ca daemon -- ca daemon needs the x509 cert/key for the CA, not for the server.

2 files changed, 23 insertions, 10 deletions

diff --git a/provider_base/services/ca.json b/provider_base/services/ca.json
index a4ded72b..3fb8bf6c 100644
--- a/provider_base/services/ca.json
+++ b/provider_base/services/ca.json
@@ -5,6 +5,7 @@
   },
   "service_type": "internal_service",
   "x509": {
-    "use": true
+    "use": true,
+    "ca_key": "= file(:ca_key, :missing => 'CA key. Run `leap cert ca` to create the Certificate Authority.')"
   }
 }
diff --git a/puppet/modules/site_ca_daemon/manifests/init.pp b/puppet/modules/site_ca_daemon/manifests/init.pp
index 34b2c522..29a70df8 100644
--- a/puppet/modules/site_ca_daemon/manifests/init.pp
+++ b/puppet/modules/site_ca_daemon/manifests/init.pp
@@ -31,21 +31,33 @@ class site_ca_daemon {
 
   x509::key {
     'leap_ca_daemon':
-      content => $x509['key'],
-      #notify  => Service[apache];
+      content => $x509['ca_key'];
+      #notify  => Service['leap_ca_daemon']; <== no service yet for leap_ca_daemon
   }
 
   x509::cert {
     'leap_ca_daemon':
-      content => $x509['cert'],
-      #notify  => Service[apache];
+      content => $x509['ca_cert'];
+      #notify  => Service['leap_ca_daemon'];  <== no service yet for leap_ca_daemon
   }
 
-  x509::ca {
-    'leap_ca_daemon':
-      content => $x509['ca_cert'],
-      #notify  => Service[apache];
-  }
+  #
+  # Does CA need a server key/cert? I think not now.
+  #
+  # x509::key {
+  #   'server':
+  #     content => $x509['key'];
+  # }
+  #
+  # x509::cert {
+  #   'server':
+  #     content => $x509['cert'];
+  # }
+
+  # x509::ca {
+  #   'leap_ca_daemon':
+  #     content => $x509['ca_cert'];
+  # }
 
 
   file { '/srv/leap_ca_daemon':