Revision 4296d7d9
Added by Ivan Necas over 10 years ago
manifests/init.pp | ||
---|---|---|
# == Class: certs
|
||
#
|
||
# Install and configure certs
|
||
# Base for installing and configuring certs. It holds the basic configuration
|
||
# aournd certificates generation and deployment. The per-subsystem configuratoin
|
||
# of certificates should go into `subsystem_module/manifests/certs.pp`.
|
||
#
|
||
# === Parameters:
|
||
#
|
||
# $oauth_key:: The oauth key for talking to the candlepin API;
|
||
# $log_dir:: When the log files should go
|
||
#
|
||
# $node_fqdn:: The fqdn of the host the generated certificates
|
||
# should be for
|
||
#
|
||
# $generate:: Should the generation of the certs be part of the
|
||
# configuration
|
||
# type: boolean
|
||
#
|
||
# $regenerate:: Force regeneration of the certificates (excluding
|
||
# ca certificates)
|
||
# type: boolean
|
||
#
|
||
# $regenerate_ca:: Force regeneration of the ca certificate
|
||
# type: boolean
|
||
#
|
||
# $deploy:: Deploy the certs on the configured system. False means
|
||
# we want apply it on a different system
|
||
# type: boolean
|
||
#
|
||
# $ca_common_name:: Common name for the generated CA certificate
|
||
# type: string
|
||
#
|
||
# $country:: Country attribute for managed certificates
|
||
# type: string
|
||
#
|
||
# $state:: State attribute for managed certificates
|
||
# type: string
|
||
#
|
||
# $city:: City attribute for managed certificates
|
||
# type: string
|
||
#
|
||
# $org:: Org attribute for managed certificates
|
||
# type: string
|
||
#
|
||
# $org_unit:: Org unit attribute for managed certificates
|
||
# type: string
|
||
#
|
||
# $expiration:: Expiration attribute for managed certificates
|
||
# type: string
|
||
#
|
||
# $ca_expiration:: Ca expiration attribute for managed certificates
|
||
# type: string
|
||
#
|
||
class certs (
|
||
|
||
$log_dir = $certs::params::log_dir,
|
||
$tomcat = $certs::params::tomcat,
|
||
|
||
$node_fqdn = $fqdn,
|
||
$generate = true,
|
||
$regenerate = false,
|
||
$regenerate_ca = false,
|
||
$deploy = false,
|
||
$ca_common_name = $certs::params::ca_common_name,
|
||
$log_dir = $certs::params::log_dir,
|
||
$node_fqdn = $certs::params::node_fqdn,
|
||
$generate = $certs::params::generate,
|
||
$regenerate = $certs::params::regenerate,
|
||
$regenerate_ca = $certs::params::regenerate_ca,
|
||
$deploy = $certs::params::deploy,
|
||
$ca_common_name = $certs::params::ca_common_name,
|
||
$country = $certs::params::country,
|
||
$state = $certs::params::state,
|
||
$city = $certs::params::sity,
|
||
... | ... | |
$org_unit = $certs::params::org_unit,
|
||
|
||
$expiration = $certs::params::expiration,
|
||
$ca_expiration = $certs::params::ca_expiration,
|
||
|
||
$user_groups = $certs::params::user_groups,
|
||
|
||
$pki_dir = $certs::params::pki_dir,
|
||
$ssl_ca_password_file = $certs::params::ssl_ca_password_file,
|
||
$ca_expiration = $certs::params::ca_expiration
|
||
) inherits certs::params {
|
||
|
||
$nss_db_password_file = $certs::params::nss_db_password_file,
|
||
$ssl_pk12_password_file = $certs::params::ssl_pk12_password_file,
|
||
$user_groups = $certs::params::user_groups
|
||
$ssl_ca_password_file = $certs::params::ssl_ca_password_file
|
||
$nss_db_password_file = $certs::params::nss_db_password_file
|
||
$ssl_pk12_password_file = $certs::params::ssl_pk12_password_file
|
||
|
||
) inherits certs::params {
|
||
|
||
class { 'certs::install': }
|
||
|
manifests/params.pp | ||
---|---|---|
|
||
$log_dir = '/var/log/certs'
|
||
|
||
$node_fqdn = $::fqdn
|
||
|
||
$ca_common_name = $::fqdn # we need fqdn as CA common name as candlepin uses it as a ssl cert
|
||
|
||
$generate = true
|
||
$regenerate = false
|
||
$regenerate_ca = false
|
||
$deploy = true
|
||
|
||
$country = 'US'
|
||
$state = 'North Carolina'
|
||
$city = 'Raleigh'
|
Also available in: Unified diff
Make certs module usable directly from kafo