Revision 76be89b8
Added by Ivan Necas over 10 years ago
manifests/candlepin.pp | ||
---|---|---|
# Constains certs specific configurations for candlepin
|
||
class certs::candlepin (
|
||
$hostname = $::certs::node_fqdn,
|
||
$generate = $::certs::generate,
|
||
$regenerate = $::certs::regenerate,
|
||
$deploy = $::certs::deploy,
|
||
$ca = $::certs::default_ca,
|
||
$storage = '/etc/candlepin/certs',
|
||
$ca_cert = '/etc/candlepin/certs/candlepin-ca.crt',
|
||
$ca_key = '/etc/candlepin/certs/candlepin-ca.key',
|
||
$pki_dir = '/etc/pki/katello',
|
||
$keystore = '/etc/pki/katello/keystore',
|
||
$keystore_password_file = undef,
|
||
$keystore_password = undef,
|
||
$candlepin_certs_dir = $certs::params::candlepin_certs_dir
|
||
) {
|
||
$hostname = $::certs::node_fqdn,
|
||
$generate = $::certs::generate,
|
||
$regenerate = $::certs::regenerate,
|
||
$deploy = $::certs::deploy,
|
||
$ca = $::certs::default_ca,
|
||
$storage = $::certs::params::candlepin_certs_storage,
|
||
$ca_cert = $::certs::params::candlepin_ca_cert,
|
||
$ca_key = $::certs::params::candlepin_ca_key,
|
||
$pki_dir = $::certs::params::candlepin_pki_dir,
|
||
$keystore = $::certs::params::candlepin_keystore,
|
||
$keystore_password_file = $::certs::params::candlepin_keystore_password_file,
|
||
$keystore_password = $::certs::params::candlepin_keystore_password,
|
||
$candlepin_certs_dir = $::certs::params::candlepin_certs_dir
|
||
) inherits certs::params {
|
||
|
||
Exec { logoutput => 'on_failure' }
|
||
|
||
... | ... | |
group => $::certs::user_groups,
|
||
mode => '0644';
|
||
} ~>
|
||
# TODO: it would be probably a bit better to not unprotect it here and
|
||
# make candlepin and openssl pkcs12 command to use the passphrase-file instead.
|
||
# On the other hand, technically there is not big difference between having
|
||
# the key unprotected or storing the passphrase-file: in both cases, getting
|
||
# the file means corrupting the certificate
|
||
privkey { $ca_key:
|
||
cert => $ca,
|
||
unprotect => true;
|
||
... | ... | |
path => '/bin:/usr/bin',
|
||
creates => $keystore;
|
||
} ~>
|
||
|
||
file { "/usr/share/${candlepin::tomcat}/conf/keystore":
|
||
ensure => link,
|
||
target => $keystore;
|
Also available in: Unified diff
Clean code