Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use puppet-openssl and remove use of katello-certs-tool #453

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

Use puppet-openssl and remove use of katello-certs-tool #453

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3f81ab5
Drop absent file declarations
ehelms May 6, 2024
0e25381
Use puppet-openssl to handle the backend
ehelms May 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 7 additions & 4 deletions .fixtures.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
fixtures:
repositories:
extlib: "https://github.com/voxpupuli/puppet-extlib"
foreman: "https://github.com/theforeman/puppet-foreman"
redis: "https://github.com/voxpupuli/puppet-redis"
stdlib: "https://github.com/puppetlabs/puppetlabs-stdlib"
extlib: "https://github.com/voxpupuli/puppet-extlib"
foreman: "https://github.com/theforeman/puppet-foreman"
openssl:
repo: "https://github.com/ehelms/puppet-openssl"
branch: "ca-password"
redis: "https://github.com/voxpupuli/puppet-redis"
stdlib: "https://github.com/puppetlabs/puppetlabs-stdlib"
40 changes: 40 additions & 0 deletions fixtures/katello-certs-tool-ca/katello-default-ca.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
-----BEGIN CERTIFICATE-----
MIIG/zCCBOegAwIBAgIUEJSPbzfROxOw3z7dxrx7JZ8DmvEwDQYJKoZIhvcNAQEL
BQAwgYExCzAJBgNVBAYTAlVTMRcwFQYDVQQIDA5Ob3J0aCBDYXJvbGluYTEQMA4G
A1UEBwwHUmFsZWlnaDEQMA4GA1UECgwHS2F0ZWxsbzEUMBIGA1UECwwLU29tZU9y
Z1VuaXQxHzAdBgNVBAMMFmNlbnRvczgtNjQuZXhhbXBsZS5jb20wHhcNMjQwNTIw
MjIzNTI5WhcNMzgwMTE3MjIzNTI5WjCBgTELMAkGA1UEBhMCVVMxFzAVBgNVBAgM
Dk5vcnRoIENhcm9saW5hMRAwDgYDVQQHDAdSYWxlaWdoMRAwDgYDVQQKDAdLYXRl
bGxvMRQwEgYDVQQLDAtTb21lT3JnVW5pdDEfMB0GA1UEAwwWY2VudG9zOC02NC5l
eGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALaSYmvi
t4ocOb2h71lqfCx/e/11I+uA9JIYvdYv3JIDgyXqqM6hLJJZU0rHEcVcE+dUDw2L
UB2Sg+S1vXM4LhpBTKUvXpc6tlDFPNUszifIlk6+mOVu7T1ls070PWQbQ9oRyebV
nlnXjb7ffObcVWGHZTci8kyAXwOjiDKQF2KqBBc3PpppuFNFw8wEASfCgCVerTBa
ViFn6E6psikhe1j92cwPfJun/bVreNdoPNwsLJ6D6jm5sIpms6LdwEScRuweB3OG
5vmsb/7m35yvv35jypI1o4PtwJxHxcDHphnC3d8iNrBZ8kS8XpCIIWtQI5M3Ofb8
wvwKzyLt/r8mvI6GKm6/IwoK2k1nNGw22XUKdwWdAGgId4tdhXAfVuIUsvTmv9ce
m4nhmf32r2GGnIVAOQy7ZuBTh/7zXsFgVd6xl/nA8vOUYNEzlY+uC/jv/jeFQSyG
LcURzrsFEMya1Tl1S5UhIYI2LqCqywkF4EbY8VBijroX/EOK51Rf8i0A4GUS6E2i
EvMnhNXXnmpFKx60stABYBRIuXzF0kOufuO2DPPpvyQ5dR24e6gGnND9o83lUh58
mjuUwhCqnwEwg6N54HVas7nPG5lcLWPgcAxWnIHdmIeSgsrEVoRBUQUvqvX2iilw
dSoKq9UiKsht1pQV2AspJ0VSxS0WbYcCwLihAgMBAAGjggFrMIIBZzAMBgNVHRME
BTADAQH/MAsGA1UdDwQEAwIBpjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwEQYJYIZIAYb4QgEBBAQDAgJEMDUGCWCGSAGG+EIBDQQoFiZLYXRlbGxvIFNT
