1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
#
# Provision an SSL keypair using what's already generated in:
# /etc/ssl/private/ssl-cert-snakeoil.key (private key) and
# /etc/ssl/certs/ssl-cert-snakeoil.pem (public cert).
#
# The result will be /etc/<service_name>/ssl/<private|public>/<FQDN>.<key|pem>
#
define oci::sslkeypair(
$notify_service_name = 'httpd',
$require_anchor = undef,
){
if $facts['networking']['fqdn'] {
$fqdn = $facts['networking']['fqdn']
}else{
$fqdn = $::fqdn
}
if $require_anchor {
$require_anchor_real = $require_anchor
}else{
$require_anchor_real = Anchor["${name}::install::end"]
}
File['/etc/ssl/private/ssl-cert-snakeoil.key'] -> File["/etc/${name}/ssl/private/${fqdn}.pem"]
File['/etc/ssl/certs/ssl-cert-snakeoil.pem'] -> File["/etc/${name}/ssl/public/${fqdn}.crt"]
file { "/etc/${name}/ssl":
ensure => directory,
owner => 'root',
mode => '0755',
selinux_ignore_defaults => true,
require => $require_anchor_real,
}->
file { "/etc/${name}/ssl/private":
ensure => directory,
owner => 'root',
mode => '0755',
selinux_ignore_defaults => true,
}->
file { "/etc/${name}/ssl/public":
ensure => directory,
owner => 'root',
mode => '0755',
selinux_ignore_defaults => true,
}->
file { "/etc/${name}/ssl/private/${fqdn}.pem":
ensure => present,
owner => "${name}",
source => "/etc/ssl/private/ssl-cert-snakeoil.key",
selinux_ignore_defaults => true,
mode => '0600',
}->
file { "/etc/${name}/ssl/public/${fqdn}.crt":
ensure => present,
owner => "${name}",
source => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
selinux_ignore_defaults => true,
mode => '0644',
notify => Service[$notify_service_name],
}
}
|
