Defined Type: openssl::dhparam

Defined in:
manifests/dhparam.pp

Summary

*DEPRECATED* Manage Diffie-Hellman parameter files

Overview

DEPRECATED This defined type will be removed in the next major release. Use the custom type [‘openssl_dhparam`](#openssl_dhparam) instead.

Examples:

Create a parameter file using default parameters


openssl::dhparam { '/etc/ssl/dhparam.pem': }

Create a parameter file using 4096 bits


openssl::dhparam { '/etc/ssl/dhparam.pem':
  bits => '4096',
}

Create a parameter file using non-default permissions


openssl::dhparam { '/etc/ssl/dhparam.pem':
  owner => 'www-data',
  group => 'www-data',
  mode  => '0640',
}

Parameters:

  • ensure (Enum['present','absent']) (defaults to: 'present')

    The state of the resource.

  • file (Stdlib::Absolutepath) (defaults to: $name)

    The file name where the DH parameters are stored on the node. Must be an absolute path.

  • bits (Enum['2048','3072','4096','5120','6144','7168','8192']) (defaults to: '2048')

    The number of bits to generate.

  • generator (Enum['2','5']) (defaults to: '2')

    The generator to use. Check the OpenSSL documentation for details about this parameter.

  • mode (Stdlib::Filemode) (defaults to: '0644')

    The file mode used for the resource.

  • owner (String) (defaults to: 'root')

    The file owner used for the resource.

  • group (Optional[String]) (defaults to: undef)

    The file group used for the resource.



48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'manifests/dhparam.pp', line 48

define openssl::dhparam (
  Enum['present','absent']                               $ensure    = 'present',
  Stdlib::Absolutepath                                   $file      = $name,
  Enum['2048','3072','4096','5120','6144','7168','8192'] $bits      = '2048',
  Enum['2','5']                                          $generator = '2',
  Stdlib::Filemode                                       $mode      = '0644',
  String                                                 $owner     = 'root',
  Optional[String]                                       $group     = undef,
) {
  # The base class must be included first
  unless defined(Class['openssl']) {
    fail('You must include the openssl base class before using any openssl defined resources')
  }

  # Create DH parameter file
  if ($ensure == 'present') {
    openssl_genparam { $file:
      ensure    => $ensure,
      algorithm => 'DH',
      bits      => $bits,
      generator => $generator,
      before    => File[$file],
    }
  }

  # Manage file owner/group/mode
  file { $file:
    ensure => $ensure,
    owner  => $owner,
    group  => pick($group, $openssl::root_group),
    mode   => $mode,
  }
}