diff options
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/modules/site_config/manifests/x509/client_ca/ca.pp (renamed from puppet/modules/site_config/manifests/x509/client_ca.pp) | 8 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/x509/client_ca/key.pp | 14 | ||||
-rw-r--r-- | puppet/modules/site_mx/manifests/init.pp | 3 | ||||
-rw-r--r-- | puppet/modules/site_postfix/manifests/mx.pp | 6 | ||||
-rw-r--r-- | puppet/modules/site_postfix/manifests/mx/smtp_auth.pp | 4 | ||||
-rw-r--r-- | puppet/modules/site_webapp/manifests/init.pp | 5 | ||||
-rw-r--r-- | puppet/modules/site_webapp/templates/config.yml.erb | 4 |
7 files changed, 30 insertions, 14 deletions
diff --git a/puppet/modules/site_config/manifests/x509/client_ca.pp b/puppet/modules/site_config/manifests/x509/client_ca/ca.pp index 3e914cf5..0f313898 100644 --- a/puppet/modules/site_config/manifests/x509/client_ca.pp +++ b/puppet/modules/site_config/manifests/x509/client_ca/ca.pp @@ -1,14 +1,14 @@ -class site_config::x509::client_ca { +class site_config::x509::client_ca::ca { ## ## This is for the special CA that is used exclusively for generating ## client certificates by the webapp. ## - $x509 = hiera('x509') - $client_ca = $x509['client_ca_cert'] + $x509 = hiera('x509') + $cert = $x509['client_ca_cert'] x509::ca { $site_config::params::client_ca_name: - content => $client_ca + content => $cert } } diff --git a/puppet/modules/site_config/manifests/x509/client_ca/key.pp b/puppet/modules/site_config/manifests/x509/client_ca/key.pp new file mode 100644 index 00000000..f9ef3f52 --- /dev/null +++ b/puppet/modules/site_config/manifests/x509/client_ca/key.pp @@ -0,0 +1,14 @@ +class site_config::x509::client_ca::key { + + ## + ## This is for the special CA that is used exclusively for generating + ## client certificates by the webapp. + ## + + $x509 = hiera('x509') + $key = $x509['client_ca_key'] + + x509::key { $site_config::params::client_ca_name: + content => $key + } +} diff --git a/puppet/modules/site_mx/manifests/init.pp b/puppet/modules/site_mx/manifests/init.pp index 52c5f1d6..cdb84b54 100644 --- a/puppet/modules/site_mx/manifests/init.pp +++ b/puppet/modules/site_mx/manifests/init.pp @@ -5,7 +5,8 @@ class site_mx { include site_config::x509::cert include site_config::x509::key include site_config::x509::ca - include site_config::x509::client_ca + include site_config::x509::client_ca::ca + include site_config::x509::client_ca::key include site_postfix::mx diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index d56b526f..abc0ab46 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -10,7 +10,8 @@ class site_postfix::mx { include site_config::x509::cert include site_config::x509::key - include site_config::x509::client_ca + include site_config::x509::client_ca::ca + include site_config::x509::client_ca::key postfix::config { 'mydestination': @@ -51,7 +52,8 @@ submission inet n - n - - smtpd require => [ Class['Site_config::X509::Key'], Class['Site_config::X509::Cert'], - Class['Site_config::X509::Client_ca'], + Class['Site_config::X509::Client_ca::Key'], + Class['Site_config::X509::Client_ca::Ca'], User['vmail'] ] } } diff --git a/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp b/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp index ab75130e..afa70527 100644 --- a/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp +++ b/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp @@ -1,10 +1,6 @@ class site_postfix::mx::smtp_auth { - $x509 = hiera('x509') postfix::config { - 'smtpd_tls_cert_file': value => $x509['client_ca_cert']; - 'smtpd_tls_key_file': value => $x509['client_ca_key']; 'smtpd_tls_ask_ccert': value => 'yes'; - #'smtpd_tls_CAfile': value => } } diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index e630875c..c85a5ddc 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -17,8 +17,11 @@ class site_webapp { include site_webapp::apache include site_webapp::couchdb include site_webapp::haproxy - include site_config::x509::cert_key + include site_config::x509::cert + include site_config::x509::key include site_config::x509::ca + include site_config::x509::client_ca::ca + include site_config::x509::client_ca::key group { 'leap-webapp': ensure => present, diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb index 0ce623fc..6b45abc2 100644 --- a/puppet/modules/site_webapp/templates/config.yml.erb +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -3,8 +3,8 @@ production: admins: <%= @webapp['admins'].inspect %> domain: <%= @provider_domain %> force_ssl: <%= @webapp['secure'] %> - client_ca_key: <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.key - client_ca_cert: <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.crt + client_ca_key: <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::client_ca_name') %>.key + client_ca_cert: <%= scope.lookupvar('x509::variables::local_CAs') %>/<%= scope.lookupvar('site_config::params::client_ca_name') %>.crt secret_token: "<%= @secret_token %>" client_cert_lifespan: <%= cert_options['life_span'].to_i %> client_cert_bit_size: <%= cert_options['bit_size'].to_i %> |