TCBUb29sIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUNlbGdCK5ZAa9
N7gZPsS0FSO5t9kwgcEGA1UdIwSBuTCBtoAUNlbGdCK5ZAa9N7gZPsS0FSO5t9mh
gYekgYQwgYExCzAJBgNVBAYTAlVTMRcwFQYDVQQIDA5Ob3J0aCBDYXJvbGluYTEQ
MA4GA1UEBwwHUmFsZWlnaDEQMA4GA1UECgwHS2F0ZWxsbzEUMBIGA1UECwwLU29t
ZU9yZ1VuaXQxHzAdBgNVBAMMFmNlbnRvczgtNjQuZXhhbXBsZS5jb22CFBCUj283
0TsTsN8+3ca8eyWfA5rxMA0GCSqGSIb3DQEBCwUAA4ICAQBvhQKiEmKr9oGpgTQ3
MHg+5iJsFyLL5IPN7JHp8tuFzX5+pHaLl4sgmNIOVxL1Ft4I0JkgPimFViqsJPAz
trUl5mZBW1MchA7H7+Qi/ZCctpk0fi04WeM+O0tpm9OPzlGGL5mQekCDQ1S7p+3M
xnk+rnIT6nmgqV5rg9cM+228Rd4cngU3HNsM8xx91UXKjz5eL9DIotl3iVU9wsQ1
X1Pi6+qHMPp7JrXBYmqbxTCDupBWpgWYyb4uw63TO/MVQBjck9RLgx3++hR7WUnC
VG0ONFPN41InSu+0EdA0fbM7zC3MjlwsX3WSPI39THRVQfyRrrglPMlt7bW8d5eb
gILD/e0kn1J0OmFchj5v3eUWdbCMnKCelJkhlwDGpirRu+kXRKy0zFGDkR+z8kvz
YBIdDEFyJ4qINAWNP4HHQkHUd/aDpHSbfAojVwEj1lsdHO4LJqpBp/LulBPm86D7
hBj86kv7YqXn/vOlZ4iGAoeA94PXORABZdPIlfkLGTRbHRPp2BcT06piwB8hwaAL
XrjWptfB3C1CFn81K86m6aBAkz83EYC+YkED23HVpUwpDEaViuDtUt74SfxuvW8H
/W+sZzlezCgwdIpkuC9M64HyHPuIuIbu0zZVSeMHvHwEbRMJeq3rwOZsuPLDkT3K
gxbEhBEPxtdiAzmH3W9+isXTng==
-----END CERTIFICATE-----
54 changes: 54 additions & 0 deletions fixtures/katello-certs-tool-ca/katello-default-ca.key
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJrTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIOklCZ8PO84QCAggA
MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBBr1RbWYKKKaEbyQpATz7vABIIJ
UEEj0gg4PP+JNEwcroBIvyNWaa+dTaOWQGp6yt6ewHpXB9a1gclci4XbyX7Jtw8S
WTOSR1vGrOARFTgLoXMLwy/XEKvm0ljKdWt8P1OMcYvbQnMvxs3Wq2xB7XIpF0iL
2/M2MD8c7OFEutJ583uXfyT2PjJjbHR+GQf0feeef5Q8s4s92+QNEGclFDqwWYOK
3zpINt6JD2XuyoLuJQW0NfsMZxy8FbefOrV4ThEunxQ8dfmBMrGEn5i2yylzqNLN
oR6Zlk/0LYBGgSNAMfCBSyTscHed0kwr4ggI7EUcjEd7q1eSDLFIh9jEpGook18e
eczkIu3BR5EcQafnnCn9+qNwDwFcbTxtSly7ol6zMaRas/ABja+ULHVoD31elI77
6hGCQNTDwywn4sq5JAMC23A4uqVvHZBh5+kF/cr+YeItOZgVqj3gL1PxK0yZRoL9
aHmqvYykvBnyrrIhaP08uCRGp7n6mzpx+oxyfXvzByOVwFw7TFe3sgiBPDzxwzGt
3qumvdQWhDoOa6bdoiaVou/dWrWOIWj+qpCPF3GZRzCDDBMMVSmtzncDJw20cBXG
7PwcMEqhFLkrxGCh0i6yHGxH8djxIxdkzsjd1GStLEdooRk4tuyfblu3teizM7sb
OtjR6anCpEZpil83q/o3CUs/9jNsJ9DxoYERUSONzUStpCWHHZwpPjx88BTCLch+
USO8XbhbVMccSp2ZdRrjxjhpR1Wc3sjwprVmcGBlvaOhOA3tg+AIi8dQwWEUxN34
1EQqKbdtcKNvaj2SrM7+ljG9CxO4N13UfE0SNAihDsFFT7Br8C+0cf4Io4egvY2N
eEjlZUSaY2xkCzKpkHb/fH3CGQvh9sGx5/FCHqM0dqveqKKhKwUcNNTSa869My8h
7VmhtGIhkpZBaX8U1LM2fa1n6MH/6rYQbWqtikYvbsSGTOjsVAUjd0/2nrKi3o6G
H1wofcZVW9QaOlyjM1cdSBBGlPxmDL90NUcRmj5agNuWRLHLEC8vB++MlfBp4Y2K
Jax+wtYlrSFeBkYbPwvjUHFkRNxT0PBtegRd9WCFosNbgyRAHQRwwZw1cvIPy/92
fMsTwImQ52vpjyWlN9qZmUsintZ8ChHaPLAeZ04KRU2Y05UwzmQrxHySCaCcuTjp
Ge5cVrkqkfL2KnCGbkigyoK88v+2LdCWs1HI64mVNGFgLNdPXIDe01YpdkqtYuB+
