Defined Type: sslcert::certificate

Defined in:
modules/sslcert/manifests/certificate.pp

Overview

Parameters:

  • ensure (Any) (defaults to: present)
  • group (Any) (defaults to: 'ssl-cert')
  • chain (Any) (defaults to: true)
  • skip_private (Any) (defaults to: false)
  • use_cergen (Any) (defaults to: false)


50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# File 'modules/sslcert/manifests/certificate.pp', line 50

define sslcert::certificate(
  $ensure=present,
  $group='ssl-cert',
  $chain=true,
  $skip_private=false,
  $use_cergen=false,
) {
    require sslcert
    require sslcert::dhparam

    if $use_cergen {
        $private_key_source="certificates/${title}/${title}.key.private.pem"
    } else {
        $private_key_source="ssl/${title}.key"
    }

    # lint:ignore:puppet_url_without_modules
    # FIXME
    if $ensure != 'absent' {
        file { "/etc/ssl/localcerts/${title}.crt":
            ensure => $ensure,
            owner  => 'root',
            group  => $group,
            mode   => '0444',
            source => "puppet:///files/ssl/${title}.crt",
        }
    } else {
        file { "/etc/ssl/localcerts/${title}.crt":
            ensure => $ensure,
        }
    }
    # lint:endignore

    if !$skip_private {
        file { "/etc/ssl/private/${title}.key":
            ensure    => $ensure,
            owner     => 'root',
            group     => $group,
            mode      => '0440',
            show_diff => false,
            backup    => false,
            content   => secret($private_key_source),
        }
    }

    if $chain {
        sslcert::chainedcert { $title:
            ensure => $ensure,
            group  => $group,
        }
    }
}