Puppet Class: puppetserver::ca
- Defined in:
- modules/puppetserver/manifests/ca.pp
Summary
configure the puppetserver CAOverview
SPDX-License-Identifier: Apache-2.0
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
# File 'modules/puppetserver/manifests/ca.pp', line 8
class puppetserver::ca (
Boolean $enable = true,
Boolean $intermediate_ca = false,
Optional[Stdlib::Filesource] $ca_public_key = undef,
Optional[Stdlib::Filesource] $ca_crl = undef,
Optional[Sensitive] $ca_private_key = undef,
) {
if $intermediate_ca and [$ca_public_key, $ca_crl, $ca_private_key].any |$item| { $item =~ Undef } {
alert("you must set all \$ca_public_key, \$ca_crl, \$ca_private_key when using \$intermediate_ca")
}
$base_content = 'puppetlabs.trapperkeeper.services.watcher.filesystem-watch-service/filesystem-watch-service'
if $enable {
$ca_content = 'puppetlabs.services.ca.certificate-authority-service/certificate-authority-service'
} else {
$ca_content = 'puppetlabs.services.ca.certificate-authority-disabled-service/certificate-authority-disabled-service'
}
file { "${puppetserver::bootstap_config_dir}/ca.cfg":
ensure => file,
content => "${[$base_content, $ca_content].join("\n")}\n",
before => Service['puppetserver'],
}
$custom_ca_dir = "${puppetserver::config_dir}/puppetserver/custom_ca"
$ca_file = "${custom_ca_dir}/ca.pem"
$key_file = "${custom_ca_dir}/ca.key"
$crl_file = "${custom_ca_dir}/crl.pem"
if $intermediate_ca {
file {
default:
ensure => file,
owner => $puppetserver::owner,
mode => '0400',
before => Exec['import intermediate CA file'];
$custom_ca_dir:
ensure => directory;
$ca_file:
source => $ca_public_key;
$key_file:
content => $ca_private_key;
$crl_file:
source => $ca_crl;
}
$command = @("COMMAND"/L)
/usr/bin/puppetserver ca import \
--cert-bundle ${ca_file} \
--private-key ${key_file} \
--crl-chain ${crl_file}
|- COMMAND
exec{'import intermediate CA file':
command => $command,
creates => "${puppetserver::config_dir}/puppetserver/ca",
}
Package['puppetserver'] ~> Exec['import intermediate CA file'] ~> Systemd::Unmask['puppetserver.service']
}
}
|