Revision d4a730d7
Added by Eric Helms about 10 years ago
manifests/puppet.pp | ||
---|---|---|
# Class for handling Puppet cert configuration
|
||
class certs::puppet (
|
||
$hostname = $::certs::node_fqdn,
|
||
$generate = $::certs::generate,
|
||
$regenerate = $::certs::regenerate,
|
||
$deploy = $::certs::deploy,
|
||
$ca = $::certs::default_ca,
|
||
$client_cert = $::certs::params::puppet_client_cert,
|
||
$client_key = $::certs::params::puppet_client_key,
|
||
$client_ca = $::certs::params::puppet_client_ca
|
||
|
||
$hostname = $::certs::node_fqdn,
|
||
$generate = $::certs::generate,
|
||
$regenerate = $::certs::regenerate,
|
||
$deploy = $::certs::deploy,
|
||
|
||
$ca = $::certs::default_ca,
|
||
$client_cert = $::certs::params::puppet_client_cert,
|
||
$client_key = $::certs::params::puppet_client_key,
|
||
$client_ca_cert = $::certs::params::puppet_client_ca_cert
|
||
|
||
) inherits certs::params {
|
||
|
||
$puppet_client_cert_name = "${::certs::puppet::hostname}-puppet-client"
|
||
|
||
# cert for authentication of puppetmaster against foreman
|
||
cert { "${::certs::puppet::hostname}-puppet-client":
|
||
hostname => $::certs::puppet::hostname,
|
||
purpose => client,
|
||
country => $::certs::country,
|
||
state => $::certs::state,
|
||
city => $::certs::sity,
|
||
org => 'FOREMAN',
|
||
org_unit => 'PUPPET',
|
||
expiration => $::certs::expiration,
|
||
ca => $ca,
|
||
generate => $generate,
|
||
regenerate => $regenerate,
|
||
deploy => $deploy,
|
||
cert { $puppet_client_cert_name:
|
||
hostname => $::certs::puppet::hostname,
|
||
purpose => client,
|
||
country => $::certs::country,
|
||
state => $::certs::state,
|
||
city => $::certs::sity,
|
||
org => 'FOREMAN',
|
||
org_unit => 'PUPPET',
|
||
expiration => $::certs::expiration,
|
||
ca => $ca,
|
||
generate => $generate,
|
||
regenerate => $regenerate,
|
||
deploy => $deploy,
|
||
password_file => $certs::ca_key_password_file,
|
||
}
|
||
|
||
if $deploy {
|
||
pubkey { $client_cert:
|
||
cert => Cert["${::certs::puppet::hostname}-puppet-client"],
|
||
}
|
||
|
||
Cert[$puppet_client_cert_name] ~>
|
||
pubkey { $client_cert:
|
||
key_pair => Cert[$puppet_client_cert_name],
|
||
} ~>
|
||
privkey { $client_key:
|
||
cert => Cert["${::certs::puppet::hostname}-puppet-client"],
|
||
key_pair => Cert[$puppet_client_cert_name],
|
||
} ->
|
||
|
||
pubkey { $client_ca_cert:
|
||
key_pair => $ca
|
||
} ~>
|
||
file { $client_key:
|
||
ensure => file,
|
||
owner => 'puppet',
|
||
mode => '0400',
|
||
}
|
||
|
||
pubkey { $client_ca:
|
||
cert => $ca,
|
||
}
|
||
}
|
||
}
|
Also available in: Unified diff
Addresses changes made to katello-certs-tools regarding location of
cert generation and password arguments to katello-certs-tools. Provies
cleanup and simplification of where and what certs are used as well as
changing the naming conventions to reflect the fact that Katello is
the project controlling and generating the CA and certs.