Project

General

Profile

« Previous | Next » 

Revision fad89b0c

Added by Stephen Benjamin over 7 years ago

fixes #17714 - use pki dir for puppet client certs (#117)

  • refs #17714 - use pki dir for puppet client certs
  • refs #17714 - move certs to own puppet dir
  • refs #17714 - fix arrows from puppet lint

View differences:

manifests/params.pp
# for verifying the foreman https
$foreman_proxy_foreman_ssl_ca_cert = '/etc/foreman-proxy/foreman_ssl_ca.pem'
# Puppet SSL path determination code from puppet-foreman
if versioncmp($::puppetversion, '4.0') < 0 {
$aio_package = false
} elsif $::rubysitedir =~ /\/opt\/puppetlabs\/puppet/ {
$aio_package = true
} else {
$aio_package = false
}
$puppet_ssldir = $aio_package ? {
true => '/etc/puppetlabs/puppet/ssl',
default => '/etc/puppet'
}
$puppet_client_cert = "${puppet_ssldir}/client_cert.pem"
$puppet_client_key = "${puppet_ssldir}/client_key.pem"
$puppet_client_cert = "${pki_dir}/puppet/puppet_client.crt"
$puppet_client_key = "${pki_dir}/puppet/puppet_client.key"
# for verifying the foreman https
$puppet_ssl_ca_cert = "${puppet_ssldir}/ssl_ca.pem"
$puppet_ssl_ca_cert = "${pki_dir}/puppet/puppet_client_ca.crt"
$candlepin_keystore = '/etc/pki/katello/keystore'
$candlepin_certs_dir = '/etc/candlepin/certs'
manifests/puppet.pp
}
if $deploy {
file { "${certs::pki_dir}/puppet":
ensure => directory,
owner => 'puppet',
mode => '0700',
require => Class['puppet::server::install'],
} ->
Cert[$puppet_client_cert_name] ~>
pubkey { $client_cert:
key_pair => Cert[$puppet_client_cert_name],
......
pubkey { $ssl_ca_cert:
key_pair => $::certs::server_ca,
} ~>
file { $client_key:
ensure => file,
owner => 'puppet',
mode => '0400',
require => Class['puppet::server::install'],
file { [$client_cert, $client_key, $ssl_ca_cert]:
ensure => file,
owner => 'puppet',
mode => '0400',
}
}
}

Also available in: Unified diff