Defined Type: acme_chief::cert

Defined in:
modules/acme_chief/manifests/cert.pp

Overview

 deploys the especified certificate on /etc/acmecerts using the following structure:

/etc/acmecerts/$title:
    live -> random_dir_name
    new  -> random_dir_name
    random_dir_name:
        rsa-2048.key
        ec-prime256v1.key
        [rsa-2048,ec-prime256v1].[chain,chained].crt
        [rsa-2048,ec-prime256v1].crt
        [rsa-2048,ec-prime256v1].ocsp

Parameters:

  • ensure (Any) (defaults to: present)
  • puppet_svc (Optional[String]) (defaults to: undef)
  • puppet_rsc (Optional[Type]) (defaults to: undef)
  • key_group (String) (defaults to: 'root')
  • ocsp (Optional[Boolean]) (defaults to: undef)
  • ocsp_proxy (Optional[String]) (defaults to: undef)


11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
# File 'modules/acme_chief/manifests/cert.pp', line 11

define acme_chief::cert (
    $ensure = present,
    Optional[String] $puppet_svc = undef,
    Optional[Type] $puppet_rsc = undef,
    String $key_group = 'root',
    Optional[Boolean] $ocsp = undef, # deprecated, it will be removed soon
    Optional[String] $ocsp_proxy = undef, # deprecated, it will be removed soon
) {
    require ::acme_chief

    if defined('$ocsp') {
        warning('ocsp parameter will be removed soon')
    }
    if $ocsp_proxy {
        warning('ocsp_proxy parameter will be removed soon')
    }

    if !defined(File['/etc/acmecerts']) {
        file { '/etc/acmecerts':
            ensure => directory,
            owner  => 'root',
            group  => 'root',
            mode   => '0755',
        }
    }

    # lint:ignore:puppet_url_without_modules
    file { "/etc/acmecerts/${title}":
        ensure    => ensure_directory($ensure),
        owner     => 'root',
        group     => $key_group,
        mode      => '0640',
        recurse   => true,
        show_diff => false,
        source    => "puppet://${::acmechief_host}/acmedata/${title}",
    }

    if $puppet_svc {
        File["/etc/acmecerts/${title}"] ~> Service[$puppet_svc]
    }
    if $puppet_rsc {
        File["/etc/acmecerts/${title}"] ~> $puppet_rsc
    }
    # lint:endignore
}