Defined Type: cfssl::db
- Defined in:
- modules/cfssl/manifests/db.pp
Summary
rceate a cfssl dg config fileOverview
SPDX-License-Identifier: Apache-2.0
13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 |
# File 'modules/cfssl/manifests/db.pp', line 13
define cfssl::db (
Cfssl::DB_driver $driver = 'sqlite3',
String $username = 'cfssl',
Sensitive[String[1]] $password = Sensitive('changeme'),
String $dbname = 'cfssl',
Stdlib::Host $host = 'localhost',
Stdlib::Port $port = 3306,
String $dbcharset = 'utf8mb4',
Boolean $python_config = false,
Boolean $ssl_checkhostname = false,
Optional[String] $notify_service = undef,
Optional[Stdlib::Unixpath] $ssl_ca = undef,
Optional[Stdlib::Unixpath] $conf_file = undef,
Optional[Stdlib::Unixpath] $sqlite_path = undef,
) {
include cfssl
$_conf_file = pick($conf_file, "${cfssl::conf_dir}/db.conf")
$_sqlite_path = pick($sqlite_path, "${cfssl::conf_dir}/cfssl_sqlite.db")
$db_data_source = $driver ? {
# for now we need to unwrap the sensitive value otherwise it is not interpreted
# Related bug: PUP-8969
'mysql' => "${username}:${password.unwrap}@tcp(${host}:${port})/${dbname}?parseTime=true&tls=skip-verify",
default => $_sqlite_path,
}
if $python_config {
$ssl = $ssl_ca ? {
undef => {'check_hostname' => $ssl_checkhostname},
default => {'ca' => $ssl_ca, 'check_hostname' => $ssl_checkhostname},
}
$config = {
'host' => $host,
'port' => $port,
'user' => $username,
'password' => $password.unwrap,
'db' => $dbname,
'charset' => $dbcharset,
'ssl' => $ssl,
}
file {"${_conf_file}.json":
ensure => file,
owner => 'root',
group => 'root',
mode => '0440',
show_diff => false,
content => Sensitive($config.to_json_pretty()),
}
}
$db_config = {'driver' => $driver, 'data_source' => $db_data_source}
$_notify_service = $notify_service ? {
undef => undef,
default => Service[$notify_service],
}
file{$conf_file:
ensure => file,
owner => 'root',
group => 'root',
mode => '0440',
show_diff => false,
content => Sensitive($db_config.to_json()),
notify => $_notify_service,
require => Package[$cfssl::packages],
}
if $driver == 'sqlite3' {
sqlite::db {"cfssl ${title} signer DB":
db_path => $_sqlite_path,
sql_schema => "${cfssl::sql_dir}/sqlite_initdb.sql",
require => File["${cfssl::sql_dir}/sqlite_initdb.sql"],
before => $_notify_service,
}
}
}
|