Revision 57f483ac
Added by Eric Helms over 9 years ago
manifests/foreman_proxy.pp | ||
---|---|---|
) inherits certs::params {
|
||
|
||
$proxy_cert_name = "${::certs::foreman_proxy::hostname}-foreman-proxy"
|
||
$foreman_proxy_client_cert_name = "${::certs::foreman_proxy::hostname}-foreman-proxy-client"
|
||
$foreman_proxy_ssl_client_bundle = "${certs::pki_dir}/private/${foreman_proxy_client_cert_name}-bundle.pem"
|
||
|
||
if $::certs::server_cert {
|
||
cert { $proxy_cert_name:
|
||
... | ... | |
}
|
||
}
|
||
|
||
$foreman_proxy_client_cert_name = "${::certs::foreman_proxy::hostname}-foreman-proxy-client"
|
||
|
||
# cert for authentication of foreman_proxy against foreman
|
||
cert { $foreman_proxy_client_cert_name:
|
||
hostname => $::certs::foreman_proxy::hostname,
|
||
... | ... | |
pubkey { $foreman_ssl_ca_cert:
|
||
key_pair => $::certs::server_ca
|
||
} ~>
|
||
key_bundle { $foreman_proxy_ssl_client_bundle:
|
||
key_pair => Cert[$foreman_proxy_client_cert_name],
|
||
} ~>
|
||
file { $foreman_proxy_ssl_client_bundle:
|
||
ensure => file,
|
||
owner => $::certs::group,
|
||
mode => '0644'
|
||
} ~>
|
||
file { $foreman_ssl_key:
|
||
ensure => file,
|
||
owner => 'foreman-proxy',
|
Also available in: Unified diff
Refs #7745: Deploy client cert bundle specifically for use by the Capsule.
Note this is a bundle since that is required by the reverse proxy
feature being added to the Capsule.