Puppet Class: cfssl

Defined in:
modules/cfssl/manifests/init.pp

Overview

Parameters:

  • port (Stdlib::Port) (defaults to: 8888)
  • host (Stdlib::Host) (defaults to: 'localhost')
  • log_level (Cfssl::Loglevel) (defaults to: 'info')
  • conf_dir (Stdlib::Unixpath) (defaults to: '/etc/cfssl')
  • ca_key_content (Optional[String]) (defaults to: undef)
  • ca_cert_content (Optional[String]) (defaults to: undef)


2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# File 'modules/cfssl/manifests/init.pp', line 2

class cfssl (
    Stdlib::Port     $port             = 8888,
    Stdlib::Host     $host            = 'localhost',
    Cfssl::Loglevel  $log_level       = 'info',
    Stdlib::Unixpath $conf_dir        = '/etc/cfssl',
    Optional[String] $ca_key_content  = undef,
    Optional[String] $ca_cert_content = undef,
) {
    ensure_packages(['golang-cfssl'])
    $conf_file = "${conf_dir}/cfssl.conf"
    $csr_dir = "${conf_dir}/csr"
    $internal_dir = "${conf_dir}/internal"
    $ca_key_file = '/etc/ssl/private/ca_key.pem'
    $ca_file = '/etc/ssl/certs/ca.pem'

    file{[$csr_dir, $internal_dir]:
        ensure => directory,
        owner  => 'root',
        group  => 'root',
        mode   => '0550';
    }
    if $ca_key_content and $ca_cert_content {
        file {
            default:
                ensure => file,
                owner  => 'root',
                group  => 'root',
                mode   => '0400';
            $ca_key_file:
                content => $ca_key_content;
            $ca_file:
                content => $ca_cert_content,
                mode    => '0444';
        }
    }
    systemd::service {'cfssl':
        content => template('cfssl/cfssl.service.erb'),
        restart => true,
    }
}