Puppet Class: cfssl::multirootca

Defined in:
modules/cfssl/manifests/multirootca.pp

Overview

Parameters:

  • ensure (Wmflib::Ensure) (defaults to: 'present')

    whether to ensure this class

  • host (Stdlib::Host) (defaults to: '127.0.0.1')

    the host address to listen on

  • port (Stdlib::Port) (defaults to: 8888)

    the port to listen on

  • enable_monitoring (Boolean) (defaults to: false)

    indicate if we should configure monitoring for the service

  • monitoring_critical (Boolean) (defaults to: false)

    indicate if monitoring should page

  • signers (Hash[String, Cfssl::CA::Config]) (defaults to: {})

    a hash of signer configs

  • tls_cert (Optional[Stdlib::Unixpath]) (defaults to: undef)

    path to the tls public cert used for client auth if any

  • tls_key (Optional[Stdlib::Unixpath]) (defaults to: undef)

    path to the tls private key used for client auth if any



10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# File 'modules/cfssl/manifests/multirootca.pp', line 10

class cfssl::multirootca (
    Wmflib::Ensure                  $ensure              = 'present',
    Stdlib::Host                    $host                = '127.0.0.1',
    Stdlib::Port                    $port                = 8888,
    Boolean                         $enable_monitoring   = false,
    Boolean                         $monitoring_critical = false,
    Hash[String, Cfssl::CA::Config] $signers             = {},
    Optional[Stdlib::Unixpath]      $tls_cert            = undef,
    Optional[Stdlib::Unixpath]      $tls_key             = undef,
) {
    include cfssl
    $config_file = "${cfssl::conf_dir}/multiroot.conf"
    $service_name = 'cfssl-multirootca'
    file {$config_file:
        ensure  => $ensure,
        content => template('cfssl/multiroot.conf.erb'),
        notify  => Service[$service_name],
    }
    file {'/usr/local/sbin/cfssl-certs':
        ensure => file,
        owner  => 'root',
        group  => 'root',
        mode   => '0500',
        source => 'puppet:///modules/cfssl/cfssl_certs.py',
    }
    systemd::service {'cfssl-multirootca':
        monitoring_enabled   => $enable_monitoring,
        monitoring_critical  => $monitoring_critical,
        monitoring_notes_url => 'https://wikitech.wikimedia.org/wiki/PKI',
        content              => template('cfssl/cfssl-multirootca.service.erb'),
        restart              => true,
    }
}