4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
# File 'modules/puppetmaster/manifests/ssl.pp', line 4
class puppetmaster::ssl(
Stdlib::Fqdn $server_name = 'puppet',
Stdlib::Unixpath $ssldir = '/var/lib/puppet/server/ssl'
){
# TODO: Hack to make class pass tests
if defined(Package['puppetmaster']) {
$before = Package['puppetmaster']
} else {
$before = undef
}
# Move the puppetmaster's SSL files to a separate directory from the client
file {
[ '/var/lib/puppet/server',
$ssldir,
]:
ensure => directory,
owner => 'puppet',
group => 'root',
mode => '0771',
before => $before;
[
"${ssldir}/ca",
"${ssldir}/certificate_requests",
"${ssldir}/certs",
"${ssldir}/public_keys",
"${ssldir}/crl",
]:
ensure => directory,
group => 'puppet';
[
"${ssldir}/private_keys",
"${ssldir}/private",
]:
ensure => directory,
group => 'puppet',
mode => '0750',;
}
exec { 'setup crl dir':
require => File["${ssldir}/crl"],
path => '/usr/sbin:/usr/bin:/sbin:/bin',
command => "ln -s ${ssldir}/ca/ca_crl.pem ${ssldir}/crl/$(openssl crl -in ${ssldir}/ca/ca_crl.pem -hash -noout).r0",
onlyif => "test ! -L ${ssldir}/crl/$(openssl crl -in ${ssldir}/ca/ca_crl.pem -hash -noout).r0",
}
# required so passanger app can start
exec { 'generate puppet private key':
command => '/usr/bin/puppet master',
creates => "${ssldir}/private_keys/${server_name}.pem",
require => File["${ssldir}/private_keys"],
before => Service['apache2'],
}
}
|