Puppet Class: ipa::install::server::pki
- Inherits:
- ipa
- Defined in:
- manifests/install/server/pki.pp
Overview
Private class to manage IPA PKI certificate server (Dogtag)
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
# File 'manifests/install/server/pki.pp', line 2
class ipa::install::server::pki (
String $ssl_protocol_range = $ipa::pki_ssl_protocol_range,
Optional[Array[String]] $ssl_ciphers = $ipa::pki_ssl_ciphers,
) inherits ipa {
$config_file = '/etc/pki/pki-tomcat/server.xml'
# Setup PKI CA service (Dogtag) with secure SSL settings
if $ssl_protocol_range {
exec { '/etc/pki/pki-tomcat/server.xml:sslVersionRangeStream':
command => "sed -i 's/sslVersionRangeStream=\"[^\"]*\"/sslVersionRangeStream=\"${ssl_protocol_range}\"/g' ${config_file}",
path => ['/bin', '/sbin', '/usr/sbin'],
unless => "grep -q 'sslVersionRangeStream=\"${ssl_protocol_range}\"' ${config_file}",
notify => Service['pki-tomcatd@pki-tomcat.service'],
}
exec { '/etc/pki/pki-tomcat/server.xml:sslVersionRangeDatagram':
command => "sed -i 's/sslVersionRangeDatagram=\"[^\"]*\"/sslVersionRangeDatagram=\"${ssl_protocol_range}\"/g' ${config_file}",
path => ['/bin', '/sbin', '/usr/sbin'],
unless => "grep -q 'sslVersionRangeDatagram=\"${ssl_protocol_range}\"' ${config_file}",
notify => Service['pki-tomcatd@pki-tomcat.service'],
}
}
if $ssl_ciphers {
$ciphers = $ssl_ciphers.join(',')
exec { '/etc/pki/pki-tomcat/server.xml:sslRangeCiphers':
command => "sed -i 's/sslRangeCiphers=\"[^\"]*\"/sslRangeCiphers=\"${ciphers}\"/g' ${config_file}",
path => ['/bin', '/sbin', '/usr/sbin'],
unless => "grep -q 'sslRangeCiphers=\"${ciphers}\"' ${config_file}",
notify => Service['pki-tomcatd@pki-tomcat.service'],
}
}
service { 'pki-tomcatd@pki-tomcat.service':
ensure => running,
}
}
|