diff options
author | Micah Anderson <micah@riseup.net> | 2012-11-22 14:32:41 -0500 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2012-11-22 14:32:41 -0500 |
commit | 8713c2804d22cbca0a2d4843befa0327ebc5b45e (patch) | |
tree | 6cece14dbb065994ed8815e98b35e80d3232dc97 |
Initial commit
-rw-r--r-- | manifests/base.pp | 45 | ||||
-rw-r--r-- | manifests/ca.pp | 15 | ||||
-rw-r--r-- | manifests/cert.pp | 14 | ||||
-rw-r--r-- | manifests/init.pp | 2 | ||||
-rw-r--r-- | manifests/key.pp | 14 | ||||
-rw-r--r-- | manifests/variables.pp | 7 |
6 files changed, 97 insertions, 0 deletions
diff --git a/manifests/base.pp b/manifests/base.pp new file mode 100644 index 0000000..f38f24f --- /dev/null +++ b/manifests/base.pp @@ -0,0 +1,45 @@ +class x509::base { + include x509::variables + + package { [ 'ssl-cert', 'ca-certificates' ]: + ensure => installed; + } + + group { 'ssl-cert': + ensure => present, + system => true, + require => Package['ssl-cert']; + } + + file { + $x509::variables::root: + ensure => directory, + mode => '0755' + owner => root, + group => root; + + $x509::variables::keys: + ensure => directory, + mode => '0700', + owner => root, + group => ssl-cert; + + $x509::variables::certs: + ensure => directory, + mode => '0755', + owner => root, + group => root; + + $x509::variables::local_CAs: + ensure => directory, + mode => '2775', + owner => root, + group => root; + } + + exec { 'update-ca-certificates': + command => '/usr/sbin/update-ca-certificates', + refreshonly => true, + subscribe => File[$x509::variables::local_CAs] + } +} diff --git a/manifests/ca.pp b/manifests/ca.pp new file mode 100644 index 0000000..dc862d3 --- /dev/null +++ b/manifests/ca.pp @@ -0,0 +1,15 @@ +define x509::ca ( + $source = "puppet:///modules/site_x509/files/CAs/${name}.crt" +) { + include x509::variables + include x509::base + + file { "${x509::variables::local_CAs}/${name}.crt" : + ensure => file, + mode => '0444', + group => 'ssl-cert', + source => $source, + require => [ Package['openssl'], Package['ca-certificates'] ], + notify => Exec['update-ca-certificates'], + } +} diff --git a/manifests/cert.pp b/manifests/cert.pp new file mode 100644 index 0000000..b6caa7b --- /dev/null +++ b/manifests/cert.pp @@ -0,0 +1,14 @@ +define x509::cert ( + $source = "puppet:///modules/site_x509/files/certs/${name}.crt", +) { + include x509::variables + include x509::base + + file { "${x509::variables::ssl_local_certs}/${name}.crt" : + ensure => file, + mode => '0444', + group => 'ssl-cert', + source => $source, + require => Package['openssl'], + } +} diff --git a/manifests/init.pp b/manifests/init.pp new file mode 100644 index 0000000..8283e48 --- /dev/null +++ b/manifests/init.pp @@ -0,0 +1,2 @@ +class x509 { +} diff --git a/manifests/key.pp b/manifests/key.pp new file mode 100644 index 0000000..f083a02 --- /dev/null +++ b/manifests/key.pp @@ -0,0 +1,14 @@ +define x509::key ( + $source = "puppet:///modules/site_x509/files/keys/${name}.key" +) { + include x509::variables + include x509::base + + file { "${x509::variables::keys}/${name}.key": + ensure => file, + mode => '0600', + group => 'ssl-cert', + source => $source, + require => Package['openssl'] + } +} diff --git a/manifests/variables.pp b/manifests/variables.pp new file mode 100644 index 0000000..e6bd235 --- /dev/null +++ b/manifests/variables.pp @@ -0,0 +1,7 @@ +class x509::variables { + $root = '/etc/x509' + $certs = "${root}/certs" + $keys = "${root}/keys" + $x509_chain = "${root}/certs" + $local_CAs = '/usr/local/share/ca-certificates' +} |