Puppet Class: libreswan::config::pki::nsspki
- Defined in:
- manifests/config/pki/nsspki.pp
Summary
Ensure that the PKI certificates are loaded into the NSS Database used by the IPSEC process.Overview
Called when the certificates change or when the database is initialized.
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
# File 'manifests/config/pki/nsspki.pp', line 8
class libreswan::config::pki::nsspki(
String[1] $certname = $facts['fqdn'],
) {
assert_private()
Class['libreswan::config::pki'] ~> Class['libreswan::config::pki::nsspki']
# Currently for libreswan version 3.15 the secrets file must be
# updated with name of the certificate to use from the NSS database.
file { $libreswan::secretsfile:
ensure => file,
owner => root,
mode => '0400',
content => ": RSA \"${certname}\"",
}
$_fips = $libreswan::fips or $facts['fips_enabled']
libreswan::nss::init_db { "NSSDB ${::libreswan::ipsecdir}":
dbdir => $libreswan::ipsecdir,
password => $libreswan::nssdb_password,
nsspassword => $libreswan::nsspassword,
token => $libreswan::token,
fips => $_fips,
require => File['/etc/ipsec.conf'],
}
libreswan::nss::loadcacerts{ 'CA_for_connections' :
cert => $libreswan::config::pki::app_pki_ca,
dbdir => $libreswan::ipsecdir,
token => $libreswan::token,
nsspwd_file => $libreswan::nsspassword,
subscribe => Libreswan::Nss::Init_db["NSSDB ${::libreswan::ipsecdir}"]
}
libreswan::nss::loadcerts{ $certname :
dbdir => $libreswan::ipsecdir,
nsspwd_file => $libreswan::nsspassword,
cert => $libreswan::config::pki::app_pki_cert,
key => $libreswan::config::pki::app_pki_key,
token => $libreswan::token,
subscribe => Libreswan::Nss::Init_db["NSSDB ${::libreswan::ipsecdir}"]
}
}
|