Puppet Class: certs::qpid

Inherits:
certs
Defined in:
manifests/qpid.pp

Overview

Handles Qpid cert configuration

Parameters:

  • hostname (Stdlib::Fqdn) (defaults to: $certs::node_fqdn)
  • cname (Array[Stdlib::Fqdn]) (defaults to: $certs::cname)
  • generate (Boolean) (defaults to: $certs::generate)
  • regenerate (Boolean) (defaults to: $certs::regenerate)
  • deploy (Boolean) (defaults to: $certs::deploy)
  • country (String[2,2]) (defaults to: $certs::country)
  • state (String) (defaults to: $certs::state)
  • city (String) (defaults to: $certs::city)
  • org_unit (String) (defaults to: $certs::org_unit)
  • expiration (String) (defaults to: $certs::expiration)
  • ca_key_password_file (Stdlib::Absolutepath) (defaults to: $certs::ca_key_password_file)
  • pki_dir (Stdlib::Absolutepath) (defaults to: $certs::pki_dir)
  • ca_cert (Stdlib::Absolutepath) (defaults to: $certs::ca_cert)
  • qpidd_group (String) (defaults to: 'qpidd')
  • nss_cert_name (String) (defaults to: 'broker') 


2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 
# File 'manifests/qpid.pp', line 2

class certs::qpid (
  Stdlib::Fqdn $hostname = $certs::node_fqdn,
  Array[Stdlib::Fqdn] $cname = $certs::cname,
  Boolean $generate = $certs::generate,
  Boolean $regenerate = $certs::regenerate,
  Boolean $deploy = $certs::deploy,
  String[2,2] $country = $certs::country,
  String $state = $certs::state,
  String $city = $certs::city,
  String $org_unit = $certs::org_unit,
  String $expiration = $certs::expiration,
  Stdlib::Absolutepath $ca_key_password_file = $certs::ca_key_password_file,
  Stdlib::Absolutepath $pki_dir = $certs::pki_dir,
  Stdlib::Absolutepath $ca_cert = $certs::ca_cert,
  String $qpidd_group = 'qpidd',
  String $nss_cert_name = 'broker',
) inherits certs {
  $qpid_cert_name = "${hostname}-qpid-broker"

  cert { $qpid_cert_name:
    ensure        => present,
    hostname      => $hostname,
    cname         => concat($cname, 'localhost'),
    country       => $country,
    state         => $state,
    city          => $city,
    org           => 'pulp',
    org_unit      => $org_unit,
    expiration    => $expiration,
    ca            => $certs::default_ca,
    generate      => $generate,
    regenerate    => $regenerate,
    deploy        => false,
    password_file => $ca_key_password_file,
    build_dir     => $certs::ssl_build_dir,
  }

  if $deploy {
    include certs::ssltools::nssdb
    $nss_db_dir = $certs::ssltools::nssdb::nss_db_dir
    $nss_db_password_file = $certs::ssltools::nssdb::nss_db_password_file

    $client_cert            = "${pki_dir}/certs/${qpid_cert_name}.crt"
    $client_key             = "${pki_dir}/private/${qpid_cert_name}.key"

    # Ensure files located at /etc/pki/katello no longer exist
    file { $client_key:
      ensure  => absent,
    }

    file { $client_cert:
      ensure  => absent,
    }

    nssdb_certificate { "${nss_db_dir}:ca":
      ensure        => present,
      certificate   => $ca_cert,
      trustargs     => 'TCu,Cu,Tuw',
      password_file => $nss_db_password_file,
    }

    nssdb_certificate { "${nss_db_dir}:${nss_cert_name}":
      ensure        => present,
      certificate   => "${certs::ssl_build_dir}/${hostname}/${qpid_cert_name}.crt",
      private_key   => "${certs::ssl_build_dir}/${hostname}/${qpid_cert_name}.key",
      trustargs     => ',,',
      password_file => $nss_db_password_file,
    }
  }
}