From 0447e92ab5dcc3d8a07613a765c60db23252f278 Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Tue, 24 Sep 2013 17:55:22 +0200
Subject: added site_config::x509::client_ca::cert and
 site_config::x509::client_ca::key for client_ca deployment (#3917)

---
 puppet/modules/site_config/manifests/x509/client_ca.pp     | 14 --------------
 puppet/modules/site_config/manifests/x509/client_ca/ca.pp  | 14 ++++++++++++++
 puppet/modules/site_config/manifests/x509/client_ca/key.pp | 14 ++++++++++++++
 puppet/modules/site_webapp/templates/config.yml.erb        |  4 ++--
 4 files changed, 30 insertions(+), 16 deletions(-)
 delete mode 100644 puppet/modules/site_config/manifests/x509/client_ca.pp
 create mode 100644 puppet/modules/site_config/manifests/x509/client_ca/ca.pp
 create mode 100644 puppet/modules/site_config/manifests/x509/client_ca/key.pp

diff --git a/puppet/modules/site_config/manifests/x509/client_ca.pp b/puppet/modules/site_config/manifests/x509/client_ca.pp
deleted file mode 100644
index 3e914cf5..00000000
--- a/puppet/modules/site_config/manifests/x509/client_ca.pp
+++ /dev/null
@@ -1,14 +0,0 @@
-class site_config::x509::client_ca {
-
-  ##
-  ## This is for the special CA that is used exclusively for generating
-  ## client certificates by the webapp.
-  ##
-
-  $x509      = hiera('x509')
-  $client_ca = $x509['client_ca_cert']
-
-  x509::ca { $site_config::params::client_ca_name:
-    content => $client_ca
-  }
-}
diff --git a/puppet/modules/site_config/manifests/x509/client_ca/ca.pp b/puppet/modules/site_config/manifests/x509/client_ca/ca.pp
new file mode 100644
index 00000000..0f313898
--- /dev/null
+++ b/puppet/modules/site_config/manifests/x509/client_ca/ca.pp
@@ -0,0 +1,14 @@
+class site_config::x509::client_ca::ca {
+
+  ##
+  ## This is for the special CA that is used exclusively for generating
+  ## client certificates by the webapp.
+  ##
+
+  $x509 = hiera('x509')
+  $cert = $x509['client_ca_cert']
+
+  x509::ca { $site_config::params::client_ca_name:
+    content => $cert
+  }
+}
diff --git a/puppet/modules/site_config/manifests/x509/client_ca/key.pp b/puppet/modules/site_config/manifests/x509/client_ca/key.pp
new file mode 100644
index 00000000..f9ef3f52
--- /dev/null
+++ b/puppet/modules/site_config/manifests/x509/client_ca/key.pp
@@ -0,0 +1,14 @@
+class site_config::x509::client_ca::key {
+
+  ##
+  ## This is for the special CA that is used exclusively for generating
+  ## client certificates by the webapp.
+  ##
+
+  $x509 = hiera('x509')
+  $key  = $x509['client_ca_key']
+
+  x509::key { $site_config::params::client_ca_name:
+    content => $key
+  }
+}
diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb
index 0ce623fc..6b45abc2 100644
--- a/puppet/modules/site_webapp/templates/config.yml.erb
+++ b/puppet/modules/site_webapp/templates/config.yml.erb
@@ -3,8 +3,8 @@ production:
   admins: <%= @webapp['admins'].inspect %>
   domain: <%= @provider_domain %>
   force_ssl: <%= @webapp['secure'] %>
-  client_ca_key: <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.key
-  client_ca_cert: <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.crt
+  client_ca_key: <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::client_ca_name') %>.key
+  client_ca_cert: <%= scope.lookupvar('x509::variables::local_CAs') %>/<%= scope.lookupvar('site_config::params::client_ca_name') %>.crt
   secret_token: "<%= @secret_token %>"
   client_cert_lifespan: <%= cert_options['life_span'].to_i %>
   client_cert_bit_size: <%= cert_options['bit_size'].to_i %>
-- 
cgit v1.2.3


