summaryrefslogtreecommitdiff
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/modules/site_config/manifests/x509/client_ca/ca.pp (renamed from puppet/modules/site_config/manifests/x509/client_ca.pp)8
-rw-r--r--puppet/modules/site_config/manifests/x509/client_ca/key.pp14
-rw-r--r--puppet/modules/site_mx/manifests/init.pp3
-rw-r--r--puppet/modules/site_postfix/manifests/mx.pp6
-rw-r--r--puppet/modules/site_postfix/manifests/mx/smtp_auth.pp4
-rw-r--r--puppet/modules/site_webapp/manifests/init.pp5
-rw-r--r--puppet/modules/site_webapp/templates/config.yml.erb4
7 files changed, 30 insertions, 14 deletions
diff --git a/puppet/modules/site_config/manifests/x509/client_ca.pp b/puppet/modules/site_config/manifests/x509/client_ca/ca.pp
index 3e914cf5..0f313898 100644
--- a/puppet/modules/site_config/manifests/x509/client_ca.pp
+++ b/puppet/modules/site_config/manifests/x509/client_ca/ca.pp
@@ -1,14 +1,14 @@
-class site_config::x509::client_ca {
+class site_config::x509::client_ca::ca {
##
## This is for the special CA that is used exclusively for generating
## client certificates by the webapp.
##
- $x509 = hiera('x509')
- $client_ca = $x509['client_ca_cert']
+ $x509 = hiera('x509')
+ $cert = $x509['client_ca_cert']
x509::ca { $site_config::params::client_ca_name:
- content => $client_ca
+ content => $cert
}
}
diff --git a/puppet/modules/site_config/manifests/x509/client_ca/key.pp b/puppet/modules/site_config/manifests/x509/client_ca/key.pp
new file mode 100644
index 00000000..f9ef3f52
--- /dev/null
+++ b/puppet/modules/site_config/manifests/x509/client_ca/key.pp
@@ -0,0 +1,14 @@
+class site_config::x509::client_ca::key {
+
+ ##
+ ## This is for the special CA that is used exclusively for generating
+ ## client certificates by the webapp.
+ ##
+
+ $x509 = hiera('x509')
+ $key = $x509['client_ca_key']
+
+ x509::key { $site_config::params::client_ca_name:
+ content => $key
+ }
+}
diff --git a/puppet/modules/site_mx/manifests/init.pp b/puppet/modules/site_mx/manifests/init.pp
index 52c5f1d6..cdb84b54 100644
--- a/puppet/modules/site_mx/manifests/init.pp
+++ b/puppet/modules/site_mx/manifests/init.pp
@@ -5,7 +5,8 @@ class site_mx {
include site_config::x509::cert
include site_config::x509::key
include site_config::x509::ca
- include site_config::x509::client_ca
+ include site_config::x509::client_ca::ca
+ include site_config::x509::client_ca::key
include site_postfix::mx
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index d56b526f..abc0ab46 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -10,7 +10,8 @@ class site_postfix::mx {
include site_config::x509::cert
include site_config::x509::key
- include site_config::x509::client_ca
+ include site_config::x509::client_ca::ca
+ include site_config::x509::client_ca::key
postfix::config {
'mydestination':
@@ -51,7 +52,8 @@ submission inet n - n - - smtpd
require => [
Class['Site_config::X509::Key'],
Class['Site_config::X509::Cert'],
- Class['Site_config::X509::Client_ca'],
+ Class['Site_config::X509::Client_ca::Key'],
+ Class['Site_config::X509::Client_ca::Ca'],
User['vmail'] ]
}
}
diff --git a/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp b/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp
index ab75130e..afa70527 100644
--- a/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp
+++ b/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp
@@ -1,10 +1,6 @@
class site_postfix::mx::smtp_auth {
- $x509 = hiera('x509')
postfix::config {
- 'smtpd_tls_cert_file': value => $x509['client_ca_cert'];
- 'smtpd_tls_key_file': value => $x509['client_ca_key'];
'smtpd_tls_ask_ccert': value => 'yes';
- #'smtpd_tls_CAfile': value =>
}
}
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index e630875c..c85a5ddc 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -17,8 +17,11 @@ class site_webapp {
include site_webapp::apache
include site_webapp::couchdb
include site_webapp::haproxy
- include site_config::x509::cert_key
+ include site_config::x509::cert
+ include site_config::x509::key
include site_config::x509::ca
+ include site_config::x509::client_ca::ca
+ include site_config::x509::client_ca::key
group { 'leap-webapp':
ensure => present,
diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb
index 0ce623fc..6b45abc2 100644
--- a/puppet/modules/site_webapp/templates/config.yml.erb
+++ b/puppet/modules/site_webapp/templates/config.yml.erb
@@ -3,8 +3,8 @@ production:
admins: <%= @webapp['admins'].inspect %>
domain: <%= @provider_domain %>
force_ssl: <%= @webapp['secure'] %>
- client_ca_key: <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.key
- client_ca_cert: <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.crt
+ client_ca_key: <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::client_ca_name') %>.key
+ client_ca_cert: <%= scope.lookupvar('x509::variables::local_CAs') %>/<%= scope.lookupvar('site_config::params::client_ca_name') %>.crt
secret_token: "<%= @secret_token %>"
client_cert_lifespan: <%= cert_options['life_span'].to_i %>
client_cert_bit_size: <%= cert_options['bit_size'].to_i %>