1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
#
# Provision an SSL keypair using what's already generated in:
# /etc/ssl/private/ssl-cert-snakeoil.key (private key) and
# /etc/ssl/certs/ssl-cert-snakeoil.pem (public cert).
#
# The result will be /etc/<service_name>/ssl/<private|public>/<FQDN>.<key|pem>
#
define oci::sslkeypair(
$notify_service_name = 'httpd',
){
file { "/etc/${name}/ssl":
ensure => directory,
owner => 'root',
mode => '0755',
selinux_ignore_defaults => true,
require => Anchor["${name}::install::end"],
}->
file { "/etc/${name}/ssl/private":
ensure => directory,
owner => 'root',
mode => '0755',
selinux_ignore_defaults => true,
}->
file { "/etc/${name}/ssl/public":
ensure => directory,
owner => 'root',
mode => '0755',
selinux_ignore_defaults => true,
}->
file { "/etc/${name}/ssl/private/${::fqdn}.pem":
ensure => present,
owner => "${name}",
source => "/etc/ssl/private/ssl-cert-snakeoil.key",
selinux_ignore_defaults => true,
mode => '0600',
}->
file { "/etc/${name}/ssl/public/${::fqdn}.crt":
ensure => present,
owner => "${name}",
source => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
selinux_ignore_defaults => true,
mode => '0644',
notify => Service[$notify_service_name],
}
}
|
