Project

General

Profile

« Previous | Next » 

Revision 76be89b8

Added by Ivan Necas over 10 years ago

Clean code

View differences:

manifests/candlepin.pp
# Constains certs specific configurations for candlepin
class certs::candlepin (
$hostname = $::certs::node_fqdn,
$generate = $::certs::generate,
$regenerate = $::certs::regenerate,
$deploy = $::certs::deploy,
$ca = $::certs::default_ca,
$storage = '/etc/candlepin/certs',
$ca_cert = '/etc/candlepin/certs/candlepin-ca.crt',
$ca_key = '/etc/candlepin/certs/candlepin-ca.key',
$pki_dir = '/etc/pki/katello',
$keystore = '/etc/pki/katello/keystore',
$keystore_password_file = undef,
$keystore_password = undef,
$candlepin_certs_dir = $certs::params::candlepin_certs_dir
) {
$hostname = $::certs::node_fqdn,
$generate = $::certs::generate,
$regenerate = $::certs::regenerate,
$deploy = $::certs::deploy,
$ca = $::certs::default_ca,
$storage = $::certs::params::candlepin_certs_storage,
$ca_cert = $::certs::params::candlepin_ca_cert,
$ca_key = $::certs::params::candlepin_ca_key,
$pki_dir = $::certs::params::candlepin_pki_dir,
$keystore = $::certs::params::candlepin_keystore,
$keystore_password_file = $::certs::params::candlepin_keystore_password_file,
$keystore_password = $::certs::params::candlepin_keystore_password,
$candlepin_certs_dir = $::certs::params::candlepin_certs_dir
) inherits certs::params {
Exec { logoutput => 'on_failure' }
......
group => $::certs::user_groups,
mode => '0644';
} ~>
# TODO: it would be probably a bit better to not unprotect it here and
# make candlepin and openssl pkcs12 command to use the passphrase-file instead.
# On the other hand, technically there is not big difference between having
# the key unprotected or storing the passphrase-file: in both cases, getting
# the file means corrupting the certificate
privkey { $ca_key:
cert => $ca,
unprotect => true;
......
path => '/bin:/usr/bin',
creates => $keystore;
} ~>
file { "/usr/share/${candlepin::tomcat}/conf/keystore":
ensure => link,
target => $keystore;

Also available in: Unified diff