From 1adbf7af76b10d44a53de28d23f4c7167dc4f941 Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Tue, 24 Sep 2013 18:02:05 +0200
Subject: fix client_ca cert+key for mx service (Feature #3921)

---
 puppet/modules/site_mx/manifests/init.pp              | 3 ++-
 puppet/modules/site_postfix/manifests/mx.pp           | 6 ++++--
 puppet/modules/site_postfix/manifests/mx/smtp_auth.pp | 4 ----
 3 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/puppet/modules/site_mx/manifests/init.pp b/puppet/modules/site_mx/manifests/init.pp
index 52c5f1d6..cdb84b54 100644
--- a/puppet/modules/site_mx/manifests/init.pp
+++ b/puppet/modules/site_mx/manifests/init.pp
@@ -5,7 +5,8 @@ class site_mx {
   include site_config::x509::cert
   include site_config::x509::key
   include site_config::x509::ca
-  include site_config::x509::client_ca
+  include site_config::x509::client_ca::ca
+  include site_config::x509::client_ca::key
 
 
   include site_postfix::mx
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index d56b526f..abc0ab46 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -10,7 +10,8 @@ class site_postfix::mx {
 
   include site_config::x509::cert
   include site_config::x509::key
-  include site_config::x509::client_ca
+  include site_config::x509::client_ca::ca
+  include site_config::x509::client_ca::key
 
   postfix::config {
     'mydestination':
@@ -51,7 +52,8 @@ submission inet n        -       n       -       -       smtpd
     require             => [
       Class['Site_config::X509::Key'],
       Class['Site_config::X509::Cert'],
-      Class['Site_config::X509::Client_ca'],
+      Class['Site_config::X509::Client_ca::Key'],
+      Class['Site_config::X509::Client_ca::Ca'],
       User['vmail'] ]
   }
 }
diff --git a/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp b/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp
index ab75130e..afa70527 100644
--- a/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp
+++ b/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp
@@ -1,10 +1,6 @@
 class site_postfix::mx::smtp_auth {
-  $x509 = hiera('x509')
 
   postfix::config {
-    'smtpd_tls_cert_file': value => $x509['client_ca_cert'];
-    'smtpd_tls_key_file':  value => $x509['client_ca_key'];
     'smtpd_tls_ask_ccert': value => 'yes';
-    #'smtpd_tls_CAfile':    value =>
   }
 }
-- 
cgit v1.2.3


From 2a60f275d2ee5c0b93b8737fa80396817853ae83 Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Tue, 24 Sep 2013 19:15:16 +0200
Subject: webapp leftover for seperate cert and key deployment (Feature #3918)

---
 puppet/modules/site_webapp/manifests/init.pp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index e630875c..07d2b942 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -17,7 +17,8 @@ class site_webapp {
   include site_webapp::apache
   include site_webapp::couchdb
   include site_webapp::haproxy
-  include site_config::x509::cert_key
+  include site_config::x509::cert
+  include site_config::x509::key
   include site_config::x509::ca
 
   group { 'leap-webapp':
-- 
cgit v1.2.3


From 2aa2ab27860166b2846abbfd4ed2afc76576f714 Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Tue, 24 Sep 2013 19:20:34 +0200
Subject: deploy client_ca on webapp node

---
 puppet/modules/site_webapp/manifests/init.pp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index 07d2b942..c85a5ddc 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -20,6 +20,8 @@ class site_webapp {
   include site_config::x509::cert
   include site_config::x509::key
   include site_config::x509::ca
+  include site_config::x509::client_ca::ca
+  include site_config::x509::client_ca::key
 
   group { 'leap-webapp':
     ensure    => present,
-- 
cgit v1.2.3