Resource Type: openssl_dhparam

Defined in:
lib/puppet/type/openssl_dhparam.rb

Summary

Generate a file with Diffie-Hellman parameters

Overview

Generate Diffie-Hellman parameters for an TLS enabled application by specifying the number of bits and the generator number to use.

The type expects to find the “—–BEGIN DH PARAMETERS—–” token in the file or it will overwrite the file content with new parameters.

The type is refreshable and will generate new parameters if the resource is notified from another resource.

This type uses the Ruby OpenSSL library and does not need the ‘openssl` binary provided by the operating system.

Note: The creation of Diffie-Hellman parameters with a larger number of bits takes a significant amount of CPU time (sometimes multiple minutes). This might look as if the Puppet Agent is hanging.

Examples:

Generate Diffie-Hellman parameter file


openssl_dhparam { '/etc/postfix/dh2048.pem':
  owner   => 'root',
  group   => 'root',
  mode    => '0644'
  require => Package['postfix'],
  notify  => Service['postfix'],
}

Trigger refresh using another resource


openssl_dhparam { '/etc/postfix/dh2048.pem':
  subscribe => Package['postfix'],
}

Properties

  • ensure (defaults to: present)

    The basic property that the resource should be in.

    Supported values:
    • present
    • absent

Parameters

  • backup

    Specifies whether (and how) to back up the destination file before overwriting it. Your value gets passed on to Puppet’s native file resource for execution. Valid options: true, false, or a string representing either a target filebucket or a filename extension beginning with “.”.

  • bits (defaults to: 2048)

    The number of bits for the Diffie-Hellman parameters.

    Supported values:
    • 1024
    • 2048
    • 3072
    • 4096
    • 5120
    • 6144
    • 7168
    • 8192
  • generator (defaults to: 2)

    The generator number for the Diffie-Hellman parameters.

    Supported values:
    • 2
    • 5
  • group

    Specifies a permissions group for the destination file. Valid options: a string containing a group name or integer containing a gid.

  • mode

    Specifies the permissions mode of the destination file. Valid options: a string containing a permission mode value in octal notation.

  • owner

    Specifies the owner of the destination file. Valid options: a string containing a username or integer containing a uid.

  • path

    Specifies the destination file. Valid options: a string containing an absolute path. Default value: the title of your declared resource.

  • selinux_ignore_defaults

    See the file type’s selinux_ignore_defaults documentention: docs.puppetlabs.com/references/latest/type.html#file-attribute-selinux_ignore_defaults.

    Supported values:
    • true
    • false
    • yes
    • no
  • selrange

    See the file type’s selrange documentation: docs.puppetlabs.com/references/latest/type.html#file-attribute-selrange

  • selrole

    See the file type’s selrole documentation: docs.puppetlabs.com/references/latest/type.html#file-attribute-selrole

  • seltype

    See the file type’s seltype documentation: docs.puppetlabs.com/references/latest/type.html#file-attribute-seltype

  • seluser

    See the file type’s seluser documentation: docs.puppetlabs.com/references/latest/type.html#file-attribute-seluser

  • show_diff

    Specifies whether to set the show_diff parameter for the file resource.

    Supported values:
    • true
    • false
    • yes
    • no