Project

General

Profile

« Previous | Next » 

Revision 0f464074

Added by Ivan Necas over 10 years ago

Extract the code

View differences:

manifests/config.pp
# Certs Configuration
class certs::config {
$candlepin_cert_name = 'candlepin-cert'
$ssl_build_path = '/root/ssl-build'
$ssl_tool_common = "--set-country '${certs::country}' --set-state '${certs::state}' --set-city '${certs::city}' --set-org-unit '${certs::org_unit}' --set-email '${certs::email}'"
$katello_pub_cert_name = 'KATELLO-TRUSTED-SSL-CERT'
$katello_private_key_name = 'KATELLO-PRIVATE-SSL-KEY'
$katello_pub_cert = "/usr/share/katello/${katello_pub_cert_name}"
$katello_private_key = "${ssl_build_path}/${katello_private_key_name}"
$candlepin_pub_cert_name = "${candlepin_cert_name}.crt"
$candlepin_private_key_name = "${candlepin_cert_name}.key"
$candlepin_pub_cert = "/usr/share/katello/${candlepin_pub_cert_name}"
$candlepin_private_key = "${ssl_build_path}/${candlepin_private_key_name}"
$candlepin_certs_storage = '/etc/candlepin/certs'
$candlepin_key_pair_name = "katello-${candlepin_cert_name}-key-pair"
$candlepin_consumer_name = "${candlepin_cert_name}-consumer-${::fqdn}"
$candlepin_consumer_summary = "Subscription-manager consumer certificate for Katello instance ${::fqdn}"
$candlepin_consumer_description = 'Consumer certificate and post installation script that configures rhsm.'
}
manifests/config/pulp.pp
include pulp::service
include qpid::service
$qpid_cert_name = 'qpid-broker'
$qpid_client_cert_name = 'qpid-client'
$qpid_package = "katello-${qpid_cert_name}-key-pair"
$nss_db_dir = "${certs::pki_dir}/nssdb/"
exec { 'generate-ssl-qpid-broker-certificate':
cwd => '/root',
path => '/usr/bin:/bin',
......
require => Exec['generate-ssl-qpid-broker-certificate'],
}
exec { 'generate-nss-password':
command => "openssl rand -base64 24 > ${certs::nss_db_password_file}",
path => '/usr/bin',
creates => $certs::nss_db_password_file
}
file { $certs::nss_db_password_file:
owner => 'root',
group => $certs::user_groups,
......
];
}
exec { 'add-candlepin-cert-to-nss-db':
command => "certutil -A -d '${nss_db_dir}' -n 'ca' -t 'TCu,Cu,Tuw' -a -i '${candlepin_pub_cert}' 2>>${certs::log_dir}/certificates.log",
path => '/usr/bin',
require => [Exec['create-nss-db'], Exec['deploy-candlepin-certificate-to-cp'], File[$certs::log_dir]],
before => Class['qpid::service'],
refreshonly => true,
}
exec { 'add-broker-cert-to-nss-db':
command => "certutil -A -d '${nss_db_dir}' -n 'broker' -t ',,' -a -i '${ssl_build_path}/${::fqdn}/${qpid_cert_name}.crt' 2>>${certs::log_dir}/certificates.log",
path => '/usr/bin',
require => [Exec['create-nss-db'], Exec['deploy-candlepin-certificate-to-cp'], File[$certs::log_dir]],
before => Class['qpid::service'],
refreshonly => true,
}
exec { 'generate-pfx-for-nss-db':
command => "openssl pkcs12 -in ${ssl_build_path}/${::fqdn}/${qpid_cert_name}.crt -inkey ${ssl_build_path}/${::fqdn}/${qpid_cert_name}.key -export -out '${ssl_build_path}/${::fqdn}/${qpid_cert_name}.pfx' -password 'file:${certs::ssl_pk12_password_file}' 2>>${certs::log_dir}/certificates.log",
path => '/usr/bin',
require => [Exec['create-nss-db'], File[$certs::ssl_pk12_password_file], File[$certs::log_dir]],
before => Class['qpid::service'],
refreshonly => true,
}
exec { 'add-private-key-to-nss-db':
command => "pk12util -i '${ssl_build_path}/${::fqdn}/${qpid_cert_name}.pfx' -d '${nss_db_dir}' -w '${certs::ssl_pk12_password_file}' -k '${certs::nss_db_password_file}' 2>>${certs::log_dir}/certificates.log",
path => '/usr/bin',
require => [Exec['add-broker-cert-to-nss-db'], Exec['generate-pfx-for-nss-db'], File[$certs::log_dir]],
before => Class['qpid::service'],
refreshonly => true,
}
# qpid client certificates
exec { 'generate-ssl-qpid-client-certificate':
cwd => '/root',
manifests/init.pp
$ssl_ca_password_file = $certs::params::ssl_ca_password_file
$nss_db_password_file = $certs::params::nss_db_password_file
$ssl_pk12_password_file = $certs::params::ssl_pk12_password_file
$nss_db_dir = '/etc/pki/katello/nssdb'
class { 'certs::install': }

Also available in: Unified diff