diff options
author | Micah <micah@leap.se> | 2016-07-12 16:45:54 -0400 |
---|---|---|
committer | Micah <micah@leap.se> | 2016-07-12 16:45:54 -0400 |
commit | f2019755fd724fb1020cb2d97cdf82b751450ebc (patch) | |
tree | 1c2bd3a4f03b84795ea0ce0b7ccc0f28a2ecbadd /puppet/modules/couchdb/manifests/ssl | |
parent | 81210aea5cf136194598e7a399ce307ecbe088f1 (diff) |
git subrepo clone https://leap.se/git/puppet_couchdb puppet/modules/couchdb
subrepo:
subdir: "puppet/modules/couchdb"
merged: "76ff149"
upstream:
origin: "https://leap.se/git/puppet_couchdb"
branch: "master"
commit: "76ff149"
git-subrepo:
version: "0.3.0"
origin: "https://github.com/ingydotnet/git-subrepo"
commit: "1e79595"
Change-Id: I9ccb1a9dfdaa083814ea395132c42a778052f59b
Diffstat (limited to 'puppet/modules/couchdb/manifests/ssl')
-rw-r--r-- | puppet/modules/couchdb/manifests/ssl/deploy_cert.pp | 28 | ||||
-rw-r--r-- | puppet/modules/couchdb/manifests/ssl/generate_cert.pp | 25 |
2 files changed, 53 insertions, 0 deletions
diff --git a/puppet/modules/couchdb/manifests/ssl/deploy_cert.pp b/puppet/modules/couchdb/manifests/ssl/deploy_cert.pp new file mode 100644 index 00000000..d3e743f1 --- /dev/null +++ b/puppet/modules/couchdb/manifests/ssl/deploy_cert.pp @@ -0,0 +1,28 @@ +define couchdb::ssl::deploy_cert ($cert, $key) { + + include couchdb::params + + file { 'couchdb_cert_directory': + ensure => 'directory', + path => $couchdb::params::cert_path, + mode => '0600', + owner => 'couchdb', + group => 'couchdb'; + } + + file { 'couchdb_cert': + path => "${couchdb::params::cert_path}/server_cert.pem", + mode => '0644', + owner => 'couchdb', + group => 'couchdb', + content => $cert + } + + file { 'couchdb_key': + path => "${couchdb::params::cert_path}/server_key.pem", + mode => '0600', + owner => 'couchdb', + group => 'couchdb', + content => $key + } +} diff --git a/puppet/modules/couchdb/manifests/ssl/generate_cert.pp b/puppet/modules/couchdb/manifests/ssl/generate_cert.pp new file mode 100644 index 00000000..a443250e --- /dev/null +++ b/puppet/modules/couchdb/manifests/ssl/generate_cert.pp @@ -0,0 +1,25 @@ +# configures cert for ssl access +class couchdb::ssl::generate_cert { + + ensure_packages('openssl') + + file { $couchdb::cert_path: + ensure => 'directory', + mode => '0600', + owner => 'couchdb', + group => 'couchdb'; + } + +exec { 'generate-certs': + command => "/usr/bin/openssl req -new -inform PEM -x509 -nodes -days 150 -subj \ +'/C=ZZ/ST=AutoSign/O=AutoSign/localityName=AutoSign/commonName=${::hostname}/organizationalUnitName=AutoSign/emailAddress=AutoSign/' \ +-newkey rsa:2048 -out ${couchdb::cert_path}/couchdb_cert.pem -keyout ${couchdb::cert_path}/couchdb_key.pem", + unless => "/usr/bin/test -f ${couchdb::cert_path}/couchdb_cert.pem && +/usr/bin/test -f ${couchdb::params::cert_path}/couchdb_key.pem", + require => [ + File[$couchdb::params::cert_path], + Exec['make-install'] + ], + notify => Service['couchdb'], + } +} |