Puppet Class: certs::iop_advisor_engine

Inherits:
certs
Defined in:
manifests/iop_advisor_engine.pp

Overview

Contains certs specific configurations for advisor

Parameters:

  • hostname (Stdlib::Fqdn) (defaults to: 'localhost')
  • generate (Boolean) (defaults to: $certs::generate)
  • regenerate (Boolean) (defaults to: $certs::regenerate)
  • deploy (Boolean) (defaults to: $certs::deploy)
  • country (String[2,2]) (defaults to: $certs::country)
  • state (String) (defaults to: $certs::state)
  • city (String) (defaults to: $certs::city)
  • org (String) (defaults to: $certs::org)
  • org_unit (String) (defaults to: $certs::org_unit)
  • expiration (String) (defaults to: $certs::expiration)
  • ca_key_password_file (Stdlib::Absolutepath) (defaults to: $certs::ca_key_password_file)
  • owner (String) (defaults to: 'root')
  • group (String) (defaults to: 'root')
  • private_key_mode (Stdlib::Filemode) (defaults to: '0440')
  • public_key_mode (Stdlib::Filemode) (defaults to: '0444') 


2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
 
# File 'manifests/iop_advisor_engine.pp', line 2

class certs::iop_advisor_engine (
  Stdlib::Fqdn $hostname = 'localhost',
  Boolean $generate = $certs::generate,
  Boolean $regenerate = $certs::regenerate,
  Boolean $deploy = $certs::deploy,
  String[2,2] $country = $certs::country,
  String $state = $certs::state,
  String $city = $certs::city,
  String $org = $certs::org,
  String $org_unit = $certs::org_unit,
  String $expiration = $certs::expiration,
  Stdlib::Absolutepath $ca_key_password_file = $certs::ca_key_password_file,
  String $owner = 'root',
  String $group = 'root',
  Stdlib::Filemode $private_key_mode = '0440',
  Stdlib::Filemode $public_key_mode = '0444',
) inherits certs {
  include certs::foreman_proxy

  $server_cert_name = "${hostname}-iop-advisor-server"

  cert { $server_cert_name:
    ensure        => present,
    hostname      => $hostname,
    country       => $country,
    state         => $state,
    city          => $city,
    org           => $org,
    org_unit      => $org_unit,
    expiration    => $expiration,
    ca            => $certs::default_ca,
    generate      => $generate,
    regenerate    => $regenerate,
    password_file => $ca_key_password_file,
    build_dir     => $certs::ssl_build_dir,
  }

  $cert_directory = '/etc/iop-advisor-engine'

  $server_cert = "${cert_directory}/server.cert"
  $server_key = "${cert_directory}/server.key"
  $server_ca_cert = $certs::katello_server_ca_cert

  $client_cert = $certs::foreman_proxy::foreman_ssl_cert
  $client_key = $certs::foreman_proxy::foreman_ssl_key
  $client_ca_cert = $certs::foreman_proxy::foreman_ssl_ca_cert

  $directory_ensure = $deploy ? {
    true  => 'directory',
    false => 'absent',
  }

  $keypair_ensure = $deploy ? {
    true  => 'present',
    false => 'absent',
  }

  file { $cert_directory:
    ensure => $directory_ensure,
    mode   => '0755',
    owner  => $owner,
    group  => $group,
    force  => true,
  }

  certs::keypair { $server_cert_name:
    source_dir  => "${certs::ssl_build_dir}/${hostname}",
    key_ensure  => $keypair_ensure,
    key_file    => $server_key,
    key_owner   => $owner,
    key_group   => $group,
    key_mode    => $private_key_mode,
    cert_ensure => $keypair_ensure,
    cert_file   => $server_cert,
    cert_owner  => $owner,
    cert_group  => $group,
    cert_mode   => $public_key_mode,
    require     => Cert[$server_cert_name],
  }
}