2e7PrbacFYjKSbQllZ95TvMSZ6KVr3BX9AVot68epR+JpNg+6DS9liz+Mgj+113A
SQqDw7wPeAjNudrRBnaaaQx4wuYrqNEBJR6PjgzbMBymtaSCFzBGYfSqJb4BXaBS
XTBYsxtXyyQSZjLRKg19ljIIowC/E4NKG4ftwmbWSauyIQnW0cjDFiuQNUqSQLI+
FmCsXU4+VLfSQc7TOfdRi8fLNy9wcChWreSXj8eM5pWJnYpBc/hFEpQndTFwmzqw
wZEOBpBN0TzlQLy5zhK3ukEk5+aSn0GZyMiSr104bGwIzI9tg9eX3qWvyZe2DLyb
IOBnYW2cr5O+RUDLV7fWE9s9/RLNNLYJPFl6fdTjzqPjP8wyFe1StUYa+xXjzsm0
ZPc4GedK5gfy79sSSsNblXx7EWRPjA6cTmAA6xmI0pF4HbuQBIUyPBkqbmlaCGxA
ex8N+dlWFjaRW7CWwoXYlYqE+iuhGcmplnfxk0AxlawfNdFjc6LMRvA7fchMqaXV
n+95YVrrU1e6f/oTFKwBRlVpb4ii0f8Udj+6aEg5xMPiib2omGX5yvNBR3w4xT5c
a6i3usk3E4akD9SaXLLCP80qEuELMhINiEyH97bnj+KfKFT4EOLCg+943ESsI0yD
b2bGnM6w744uQtRDjvXIQMorz4t+ouHCWGmmKUJzh2Bt8ekFis+H3X8y4WKvB5mU
SyFycGLlKM/ZgAXeFT9k2Kov8sBYIEycx4+bhL7L5CqF53xf4Q1WoHcM8ONhqGr9
/YLM9ImYtto9li8Zlb8mYCUZGZfLK0MSd4QXqVzcV47kSOOtQLVM5KXpjR/zvEgc
945XxLFXBvSKwqcNrmXjAa3PNbu7jIj1Ks5KFc9XlRhG8mya3ik7NKGG1DOXdsjt
FesUyn4OyP5nxjHW+64l4A06zUZoEeeJgxoPNs31ZmoWmSkVUDP+cXJUBhkc5UnX
YwShsw7EWzZI48Wmivo6yuqFPB1+VYyPk0iMRWctF3r31qSFrKYx+e3Juk/jUuUt
Z6qqE1eKd+/loOgg8nzOqCwHKbvI4wugQYuEgu4ANkNV+/SLqpxlwy8s2XF0cpUg
RoJOT37dr/n6zH2mdQHUhUuh4iQAX1fL34IDxuefFYA+bqx8ln8iOv16qIeOjyny
wuqo0SYDMBjZBIHxUQ9T4Y6CZ/nyfb89v5FJEuMmH22bUy/KMgasWZ7sFhE7/31G
E0FCWGtDsEIvNoAVEsDsSWHcYSvxNOaIMOtfvz8Ya09US3+fLIohbuDbXmeHflKo
L1cjvhH/caUulhqtF6AMtlAV4sRcdxyZfcA8HkHpRJSnJe2IabLLowCESnlOgCgt
RWvsTrSaglTL1/UeNe5aI01WYEwFb4N/ADtzUOqmYNpdxbLPwfQ3QazQ1co3SMXq
h1nbiCjZXxQaMzEKNlxxPGYAmqpk6opZy6bgN+GorI5kjyrqGlkILJH0GdHM4EwF
ZAL/SwjXdypHrl9gSjFxorL2dwFofmPTThgrujA0oD9X8ccQnDVzfcYKhgtJteFQ
zaeNljAsfuUY2Sqyf5VxSwtlHrOOBNjVbi+RFg57znpXKSWbno3I4JimVaqR6Qly
lE+bj1xIfrf/71FKj8EshthQhWBwjxf1eFg9lq3UEeuOEDIJH4ZcrBcYwLeVSmiZ
i+tiHnfqeU8/sFAQFYVBtsDZhDYV9Cr2bYHYYDvf4tSo8jf0xI0YLQVw/8iobld2
7rATD7ho9h6GE7UaU0OMePivGXJpK1If4IJUi6UCF+ibiILREehSBUmR9oE5jQrz
GRL8zu4/8sP+mw9LA0sxL5DG0eX6x/lJ4VTMFAlUiJH5DWt5bW9zNke5rMnTrBmN
spQ/vkC1W5YTH9RY5H6d5Sa1ft/OJbWqrbxAB5U73YCx4a18lb0r6Nkqb8JcYUCU
FamldCh+SbP3xYt9Mn7COqEM6jyUNyjXW8zew8Ksm9Ii
-----END ENCRYPTED PRIVATE KEY-----
1 change: 1 addition & 0 deletions fixtures/katello-certs-tool-ca/katello-default-ca.pwd
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
WJiNgAHTJia2249gwxCGk9VT
40 changes: 40 additions & 0 deletions fixtures/katello-certs-tool-ca/katello-server-ca.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
-----BEGIN CERTIFICATE-----
MIIG/zCCBOegAwIBAgIUEJSPbzfROxOw3z7dxrx7JZ8DmvEwDQYJKoZIhvcNAQEL
BQAwgYExCzAJBgNVBAYTAlVTMRcwFQYDVQQIDA5Ob3J0aCBDYXJvbGluYTEQMA4G
A1UEBwwHUmFsZWlnaDEQMA4GA1UECgwHS2F0ZWxsbzEUMBIGA1UECwwLU29tZU9y
Z1VuaXQxHzAdBgNVBAMMFmNlbnRvczgtNjQuZXhhbXBsZS5jb20wHhcNMjQwNTIw
