Defined Type: acme_chief::cert

Defined in:
modules/acme_chief/manifests/cert.pp

Overview

SPDX-License-Identifier: Apache-2.0 deploys the especified certificate on /etc/acmecerts using the following structure:

/etc/acmecerts/$title:
    live -> random_dir_name
    new  -> random_dir_name
    random_dir_name:
        rsa-2048.key
        ec-prime256v1.key
        [rsa-2048,ec-prime256v1].[chain,chained].crt
        [rsa-2048,ec-prime256v1].crt
        [rsa-2048,ec-prime256v1].ocsp

Parameters:

  • ensure (Wmflib::Ensure) (defaults to: present)
  • key_group (String) (defaults to: 'root')
  • puppet_svc (Optional[String]) (defaults to: undef)
  • puppet_rsc (Optional[Type]) (defaults to: undef)


12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# File 'modules/acme_chief/manifests/cert.pp', line 12

define acme_chief::cert (
    Wmflib::Ensure   $ensure     = present,
    String           $key_group  = 'root',
    Optional[String] $puppet_svc = undef,
    Optional[Type]   $puppet_rsc = undef,
) {
    require acme_chief

    if !defined(File['/etc/acmecerts']) {
        file { '/etc/acmecerts':
            ensure => directory,
            owner  => 'root',
            group  => 'root',
            mode   => '0755',
        }
    }

    $acmechief_host = lookup('acmechief_host')  # lint:ignore:wmf_styleguide
    # lint:ignore:puppet_url_without_modules
    file { "/etc/acmecerts/${title}":
        ensure    => stdlib::ensure($ensure, 'directory'),
        owner     => 'root',
        group     => $key_group,
        mode      => '0640',
        recurse   => true,
        show_diff => false,
        backup    => false,
        source    => "puppet://${acmechief_host}/acmedata/${title}",
        force     => true,
    }

    if $puppet_svc {
        File["/etc/acmecerts/${title}"] ~> Service[$puppet_svc]
    }
    if $puppet_rsc {
        File["/etc/acmecerts/${title}"] ~> $puppet_rsc
    }
    # lint:endignore
}