Puppet Class: openshift::util::cacert

Defined in:
manifests/util/cacert.pp

Overview

openshift::util::cacert

Install additional CAs as trusted.

Parameters

(none)



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'manifests/util/cacert.pp', line 9

class openshift::util::cacert {
  ensure_packages(['ca-certificates'])

  $_anchor_dir = '/etc/pki/ca-trust/source/anchors'

  # As of December 7, 2016 "registry.access.redhat.com" is signed by
  # certificate authorities not included with the base system
  create_resources('file', {
    "${_anchor_dir}/DigiCertSHA2ExtendedValidationServerCA.pem" => {
      source => "puppet:///modules/${module_name}/DigiCertSHA2ExtendedValidationServerCA.pem",
    },
    "${_anchor_dir}/DigiCertSHA2HighAssuranceServerCA.pem" => {
      source => "puppet:///modules/${module_name}/DigiCertSHA2HighAssuranceServerCA.pem",
    },
  }, {
    ensure  => file,
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
    require => Package['ca-certificates'],
    notify  => Exec['openshift-update-ca-trust'],
  })

  Package['ca-certificates'] ->
  exec { 'openshift-update-ca-trust':
    refreshonly => true,
    command     => '/bin/update-ca-trust',
  }
}