MjIzNTI5WhcNMzgwMTE3MjIzNTI5WjCBgTELMAkGA1UEBhMCVVMxFzAVBgNVBAgM
Dk5vcnRoIENhcm9saW5hMRAwDgYDVQQHDAdSYWxlaWdoMRAwDgYDVQQKDAdLYXRl
bGxvMRQwEgYDVQQLDAtTb21lT3JnVW5pdDEfMB0GA1UEAwwWY2VudG9zOC02NC5l
eGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALaSYmvi
t4ocOb2h71lqfCx/e/11I+uA9JIYvdYv3JIDgyXqqM6hLJJZU0rHEcVcE+dUDw2L
UB2Sg+S1vXM4LhpBTKUvXpc6tlDFPNUszifIlk6+mOVu7T1ls070PWQbQ9oRyebV
nlnXjb7ffObcVWGHZTci8kyAXwOjiDKQF2KqBBc3PpppuFNFw8wEASfCgCVerTBa
ViFn6E6psikhe1j92cwPfJun/bVreNdoPNwsLJ6D6jm5sIpms6LdwEScRuweB3OG
5vmsb/7m35yvv35jypI1o4PtwJxHxcDHphnC3d8iNrBZ8kS8XpCIIWtQI5M3Ofb8
wvwKzyLt/r8mvI6GKm6/IwoK2k1nNGw22XUKdwWdAGgId4tdhXAfVuIUsvTmv9ce
m4nhmf32r2GGnIVAOQy7ZuBTh/7zXsFgVd6xl/nA8vOUYNEzlY+uC/jv/jeFQSyG
LcURzrsFEMya1Tl1S5UhIYI2LqCqywkF4EbY8VBijroX/EOK51Rf8i0A4GUS6E2i
EvMnhNXXnmpFKx60stABYBRIuXzF0kOufuO2DPPpvyQ5dR24e6gGnND9o83lUh58
mjuUwhCqnwEwg6N54HVas7nPG5lcLWPgcAxWnIHdmIeSgsrEVoRBUQUvqvX2iilw
dSoKq9UiKsht1pQV2AspJ0VSxS0WbYcCwLihAgMBAAGjggFrMIIBZzAMBgNVHRME
BTADAQH/MAsGA1UdDwQEAwIBpjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwEQYJYIZIAYb4QgEBBAQDAgJEMDUGCWCGSAGG+EIBDQQoFiZLYXRlbGxvIFNT
TCBUb29sIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUNlbGdCK5ZAa9
N7gZPsS0FSO5t9kwgcEGA1UdIwSBuTCBtoAUNlbGdCK5ZAa9N7gZPsS0FSO5t9mh
gYekgYQwgYExCzAJBgNVBAYTAlVTMRcwFQYDVQQIDA5Ob3J0aCBDYXJvbGluYTEQ
MA4GA1UEBwwHUmFsZWlnaDEQMA4GA1UECgwHS2F0ZWxsbzEUMBIGA1UECwwLU29t
ZU9yZ1VuaXQxHzAdBgNVBAMMFmNlbnRvczgtNjQuZXhhbXBsZS5jb22CFBCUj283
0TsTsN8+3ca8eyWfA5rxMA0GCSqGSIb3DQEBCwUAA4ICAQBvhQKiEmKr9oGpgTQ3
MHg+5iJsFyLL5IPN7JHp8tuFzX5+pHaLl4sgmNIOVxL1Ft4I0JkgPimFViqsJPAz
trUl5mZBW1MchA7H7+Qi/ZCctpk0fi04WeM+O0tpm9OPzlGGL5mQekCDQ1S7p+3M
xnk+rnIT6nmgqV5rg9cM+228Rd4cngU3HNsM8xx91UXKjz5eL9DIotl3iVU9wsQ1
X1Pi6+qHMPp7JrXBYmqbxTCDupBWpgWYyb4uw63TO/MVQBjck9RLgx3++hR7WUnC
VG0ONFPN41InSu+0EdA0fbM7zC3MjlwsX3WSPI39THRVQfyRrrglPMlt7bW8d5eb
gILD/e0kn1J0OmFchj5v3eUWdbCMnKCelJkhlwDGpirRu+kXRKy0zFGDkR+z8kvz
YBIdDEFyJ4qINAWNP4HHQkHUd/aDpHSbfAojVwEj1lsdHO4LJqpBp/LulBPm86D7
hBj86kv7YqXn/vOlZ4iGAoeA94PXORABZdPIlfkLGTRbHRPp2BcT06piwB8hwaAL
XrjWptfB3C1CFn81K86m6aBAkz83EYC+YkED23HVpUwpDEaViuDtUt74SfxuvW8H
/W+sZzlezCgwdIpkuC9M64HyHPuIuIbu0zZVSeMHvHwEbRMJeq3rwOZsuPLDkT3K
gxbEhBEPxtdiAzmH3W9+isXTng==
-----END CERTIFICATE-----
76 changes: 41 additions & 35 deletions manifests/apache.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@
String $city = $certs::city,
String $org = $certs::org,
String $org_unit = $certs::org_unit,
String $expiration = $certs::expiration,
Variant[Integer, String] $expiration = $certs::expiration,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd be open to a PR that already changes it from Strings to Integers prior to merging this.

