diff options
| author | varac <varacanero@zeromail.org> | 2013-09-24 17:55:22 +0200 |
|---|---|---|
| committer | varac <varacanero@zeromail.org> | 2013-09-24 21:03:36 +0200 |
| commit | 0447e92ab5dcc3d8a07613a765c60db23252f278 (patch) | |
| tree | 00d2e37d8b69af3a4a4491563b06f977c3c5f350 | |
| parent | 372c2f96997f90ae9bfd6c3315e7244ce851c460 (diff) | |
added site_config::x509::client_ca::cert and site_config::x509::client_ca::key for client_ca deployment (#3917)
| -rw-r--r-- | puppet/modules/site_config/manifests/x509/client_ca/ca.pp (renamed from puppet/modules/site_config/manifests/x509/client_ca.pp) | 8 | ||||
| -rw-r--r-- | puppet/modules/site_config/manifests/x509/client_ca/key.pp | 14 | ||||
| -rw-r--r-- | puppet/modules/site_webapp/templates/config.yml.erb | 4 |
3 files changed, 20 insertions, 6 deletions
diff --git a/puppet/modules/site_config/manifests/x509/client_ca.pp b/puppet/modules/site_config/manifests/x509/client_ca/ca.pp index 3e914cf5..0f313898 100644 --- a/puppet/modules/site_config/manifests/x509/client_ca.pp +++ b/puppet/modules/site_config/manifests/x509/client_ca/ca.pp @@ -1,14 +1,14 @@ -class site_config::x509::client_ca { +class site_config::x509::client_ca::ca { ## ## This is for the special CA that is used exclusively for generating ## client certificates by the webapp. ## - $x509 = hiera('x509') - $client_ca = $x509['client_ca_cert'] + $x509 = hiera('x509') + $cert = $x509['client_ca_cert'] x509::ca { $site_config::params::client_ca_name: - content => $client_ca + content => $cert } } diff --git a/puppet/modules/site_config/manifests/x509/client_ca/key.pp b/puppet/modules/site_config/manifests/x509/client_ca/key.pp new file mode 100644 index 00000000..f9ef3f52 --- /dev/null +++ b/puppet/modules/site_config/manifests/x509/client_ca/key.pp @@ -0,0 +1,14 @@ +class site_config::x509::client_ca::key { + + ## + ## This is for the special CA that is used exclusively for generating + ## client certificates by the webapp. + ## + + $x509 = hiera('x509') + $key = $x509['client_ca_key'] + + x509::key { $site_config::params::client_ca_name: + content => $key + } +} diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb index 0ce623fc..6b45abc2 100644 --- a/puppet/modules/site_webapp/templates/config.yml.erb +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -3,8 +3,8 @@ production: admins: <%= @webapp['admins'].inspect %> domain: <%= @provider_domain %> force_ssl: <%= @webapp['secure'] %> - client_ca_key: <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.key - client_ca_cert: <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.crt + client_ca_key: <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::client_ca_name') %>.key + client_ca_cert: <%= scope.lookupvar('x509::variables::local_CAs') %>/<%= scope.lookupvar('site_config::params::client_ca_name') %>.crt secret_token: "<%= @secret_token %>" client_cert_lifespan: <%= cert_options['life_span'].to_i %> client_cert_bit_size: <%= cert_options['bit_size'].to_i %> |