diff options
| -rw-r--r-- | provider_base/services/ca.json | 3 | ||||
| -rw-r--r-- | puppet/modules/site_ca_daemon/manifests/init.pp | 30 | 
2 files changed, 23 insertions, 10 deletions
| diff --git a/provider_base/services/ca.json b/provider_base/services/ca.json index a4ded72b..3fb8bf6c 100644 --- a/provider_base/services/ca.json +++ b/provider_base/services/ca.json @@ -5,6 +5,7 @@    },    "service_type": "internal_service",    "x509": { -    "use": true +    "use": true, +    "ca_key": "= file(:ca_key, :missing => 'CA key. Run `leap cert ca` to create the Certificate Authority.')"    }  } diff --git a/puppet/modules/site_ca_daemon/manifests/init.pp b/puppet/modules/site_ca_daemon/manifests/init.pp index 34b2c522..29a70df8 100644 --- a/puppet/modules/site_ca_daemon/manifests/init.pp +++ b/puppet/modules/site_ca_daemon/manifests/init.pp @@ -31,21 +31,33 @@ class site_ca_daemon {    x509::key {      'leap_ca_daemon': -      content => $x509['key'], -      #notify  => Service[apache]; +      content => $x509['ca_key']; +      #notify  => Service['leap_ca_daemon']; <== no service yet for leap_ca_daemon    }    x509::cert {      'leap_ca_daemon': -      content => $x509['cert'], -      #notify  => Service[apache]; +      content => $x509['ca_cert']; +      #notify  => Service['leap_ca_daemon'];  <== no service yet for leap_ca_daemon    } -  x509::ca { -    'leap_ca_daemon': -      content => $x509['ca_cert'], -      #notify  => Service[apache]; -  } +  # +  # Does CA need a server key/cert? I think not now. +  # +  # x509::key { +  #   'server': +  #     content => $x509['key']; +  # } +  # +  # x509::cert { +  #   'server': +  #     content => $x509['cert']; +  # } + +  # x509::ca { +  #   'leap_ca_daemon': +  #     content => $x509['ca_cert']; +  # }    file { '/srv/leap_ca_daemon': | 
