/manifests/init.pp - Katello - Foreman

puppet-certs/manifests/init.pp @ 91651c55

       # == Class: certs
+      #
       # Base for installing and configuring certs. It holds the basic configuration
       # aournd certificates generation and deployment. The per-subsystem configuratoin
       # of certificates should go into `subsystem_module/manifests/certs.pp`.
+      #
       # === Parameters:
+      #
       # $node_fqdn::            The fqdn of the host the generated certificates
       #                         should be for
+      #
       # $cname::                The alternative names of the host the generated certificates
       #                         should be for
+      #
       # $server_ca_cert::       Path to the CA that issued the ssl certificates for https
       #                         if not specified, the default CA will be used
+      #
       # $server_cert::          Path to the ssl certificate for https
       #                         if not specified, the default CA will generate one
+      #
       # $server_key::           Path to the ssl key for https
       #                         if not specified, the default CA will generate one
+      #
       # $server_cert_req::      Path to the ssl certificate request for https
       #                         if not specified, the default CA will generate one
+      #
       # $tar_file::             Use a tarball with certificates rather than generate
       #                         new ones. This can be used on another node which is
       #                         not the CA.
+      #
       # === Advanced parameters:
+      #
       # $generate::             Should the generation of the certs be part of the
       #                         configuration
+      #
       # $regenerate::           Force regeneration of the certificates (excluding
       #                         CA certificates)
+      #
       # $deploy::               Deploy the certs on the configured system. False means
       #                         we want to apply it to a different system
+      #
       # $ca_common_name::       Common name for the generated CA certificate
+      #
       # $country::              Country attribute for managed certificates
+      #
       # $state::                State attribute for managed certificates
+      #
       # $city::                 City attribute for managed certificates
+      #
       # $org::                  Org attribute for managed certificates
+      #
       # $org_unit::             Org unit attribute for managed certificates
+      #
       # $expiration::           Expiration attribute for managed certificates
+      #
       # $ca_expiration::        CA expiration attribute for managed certificates
+      #
       # $pki_dir::              The PKI directory under which to place certs
+      #
       # $ssl_build_dir::        The directory where SSL keys, certs and RPMs will be generated
+      #
       # $user::                 The system user name who should own the certs
+      #
       # $group::                The group who should own the certs
+      #
       # $default_ca_name::      The name of the default CA
+      #
       # $server_ca_name::       The name of the server CA (used for https)
+      #
       class certs (
         Stdlib::Fqdn $node_fqdn = $certs::params::node_fqdn,
         Array[Stdlib::Fqdn] $cname = $certs::params::cname,
         Boolean $generate = true,
         Boolean $regenerate = false,
         Boolean $deploy = true,
         String $ca_common_name = $certs::params::ca_common_name,
         String[2,2] $country = 'US',
         String $state = 'North Carolina',
         String $city = 'Raleigh',
         String $org = 'Katello',
         String $org_unit = 'SomeOrgUnit',
         String $expiration = '7300', # 20 years
         String $ca_expiration = '36500', # 100 years
         Optional[Stdlib::Absolutepath] $server_cert = undef,
         Optional[Stdlib::Absolutepath] $server_key = undef,
         Optional[Stdlib::Absolutepath] $server_cert_req = undef,
         Optional[Stdlib::Absolutepath] $server_ca_cert = undef,
         Stdlib::Absolutepath $pki_dir = $certs::params::pki_dir,
         Stdlib::Absolutepath $ssl_build_dir = '/root/ssl-build',
         String $user = 'root',
         String $group = 'root',
         String $default_ca_name = 'katello-default-ca',
         String $server_ca_name = 'katello-server-ca',
         Optional[Stdlib::Absolutepath] $tar_file = undef,
       ) inherits certs::params {
         if $server_cert {
           validate_file_exists($server_cert, $server_key, $server_ca_cert)
           if $server_cert_req {
             validate_file_exists($server_cert_req)
+          }
+        }
         $ca_key = "${pki_dir}/private/${default_ca_name}.key"
         $ca_cert = "${pki_dir}/certs/${default_ca_name}.crt"
         $ca_cert_stripped = "${pki_dir}/certs/${default_ca_name}-stripped.crt"
         $ca_key_password = extlib::cache_data('foreman_cache_data', 'ca_key_password', extlib::random_password(24))
         $ca_key_password_file = "${ssl_build_dir}/${default_ca_name}.pwd"
         $katello_server_ca_cert = "${pki_dir}/certs/${server_ca_name}.crt"
         $katello_default_ca_cert = "${pki_dir}/certs/${default_ca_name}.crt"
         if $tar_file {
           certs::tar_extract { $tar_file:
             before => Class['certs::install'],
+          }
+        }
         contain certs::install
         contain certs::config
         contain certs::ca
         Class['certs::install'] ->
         Class['certs::config'] ->
         Class['certs::ca']
         $default_ca = Ca[$default_ca_name]
+      }

(8-8/14)

Project

General

Profile

Plugins » Katello