diff options
| -rw-r--r-- | puppet/modules/site_config/manifests/params.pp | 5 | ||||
| -rw-r--r-- | puppet/modules/site_config/manifests/x509.pp | 5 | ||||
| -rw-r--r-- | puppet/modules/site_openvpn/manifests/server_config.pp | 6 |
3 files changed, 11 insertions, 5 deletions
diff --git a/puppet/modules/site_config/manifests/params.pp b/puppet/modules/site_config/manifests/params.pp index a4657457..b434af90 100644 --- a/puppet/modules/site_config/manifests/params.pp +++ b/puppet/modules/site_config/manifests/params.pp @@ -23,6 +23,7 @@ class site_config::params { fail("unable to determine a valid interface, please set a valid interface for this node in nodes/${::hostname}.json") } - $ca_name = 'leap_ca' - $cert_name = 'leap' + $ca_name = 'leap_ca' + $ca_bundle_name = 'leap_ca_bundle' + $cert_name = 'leap' } diff --git a/puppet/modules/site_config/manifests/x509.pp b/puppet/modules/site_config/manifests/x509.pp index 879285dd..2660c523 100644 --- a/puppet/modules/site_config/manifests/x509.pp +++ b/puppet/modules/site_config/manifests/x509.pp @@ -4,6 +4,7 @@ class site_config::x509 { $key = $x509['key'] $cert = $x509['cert'] $ca = $x509['ca_cert'] + $client_ca = $x509['client_ca_cert'] x509::key { $site_config::params::cert_name: content => $key @@ -16,4 +17,8 @@ class site_config::x509 { x509::ca { $site_config::params::ca_name: content => $ca } + + x509::ca { $site_config::params::ca_bundle_name: + content => "${ca}${client_ca}" + } } diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp index 5ba9812f..befeaef7 100644 --- a/puppet/modules/site_openvpn/manifests/server_config.pp +++ b/puppet/modules/site_openvpn/manifests/server_config.pp @@ -80,15 +80,15 @@ define site_openvpn::server_config( openvpn::option { "ca ${openvpn_configname}": key => 'ca', - value => '/etc/openvpn/ca_bundle.pem', + value => "${x509::variables::local_CAs}/${site_config::params::ca_bundle_name}.crt", server => $openvpn_configname; "cert ${openvpn_configname}": key => 'cert', - value => '/etc/x509/certs/leap_openvpn.crt', + value => "${x509::variables::certs}/${site_config::params::cert_name}.crt", server => $openvpn_configname; "key ${openvpn_configname}": key => 'key', - value => '/etc/x509/keys/leap_openvpn.key', + value => "${x509::variables::keys}/${site_config::params::cert_name}.key", server => $openvpn_configname; "dh ${openvpn_configname}": key => 'dh', |