Puppet Class: libreswan::config::pki

Defined in:
manifests/config/pki.pp

Summary

Ensure that the `simp/pki` PKI certificates are loaded into the IPSEC NSS Database.

Overview

Parameters:

  • app_pki_external_source (String) (defaults to: simplib::lookup('simp_options::pki::source', { 'default_value' => '/etc/pki/simp/x509' }))

    • If ‘$pki` = `’simp’‘ or `true`, this is the directory from which certs

    will be copied, via ‘pki::copy`.

    • If ‘$pki` = `false`, this variable has no effect.

  • app_pki_dir (Stdlib::Absolutepath) (defaults to: '/etc/pki/simp_apps/libreswan/x509')

    Controls the base path of the other ‘app_pki_*` parameters.

  • app_pki_key (Stdlib::Absolutepath) (defaults to: "${app_pki_dir}/private/${::fqdn}.pem")

    Path and name of the private SSL key file

  • app_pki_cert (Stdlib::Absolutepath) (defaults to: "${app_pki_dir}/public/${::fqdn}.pub")

    Path and name of the public SSL certificate

  • app_pki_ca (Stdlib::Absolutepath) (defaults to: "${app_pki_dir}/cacerts/cacerts.pem")

    Path and name of the CA.



20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'manifests/config/pki.pp', line 20

class libreswan::config::pki(
  String               $app_pki_external_source = simplib::lookup('simp_options::pki::source', { 'default_value' => '/etc/pki/simp/x509' }),
  Stdlib::Absolutepath $app_pki_dir             = '/etc/pki/simp_apps/libreswan/x509',
  Stdlib::Absolutepath $app_pki_cert            = "${app_pki_dir}/public/${::fqdn}.pub",
  Stdlib::Absolutepath $app_pki_key             = "${app_pki_dir}/private/${::fqdn}.pem",
  Stdlib::Absolutepath $app_pki_ca              = "${app_pki_dir}/cacerts/cacerts.pem"
){

  if $libreswan::pki {
    pki::copy { 'libreswan' :
      source => $app_pki_external_source,
      pki    => $libreswan::pki,
    }
  }
}