Defined Type: ipsec::conf::ca

Defined in:
manifests/conf/ca.pp

Summary

Create a ca section within ipsec.conf file.

Overview

ipsec::conf::ca

All instances of ipsec::conf::ca resource will create ca sections within ipsec.conf file. However, ipsec::conf does contain a factory which creates these instanses from parameter ipsec::conf, it is allowed to create instances directly.

The resource takes parameter as described in Strongswan documentation (see link below).

Examples:

ipsec::conf::ca { 'myca':
  auto   => 'add',
  cacert => '/etc/ssl/certs/myca.pem',
  crluri => 'file:///etc/ssl/crls/myca_crl.pem'
}

Parameters:

  • also (Optional[String]) (defaults to: undef)
  • auto (Optional[Enum['ignore','add']]) (defaults to: undef)
  • cacert (Optional[String]) (defaults to: undef)
  • crluri (Optional[String]) (defaults to: undef)
  • crluri2 (Optional[String]) (defaults to: undef)
  • ocspuri (Optional[String]) (defaults to: undef)
  • ocspuri2 (Optional[String]) (defaults to: undef)
  • certuribase (Optional[String]) (defaults to: undef)
  • ldaphost (Optional[String]) (defaults to: undef)

See Also:



20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'manifests/conf/ca.pp', line 20

define ipsec::conf::ca(
  Optional[String]               $also = undef,
  Optional[Enum['ignore','add']] $auto = undef,
  Optional[String]               $cacert = undef,
  Optional[String]               $crluri = undef,
  Optional[String]               $crluri2 = undef,
  Optional[String]               $ocspuri = undef,
  Optional[String]               $ocspuri2 = undef,
  Optional[String]               $certuribase = undef,
  Optional[String]               $ldaphost = undef,
) {
  concat::fragment{ "ca ${name}":
    target  => lookup('ipsec::config::conf_file'),
    order   => 2,
    content => epp('ipsec/conf_ca.epp',
    {
      'name'        => $title,
      'also'        => $also,
      'auto'        => $auto,
      'cacert'      => $cacert,
      'crluri'      => $crluri,
      'crluri2'     => $crluri2,
      'ocspuri'     => $ocspuri,
      'ocspuri2'    => $ocspuri2,
      'certuribase' => $certuribase,
      'ldaphost'    => $ldaphost,
    }),
  }
}