Puppet Class: hirs_provisioner::config

Defined in:
manifests/config.pp

Summary

Called from `hirs_provisioner` for service config

Overview

Parameters:

  • aca_fqdn (Simplib::Hostname) (defaults to: 'localhost')

    The fully qualified domain name of the Attestation Certificate Authority (ACA). This will also be used for the Broker and Portal FQDNs.

  • aca_port (Simplib::Port) (defaults to: 8443)

    The configured listening port for the ACA.

  • broker_port (Simplib::Port) (defaults to: 61616)

    The configured broker listening port for the ACA.

  • portal_port (Simplib::Port) (defaults to: 8443)

    The configured portal listening port for the ACA.



16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
 
# File 'manifests/config.pp', line 16

class hirs_provisioner::config (
  Simplib::Hostname $aca_fqdn    = 'localhost',
  Simplib::Port     $aca_port    = 8443,
  Simplib::Port     $broker_port = 61616,
  Simplib::Port     $portal_port = 8443
) {
  assert_private()

  exec {
    # generate hirs-site.config
    'hirs-provision-config':
      command => '/usr/sbin/hirs-provisioner -c',
      onlyif  => '/usr/bin/test ! -f /etc/hirs/hirs-site.config'
  }

  -> file_line {

    # set CLIENT_HOSTNAME
    'client-hostname':
      path  => '/etc/hirs/hirs-site.config',
      line  => 'CLIENT_HOSTNAME=$HOSTNAME',
      match => '^CLIENT_HOSTNAME=.*$';

    # set TPM_ENABLED
    # lint:ignore:variable_scope
    'tpm-enabled':
      path  => '/etc/hirs/hirs-site.config',
      line  => "TPM_ENABLED=${hirs_provisioner::_tpm_enabled}",
      match => '^TPM_ENABLED=.*$';
    # lint:endignore

    # set IMA_ENABLED
    'ima-enabled':
      path  => '/etc/hirs/hirs-site.config',
      line  => "IMA_ENABLED=${facts['cmdline']['ima'] == 'on'}",
      match => '^IMA_ENABLED=.*$';

    # set ATTESTATION_CA_FQDN
    'aca-fqdn':
      path  => '/etc/hirs/hirs-site.config',
      line  => "ATTESTATION_CA_FQDN=${aca_fqdn}",
      match => '^ATTESTATION_CA_FQDN=.*$';

    # set ATTESTATION_CA_Port
    'aca-port':
      path  => '/etc/hirs/hirs-site.config',
      line  => "ATTESTATION_CA_PORT=${aca_port}",
      match => '^ATTESTATION_CA_PORT=.*$';

    # set BROKER_FQDN
    'broker-fqdn':
      path  => '/etc/hirs/hirs-site.config',
      line  => "BROKER_FQDN=${aca_fqdn}",
      match => '^BROKER_FQDN=.*$';

    # set BROKER_PORT
    'broker-port':
      path  => '/etc/hirs/hirs-site.config',
      line  => "BROKER_PORT=${broker_port}",
      match => '^BROKER_PORT=.*$';

    # set PORTAL_FQDN
    'portal-fqdn':
      path  => '/etc/hirs/hirs-site.config',
      line  => "PORTAL_FQDN=${aca_fqdn}",
      match => '^PORTAL_FQDN=.*$';

    # set PORTAL_PORT
    'portal-port':
      path  => '/etc/hirs/hirs-site.config',
      line  => "PORTAL_PORT=${portal_port}",
      match => '^PORTAL_PORT=.*$'

  } ~> Exec['hirs-provision-client']

  # provision hirs client
  if $::hirs_provisioner::tpm_version == '2.0' {
    $_command = '/usr/sbin/hirs-provisioner-tpm2'
  } else {
    $_command = '/usr/sbin/hirs-provisioner'
  }

  exec {
    'hirs-provision-client':
      command     => "${_command} provision",
      refreshonly => true
  }
}