Puppet Plan: cd4peadm::upgrade::ensure_certs_in_hiera

Defined in:
plans/upgrade/ensure_certs_in_hiera.pp

Summary

Check if browser certificates are present in config; generate and save them if not.

Overview

This plan is required to run as part of upgrade from any 5.x version to 5.2.0, when the SSL keys became required in the Hiera config.

Parameters:

  • hiera_data_file_path (String) (defaults to: 'data/common.yaml')
  • pkcs7_public_key_path (String) (defaults to: 'keys/public_key.pkcs7.pem') 


7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
 
# File 'plans/upgrade/ensure_certs_in_hiera.pp', line 7

plan cd4peadm::upgrade::ensure_certs_in_hiera(
  String $hiera_data_file_path = 'data/common.yaml',
  String $pkcs7_public_key_path = 'keys/public_key.pkcs7.pem',
) {
  # This loads the yaml file without using hiera. We don't want hiera
  # to cache the value, since we're modifying the hash below.
  $hiera_config = loadyaml($hiera_data_file_path)

  $old_config = $hiera_config['cd4peadm::config']
  if $old_config['ssl_cert_chain'] == undef {
    out::message('No certs found in Hiera data, generating new browser certificates')
    cd4peadm::write_new_certs_to_hiera(
      $old_config,
      $hiera_data_file_path,
      $pkcs7_public_key_path,
    )
  }
}