Revision 12877061
Added by Ewoud Kohl van Wijngaarden about 4 years ago
manifests/foreman_proxy_content.pp | ||
---|---|---|
Array[Stdlib::Fqdn] $foreman_proxy_cname = $certs::foreman_proxy_content::params::foreman_proxy_cname,
|
||
) inherits certs::foreman_proxy_content::params {
|
||
|
||
if $foreman_proxy_fqdn == $facts['fqdn'] {
|
||
if $foreman_proxy_fqdn == $facts['networking']['fqdn'] {
|
||
fail('The hostname is the same as the provided hostname for the foreman-proxy')
|
||
}
|
||
|
||
class { '::certs::puppet': hostname => $foreman_proxy_fqdn, cname => $foreman_proxy_cname }
|
||
class { '::certs::foreman': hostname => $foreman_proxy_fqdn, cname => $foreman_proxy_cname }
|
||
class { '::certs::foreman_proxy': hostname => $foreman_proxy_fqdn, cname => $foreman_proxy_cname }
|
||
class { '::certs::apache': hostname => $foreman_proxy_fqdn, cname => $foreman_proxy_cname }
|
||
class { '::certs::qpid': hostname => $foreman_proxy_fqdn, cname => $foreman_proxy_cname }
|
||
class { '::certs::qpid_router': hostname => $foreman_proxy_fqdn, cname => $foreman_proxy_cname }
|
||
class { '::certs::qpid_client': hostname => $foreman_proxy_fqdn, cname => $foreman_proxy_cname }
|
||
class { 'certs::puppet': hostname => $foreman_proxy_fqdn, cname => $foreman_proxy_cname }
|
||
class { 'certs::foreman': hostname => $foreman_proxy_fqdn, cname => $foreman_proxy_cname }
|
||
class { 'certs::foreman_proxy': hostname => $foreman_proxy_fqdn, cname => $foreman_proxy_cname }
|
||
class { 'certs::apache': hostname => $foreman_proxy_fqdn, cname => $foreman_proxy_cname }
|
||
class { 'certs::qpid': hostname => $foreman_proxy_fqdn, cname => $foreman_proxy_cname }
|
||
class { 'certs::qpid_router': hostname => $foreman_proxy_fqdn, cname => $foreman_proxy_cname }
|
||
class { 'certs::qpid_client': hostname => $foreman_proxy_fqdn, cname => $foreman_proxy_cname }
|
||
|
||
certs::tar_create { $certs_tar:
|
||
subscribe => Class['certs::puppet', 'certs::foreman', 'certs::foreman_proxy', 'certs::qpid', 'certs::qpid_router', 'certs::apache', 'certs::qpid_client'],
|
manifests/foreman_proxy_content/params.pp | ||
---|---|---|
# even though it's the current recommended default. By adding indirection to a
|
||
# class we can work around this.
|
||
class certs::foreman_proxy_content::params {
|
||
$parent_fqdn = $facts['fqdn']
|
||
$parent_fqdn = $facts['networking']['fqdn']
|
||
$foreman_proxy_cname = []
|
||
}
|
manifests/params.pp | ||
---|---|---|
$pki_dir = '/etc/pki/katello'
|
||
$ssl_build_dir = '/root/ssl-build'
|
||
|
||
$node_fqdn = $facts['fqdn']
|
||
$node_fqdn = $facts['networking']['fqdn']
|
||
$cname = []
|
||
|
||
$custom_repo = false
|
||
|
||
$ca_common_name = $facts['fqdn'] # we need fqdn as CA common name as candlepin uses it as a ssl cert
|
||
$ca_common_name = $facts['networking']['fqdn'] # we need fqdn as CA common name as candlepin uses it as a ssl cert
|
||
$generate = true
|
||
$regenerate = false
|
||
$deploy = true
|
manifests/ssltools/certutil.pp | ||
---|---|---|
# type to append cert to nssdb
|
||
define certs::ssltools::certutil($nss_db_dir, $client_cert, $cert_name=$title, $refreshonly = true, $trustargs = ',,') {
|
||
include ::certs::ssltools::nssdb
|
||
include certs::ssltools::nssdb
|
||
|
||
Class['::certs::ssltools::nssdb'] ->
|
||
exec { "delete ${cert_name}":
|
||
... | ... | |
} ->
|
||
exec { $cert_name:
|
||
path => ['/bin', '/usr/bin'],
|
||
command => "certutil -A -d '${nss_db_dir}' -n '${cert_name}' -t '${trustargs}' -a -i '${client_cert}' -f '${::certs::ssltools::nssdb::nss_db_password_file}'",
|
||
command => "certutil -A -d '${nss_db_dir}' -n '${cert_name}' -t '${trustargs}' -a -i '${client_cert}' -f '${certs::ssltools::nssdb::nss_db_password_file}'",
|
||
unless => "certutil -L -d ${nss_db_dir} | grep '^${cert_name}\\b'",
|
||
logoutput => true,
|
||
refreshonly => $refreshonly,
|
manifests/ssltools/nssdb.pp | ||
---|---|---|
|
||
$nss_db_password_file = "${nss_db_dir}/nss_db_password-file"
|
||
|
||
$nssdb_files = $facts['operatingsystemmajrelease'] ? {
|
||
$nssdb_files = $facts['os']['release']['major'] ? {
|
||
'7' => ["${nss_db_dir}/cert8.db", "${nss_db_dir}/key3.db", "${nss_db_dir}/secmod.db"],
|
||
default => ["${nss_db_dir}/cert9.db", "${nss_db_dir}/key4.db", "${nss_db_dir}/pkcs11.txt"]
|
||
}
|
Also available in: Unified diff
Lint autofix