Stdlib::Absolutepath $ca_key_password_file = $certs::ca_key_password_file,
String $group = $certs::group,
) inherits certs {
Expand All @@ -71,7 +71,7 @@

$apache_cert_path = "${certs::ssl_build_dir}/${hostname}/${apache_cert_name}"

if $server_cert {
if $generate {
ensure_resource(
'file',
"${certs::ssl_build_dir}/${hostname}",
Expand All @@ -82,41 +82,47 @@
'mode' => '0750',
}
)
file { "${apache_cert_path}.crt":
ensure => file,
source => $server_cert,
owner => 'root',
group => 'root',
mode => '0440',
}
file { "${apache_cert_path}.key":
ensure => file,
source => $server_key,
owner => 'root',
group => 'root',
mode => '0440',
}

$require_cert = File["${apache_cert_path}.crt"]
} else {
cert { $apache_cert_name:
ensure => present,
hostname => $hostname,
cname => $cname,
country => $country,
state => $state,
city => $city,
org => $org,
org_unit => $org_unit,
expiration => $expiration,
ca => $certs::default_ca,
generate => $generate,
regenerate => $regenerate,
password_file => $ca_key_password_file,
build_dir => $certs::ssl_build_dir,
}
if $server_cert {
file { "${apache_cert_path}.crt":
ensure => file,
source => $server_cert,
owner => 'root',
group => 'root',
mode => '0440',
}
file { "${apache_cert_path}.key":
ensure => file,
source => $server_key,
owner => 'root',
group => 'root',
mode => '0440',
}

