Defined Type: java::cacert

Defined in:
modules/java/manifests/cacert.pp

Overview

or to a custom one. the system one).

Parameters:

  • path (Stdlib::Unixpath)

    the location of the CA pem file to add to the truststore

  • storepass (String) (defaults to: 'changeit')

    the keystore password

  • keystore_path (Optional[Stdlib::Unixpath]) (defaults to: undef)

    optional, the keystore to create (instead of using

  • ensure (Wmflib::Ensure) (defaults to: 'present')
  • owner (String) (defaults to: 'root')
  • group (String) (defaults to: 'root') 


7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 
# File 'modules/java/manifests/cacert.pp', line 7

define java::cacert (
    Stdlib::Unixpath           $path,
    Wmflib::Ensure             $ensure        = 'present',
    String                     $storepass     = 'changeit',
    String                     $owner         = 'root',
    String                     $group         = 'root',
    Optional[Stdlib::Unixpath] $keystore_path = undef,
) {
    include java

    if $keystore_path != undef {
        $keystore = "-keystore ${keystore_path}"
        $trust_cacert = ''
    } else {
        $keystore = $java::default_java_package['version'] ? {
            '7'     => '-keystore /etc/ssl/certs/java/cacerts',
            '8'     => '-keystore /etc/ssl/certs/java/cacerts',
            default => '-cacerts',
        }
        $trust_cacert = '-trustcacerts'
    }
    $import_cmd = @("IMPORT"/L)
        /usr/bin/keytool -import ${trust_cacert} -noprompt ${keystore} \
            -file ${path} -storepass ${storepass} -alias ${title}
        | IMPORT
    $delete_cmd = "/usr/bin/keytool -delete ${keystore} -noprompt -storepass ${storepass} -alias ${title}"
    $validate_cmd = "/usr/bin/keytool -list ${keystore} -noprompt -storepass ${storepass} -alias ${title}"
    if $ensure == 'present' {
        exec {"java__cacert_${title}":
            command => $import_cmd,
            user    => 'root',
            group   => 'root',
            unless  => $validate_cmd,
        }
    } else {
        exec {"java__cacert_${title}":
            command => $delete_cmd,
            user    => 'root',
            group   => 'root',
            onlyif  => $validate_cmd,
        }
    }
    if $keystore_path {
        ensure_resource('file', $keystore_path, {
            ensure  => stdlib::ensure($ensure, 'file'),
            owner   => $owner,
            group   => $group,
        })
        Exec["java__cacert_${title}"] {
            before => File[$keystore_path]
        }
    }
}