Revision fad89b0c
Added by Stephen Benjamin over 7 years ago
manifests/params.pp | ||
---|---|---|
# for verifying the foreman https
|
||
$foreman_proxy_foreman_ssl_ca_cert = '/etc/foreman-proxy/foreman_ssl_ca.pem'
|
||
|
||
# Puppet SSL path determination code from puppet-foreman
|
||
if versioncmp($::puppetversion, '4.0') < 0 {
|
||
$aio_package = false
|
||
} elsif $::rubysitedir =~ /\/opt\/puppetlabs\/puppet/ {
|
||
$aio_package = true
|
||
} else {
|
||
$aio_package = false
|
||
}
|
||
|
||
$puppet_ssldir = $aio_package ? {
|
||
true => '/etc/puppetlabs/puppet/ssl',
|
||
default => '/etc/puppet'
|
||
}
|
||
|
||
$puppet_client_cert = "${puppet_ssldir}/client_cert.pem"
|
||
$puppet_client_key = "${puppet_ssldir}/client_key.pem"
|
||
$puppet_client_cert = "${pki_dir}/puppet/puppet_client.crt"
|
||
$puppet_client_key = "${pki_dir}/puppet/puppet_client.key"
|
||
# for verifying the foreman https
|
||
$puppet_ssl_ca_cert = "${puppet_ssldir}/ssl_ca.pem"
|
||
$puppet_ssl_ca_cert = "${pki_dir}/puppet/puppet_client_ca.crt"
|
||
|
||
$candlepin_keystore = '/etc/pki/katello/keystore'
|
||
$candlepin_certs_dir = '/etc/candlepin/certs'
|
manifests/puppet.pp | ||
---|---|---|
}
|
||
|
||
if $deploy {
|
||
|
||
file { "${certs::pki_dir}/puppet":
|
||
ensure => directory,
|
||
owner => 'puppet',
|
||
mode => '0700',
|
||
require => Class['puppet::server::install'],
|
||
} ->
|
||
Cert[$puppet_client_cert_name] ~>
|
||
pubkey { $client_cert:
|
||
key_pair => Cert[$puppet_client_cert_name],
|
||
... | ... | |
pubkey { $ssl_ca_cert:
|
||
key_pair => $::certs::server_ca,
|
||
} ~>
|
||
file { $client_key:
|
||
ensure => file,
|
||
owner => 'puppet',
|
||
mode => '0400',
|
||
require => Class['puppet::server::install'],
|
||
file { [$client_cert, $client_key, $ssl_ca_cert]:
|
||
ensure => file,
|
||
owner => 'puppet',
|
||
mode => '0400',
|
||
}
|
||
|
||
}
|
||
}
|
Also available in: Unified diff
fixes #17714 - use pki dir for puppet client certs (#117)