_vserver_sg_binding" { | ||
name = citrixadc_lbvserver.le_lb_install_vserver_http.name | ||
servicegroupname = citrixadc_servicegroup.le_lb_install_servicegroup.servicegroupname | ||
|
||
depends_on = [ | ||
citrixadc_lbvserver.le_lb_install_vserver_http | ||
] | ||
} | ||
|
||
# Save config | ||
resource "citrixadc_nsconfig_save" "le_lb_install_save" { | ||
all = true | ||
timestamp = timestamp() | ||
|
||
depends_on = [ | ||
citrixadc_lbvserver_servicegroup_binding.le_lb_install_vserver_sg_binding | ||
] | ||
} | ||
|
11 changes: 11 additions & 0 deletions
11
terraform/citrix-adc/modules/netscaler.letsencrypt/provider.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
terraform { | ||
required_providers { | ||
# ACME provider for LetsEncrypt | ||
acme = { | ||
source = "vancluever/acme" | ||
} | ||
citrixadc = { | ||
source = "citrix/citrixadc" | ||
} | ||
} | ||
} |
40 changes: 40 additions & 0 deletions
40
terraform/citrix-adc/modules/netscaler.letsencrypt/variables.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
# ADC LetsEncrypt LB configuration variables | ||
variable letsencrypt_lb { | ||
type = map | ||
description = "LetsEncrypt LoadBalancer configuration variables" | ||
default = { | ||
backend-ip = "192.168.1.25" | ||
frontend-ip = "192.168.1.17" | ||
servicetype = "TCP" | ||
port = "80" | ||
lb_srv_name = "lb_srv_letsencrypt_backend" | ||
lb_sg_name = "lb_sg_letsencrypt_backend" | ||
lb_sg_healthmonitor = "NO" | ||
lb_vs_name = "lb_vs_letsencrypt" | ||
lb_vs_lbmethod = "LEASTCONNECTION" | ||
lb_vs_persistencetype = "SOURCEIP" | ||
lb_vs_timeout = "2" | ||
} | ||
} | ||
|
||
# ADC LetsEncrypt configuration variables | ||
variable letsencrypt_certificate { | ||
type = map | ||
description = "Lets Encrypt Certificate configuration variables" | ||
default = { | ||
private_key_algorithm = "RSA" | ||
private_key_rsa_bits = "4096" | ||
private_key_ecdsa_curve = "P224" | ||
registration_email_address = "you@something.com" | ||
common_name = "environment.com" | ||
|
||
} | ||
} | ||
|
||
variable letsencrypt_certificate-san { | ||
type = list | ||
default = [ | ||
"citrix.YourEnvironment.YourDomain.YourTLD" | ||
] | ||
} | ||
|
Oops, something went wrong.