diff options
| author | varac <varacanero@zeromail.org> | 2013-09-13 15:55:09 +0200 |
|---|---|---|
| committer | varac <varacanero@zeromail.org> | 2013-09-13 15:55:29 +0200 |
| commit | 3a9569ca027dccef87509323f08407e60039d9a9 (patch) | |
| tree | 6d3e8688570cc5d94b84debc4759f4dd248315d5 | |
| parent | a6c19295e276da865f6c66963ed761d3ebc7dc99 (diff) | |
Deploy default x509 cert + key that services can use (Feature #3836)
| -rw-r--r-- | puppet/modules/site_config/manifests/default.pp | 13 | ||||
| -rw-r--r-- | puppet/modules/site_config/manifests/params.pp | 3 | ||||
| -rw-r--r-- | puppet/modules/site_config/manifests/x509.pp | 19 |
3 files changed, 24 insertions, 11 deletions
diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index dd0d37f7..b315044a 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -55,15 +55,6 @@ class site_config::default { include site_squid_deb_proxy::client } - # Set up leap ca - $x509 = hiera('x509') - $ca = $x509['ca_cert'] - $ca_name = 'leap_ca' - - x509::ca { $ca_name: - content => $ca, - before => [ - Class['Site_openvpn::Keys'], - Class['Site_stunnel'] ] - } + include site_config::x509 + } diff --git a/puppet/modules/site_config/manifests/params.pp b/puppet/modules/site_config/manifests/params.pp index 237ee454..20697042 100644 --- a/puppet/modules/site_config/manifests/params.pp +++ b/puppet/modules/site_config/manifests/params.pp @@ -22,4 +22,7 @@ class site_config::params { else { fail("unable to determine a valid interface, please set a valid interface for this node in nodes/${::hostname}.json") } + + $ca_name = 'leap_ca' + $cert_name = 'leap' } diff --git a/puppet/modules/site_config/manifests/x509.pp b/puppet/modules/site_config/manifests/x509.pp new file mode 100644 index 00000000..879285dd --- /dev/null +++ b/puppet/modules/site_config/manifests/x509.pp @@ -0,0 +1,19 @@ +class site_config::x509 { + + $x509 = hiera('x509') + $key = $x509['key'] + $cert = $x509['cert'] + $ca = $x509['ca_cert'] + + x509::key { $site_config::params::cert_name: + content => $key + } + + x509::cert { $site_config::params::cert_name: + content => $cert + } + + x509::ca { $site_config::params::ca_name: + content => $ca + } +} |