Puppet Class: pontoon::pki_acme

Defined in:
modules/pontoon/manifests/pki_acme.pp

Overview

Parameters:

  • acme_certs (Hash[String, Acme_chief::Certificate])
  • base_dir (Stdlib::UnixPath) (defaults to: '/srv/puppet_fileserver/acmedata')
  • cfssl_label (String) (defaults to: 'discovery') 


4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'modules/pontoon/manifests/pki_acme.pp', line 4

class pontoon::pki_acme (
  Hash[String, Acme_chief::Certificate] $acme_certs,
  Stdlib::UnixPath $base_dir = '/srv/puppet_fileserver/acmedata',
  String $cfssl_label = 'discovery',
) {
    $acme_certs.each |$name, $config| {
        $outdir = "${base_dir}/${name}/live"
        $parent = $outdir.dirname
        file { [$parent, $outdir]:
            ensure => directory,
            group  => 'puppet',
            mode   => '0750',
        }

        cfssl::cert { $name:
            common_name   => $config['CN'],
            hosts         => $config['SNI'],
            label         => $cfssl_label,
            outdir        => $outdir,
            provide_chain => true,
            group         => 'puppet',
        }

        # Compat symlinks with what acme-chief issues and clients expect
        ['ec-prime256v1', 'rsa-2048'].each |$key_type| {
            file { "${outdir}/${key_type}.key":
                ensure => link,
                target => "${name}-key.pem",
            }

            file { "${outdir}/${key_type}.chained.crt":
                ensure => link,
                target => "${name}.chained.pem",
            }
        }
    }
}