$require_cert = File["${apache_cert_path}.crt"]
} else {
openssl::certificate::x509 { $apache_cert_name:
ensure => present,
commonname => $hostname,
country => $country,
state => $state,
locality => $city,
organization => $org,
unit => $org_unit,
altnames => $cname,
extkeyusage => ['serverAuth', 'clientAuth'],
days => $expiration,
base_dir => "${certs::ssl_build_dir}/${hostname}",
key_size => 4096,
force => true,
encrypted => false,
ca => "${certs::ssl_build_dir}/${certs::default_ca_name}.crt",
cakey => "${certs::ssl_build_dir}/${certs::default_ca_name}.key",
cakey_password => $certs::ca_key_password,
}

$require_cert = Cert[$apache_cert_name]
$require_cert = X509_cert["${apache_cert_path}.crt"]
}
}

if $deploy {
Expand Down
93 changes: 47 additions & 46 deletions manifests/ca.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,30 +23,42 @@
) {
$server_ca_path = "${certs::ssl_build_dir}/${server_ca_name}.crt"

file { "${certs::pki_dir}/private/${default_ca_name}.pwd":
ensure => absent,
}

file { $ca_key_password_file:
ensure => file,
content => $ca_key_password,
owner => 'root',
group => 'root',
mode => '0400',
show_diff => false,
} ~>
ca { $default_ca_name:
ensure => present,
common_name => $ca_common_name,
country => $country,
state => $state,
city => $city,
org => $org,
org_unit => $org_unit,
expiration => $ca_expiration,
generate => $generate,
password_file => $ca_key_password_file,
build_dir => $certs::ssl_build_dir,
}

openssl::config { "${certs::ssl_build_dir}/ca.cnf":
ensure => 'present',
commonname => $certs::node_fqdn,
country => $country,
state => $state,
locality => $city,
organization => $org,
unit => $org_unit,
default_keyfile => "${default_ca_name}.key",
basicconstraints => ['CA:true'],
keyusages => ['digitalSignature', 'keyEncipherment', 'keyCertSign', 'cRLSign'],
extendedkeyusages => ['serverAuth', 'clientAuth'],
}

ssl_pkey { "${certs::ssl_build_dir}/${default_ca_name}.key":
ensure => 'present',
password => $ca_key_password,
size => '4096',
}

x509_cert { "${certs::ssl_build_dir}/${default_ca_name}.crt":
ensure => 'present',
private_key => "${certs::ssl_build_dir}/${default_ca_name}.key",
days => $ca_expiration,
template => "${certs::ssl_build_dir}/ca.cnf",
password => $ca_key_password,
require => File["${certs::ssl_build_dir}/ca.cnf"],
}

if $certs::server_ca_cert {
Expand All @@ -59,43 +71,32 @@
}
} else {
file { $server_ca_path:
ensure => file,
source => "${certs::ssl_build_dir}/${default_ca_name}.crt",
owner => 'root',
group => 'root',
mode => '0644',
}
}

if $generate {
file { "${certs::ssl_build_dir}/KATELLO-TRUSTED-SSL-CERT":
ensure => link,
target => $server_ca_path,
require => File[$server_ca_path],
ensure => file,
source => "${certs::ssl_build_dir}/${default_ca_name}.crt",
owner => 'root',
group => 'root',
mode => '0644',
require => X509_cert["${certs::ssl_build_dir}/${default_ca_name}.crt"],
}
}

if $deploy {
# Ensure CA key deployed to /etc/pki/katello/private no longer exists
# The CA key is not used by anything from this directory and does not need to be deployed
file { $ca_key:
ensure => absent,
}

file { $certs::katello_default_ca_cert:
ensure => file,
source => "${certs::ssl_build_dir}/${default_ca_name}.crt",
owner => 'root',
group => 'root',
mode => '0644',
ensure => file,
source => "${certs::ssl_build_dir}/${default_ca_name}.crt",
owner => 'root',
group => 'root',
mode => '0644',
require => X509_cert["${certs::ssl_build_dir}/${default_ca_name}.crt"],
}

file { $katello_server_ca_cert:
ensure => file,
source => $server_ca_path,
owner => $owner,
group => $group,
mode => '0644',
ensure => file,
source => $server_ca_path,
owner => $owner,
group => $group,
mode => '0644',
require => File[$server_ca_path],
}
}
}
Loading
Loading