Puppet Class: cfssl::multirootca

Defined in:

modules/cfssl/manifests/multirootca.pp

Summary

configure cfssl multirootca

Overview

SPDX-License-Identifier: Apache-2.0

Parameters:

• ensure (Wmflib::Ensure) (defaults to: 'present') —

  whether to ensure this class

• host (Stdlib::Host) (defaults to: '127.0.0.1') —

  the host address to listen on

• port (Stdlib::Port) (defaults to: 8888) —

  the port to listen on

• enable_monitoring (Boolean) (defaults to: false) —

  indicate if we should configure monitoring for the service

• monitoring_critical (Boolean) (defaults to: false) —

  indicate if monitoring should page

• signers (Hash[Cfssl::Ca_name, Cfssl::CA::Config]) (defaults to: {}) —

  a hash of signer configs

• tls_cert (Optional[Stdlib::Unixpath]) (defaults to: undef) —

  path to the tls public cert used for client auth if any

• tls_key (Optional[Stdlib::Unixpath]) (defaults to: undef) —

  path to the tls private key used for client auth if any

# File 'modules/cfssl/manifests/multirootca.pp', line 11

class cfssl::multirootca (
    Wmflib::Ensure             $ensure               = 'present',
    Stdlib::Host               $host                 = '127.0.0.1',
    Stdlib::Port               $port                 = 8888,
    Boolean                    $enable_monitoring    = false,
    Boolean                    $monitoring_critical  = false,
    Optional[Stdlib::Unixpath] $tls_cert             = undef,
    Optional[Stdlib::Unixpath] $tls_key              = undef,
    Hash[Cfssl::Ca_name, Cfssl::CA::Config] $signers = {},
) {
    include cfssl
    $config_file = "${cfssl::conf_dir}/multiroot.conf"
    $service_name = 'cfssl-multirootca'
    file {$config_file:
        ensure  => $ensure,
        content => template('cfssl/multiroot.conf.erb'),
        notify  => Service[$service_name],
    }
    file {'/usr/local/sbin/cfssl-certs':
        ensure => file,
        owner  => 'root',
        group  => 'root',
        mode   => '0500',
        source => 'puppet:///modules/cfssl/cfssl_certs.py',
    }
    systemd::service {'cfssl-multirootca':
        monitoring_enabled   => $enable_monitoring,
        monitoring_critical  => $monitoring_critical,
        monitoring_notes_url => 'https://wikitech.wikimedia.org/wiki/PKI',
        content              => template('cfssl/cfssl-multirootca.service.erb'),
        restart              => true,
    }
}