1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
#
# Manages /etc/systemd/system/puppet.service.d/oci-ca-cert.conf
#
class oci::puppet_oci_ca_cert(
$self_signed_api_cert = true,
){
file { "/etc/systemd/system/puppet.service.d":
ensure => directory,
owner => 'root',
mode => '0755',
selinux_ignore_defaults => true,
}
$str = "[Service]
Environment=OS_CACERT=/etc/ssl/certs/oci-pki-oci-ca-chain.pem
"
if $self_signed_api_cert {
file { "/etc/systemd/system/puppet.service.d/oci-ca-cert.conf":
ensure => present,
owner => 'root',
mode => '0644',
content => $str,
selinux_ignore_defaults => true,
}
# This one influences the way puppet is ran
# from oci-puppet, and is often forgotten
# when switching from self-signed to a real
# SSL certificate.
file { "/etc/oci/self-signed-api-cert":
ensure => directory,
owner => 'root',
mode => '0755',
selinux_ignore_defaults => true,
}
}else{
file { "/etc/systemd/system/puppet.service.d/oci-ca-cert.conf":
ensure => absent,
owner => 'root',
mode => '0644',
selinux_ignore_defaults => true,
}
file { "/etc/oci/self-signed-api-cert":
ensure => absent,
force => true,
selinux_ignore_defaults => true,
}
}
}
|
