Defined Type: cfssl::db

Defined in:
modules/cfssl/manifests/db.pp

Overview

SPDX-License-Identifier: Apache-2.0

Parameters:

  • driver (Cfssl::DB_driver) (defaults to: 'sqlite3')

    which sql driver to use

  • username (String) (defaults to: 'cfssl')

    the username to use for the specified driver

  • password (Sensitive[String[1]]) (defaults to: Sensitive('changeme'))

    the password to use for the specified driver

  • dbname (String) (defaults to: 'cfssl')

    the database name to use for the specified driver

  • host (Stdlib::Host) (defaults to: 'localhost')

    the hostname to use for the specified driver

  • host (defaults to: 'localhost')

    the hostname to use for the specified driver

  • nofiy_service

    the Service to c$notify when significant changes have been made

  • conf_file (Optional[Stdlib::Unixpath]) (defaults to: undef)

    override the default location of the config file

  • sqlite_path (Optional[Stdlib::Unixpath]) (defaults to: undef)

    if using sqlite driver override the path of the db file

  • python_config (Boolean) (defaults to: false)

    if true also write out a python config file, used by ocsp db scripts

  • port (Stdlib::Port) (defaults to: 3306)
  • dbcharset (String) (defaults to: 'utf8mb4')
  • ssl_checkhostname (Boolean) (defaults to: false)
  • notify_service (Optional[String]) (defaults to: undef)
  • ssl_ca (Optional[Stdlib::Unixpath]) (defaults to: undef)


13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
# File 'modules/cfssl/manifests/db.pp', line 13

define cfssl::db (
    Cfssl::DB_driver           $driver            = 'sqlite3',
    String                     $username          = 'cfssl',
    Sensitive[String[1]]       $password          = Sensitive('changeme'),
    String                     $dbname            = 'cfssl',
    Stdlib::Host               $host              = 'localhost',
    Stdlib::Port               $port              = 3306,
    String                     $dbcharset         = 'utf8mb4',
    Boolean                    $python_config     = false,
    Boolean                    $ssl_checkhostname = false,
    Optional[String]           $notify_service    = undef,
    Optional[Stdlib::Unixpath] $ssl_ca            = undef,
    Optional[Stdlib::Unixpath] $conf_file         = undef,
    Optional[Stdlib::Unixpath] $sqlite_path       = undef,
) {
    include cfssl
    $_conf_file = pick($conf_file, "${cfssl::conf_dir}/db.conf")
    $_sqlite_path = pick($sqlite_path, "${cfssl::conf_dir}/cfssl_sqlite.db")
    $db_data_source = $driver ? {
        # for now we need to unwrap the sensitive value otherwise it is not interpreted
        # Related bug: PUP-8969
        'mysql' => "${username}:${password.unwrap}@tcp(${host}:${port})/${dbname}?parseTime=true&tls=skip-verify",
        default => $_sqlite_path,
    }
    if $python_config {
        $ssl = $ssl_ca ? {
            undef   => {'check_hostname' => $ssl_checkhostname},
            default => {'ca' => $ssl_ca, 'check_hostname' => $ssl_checkhostname},
        }
        $config = {
            'host'     => $host,
            'port'     => $port,
            'user'     => $username,
            'password' => $password.unwrap,
            'db'       => $dbname,
            'charset'  => $dbcharset,
            'ssl'      => $ssl,
        }
        file {"${_conf_file}.json":
            ensure    => file,
            owner     => 'root',
            group     => 'root',
            mode      => '0440',
            show_diff => false,
            content   => Sensitive($config.to_json_pretty()),
        }
    }
    $db_config = {'driver' => $driver, 'data_source' => $db_data_source}
    $_notify_service = $notify_service ? {
      undef   => undef,
      default => Service[$notify_service],
    }
    file{$conf_file:
        ensure    => file,
        owner     => 'root',
        group     => 'root',
        mode      => '0440',
        show_diff => false,
        content   => Sensitive($db_config.to_json()),
        notify    => $_notify_service,
        require   => Package[$cfssl::packages],
    }
    if $driver == 'sqlite3' {
        sqlite::db {"cfssl ${title} signer DB":
            db_path    => $_sqlite_path,
            sql_schema => "${cfssl::sql_dir}/sqlite_initdb.sql",
            require    => File["${cfssl::sql_dir}/sqlite_initdb.sql"],
            before     => $_notify_service,
        }
    }
}