1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160
|
# OpenSSL Puppet Module
[![Puppet Forge Version](http://img.shields.io/puppetforge/v/camptocamp/openssl.svg)](https://forge.puppetlabs.com/camptocamp/openssl)
[![Puppet Forge Downloads](http://img.shields.io/puppetforge/dt/camptocamp/openssl.svg)](https://forge.puppetlabs.com/camptocamp/openssl)
[![Build Status](https://img.shields.io/travis/camptocamp/puppet-openssl/master.svg)](https://travis-ci.org/camptocamp/puppet-openssl)
[![Puppet Forge Endorsement](https://img.shields.io/puppetforge/e/camptocamp/openssl.svg)](https://forge.puppetlabs.com/camptocamp/openssl)
[![Gemnasium](https://img.shields.io/gemnasium/camptocamp/puppet-openssl.svg)](https://gemnasium.com/camptocamp/puppet-openssl)
[![By Camptocamp](https://img.shields.io/badge/by-camptocamp-fb7047.svg)](http://www.camptocamp.com)
**This module manages OpenSSL.**
## Class openssl
Make sure openssl is installed:
```puppet
include ::openssl
```
Specify openssl and ca-certificates package versions:
```puppet
class { '::openssl':
package_ensure => latest,
ca_certificates_ensure => latest,
}
```
## Types and providers
This module provides three types and associated providers to manage SSL keys and certificates.
In every case, not providing the password (or setting it to _undef_, which is the default) means that __the private key won't be encrypted__ with any symmetric cipher so __it is completely unprotected__.
### ssl\_pkey
This type allows to generate SSL private keys.
Simple usage:
```puppet
ssl_pkey { '/path/to/private.key': }
```
Advanced options:
```puppet
ssl_pkey { '/path/to/private.key':
ensure => 'present',
password => 'j(D$',
}
```
### x509\_cert
This type allows to generate SSL certificates from a private key. You need to deploy a `template` file (`templates/cert.cnf.erb` is an example).
Simple usage:
```puppet
x509_cert { '/path/to/certificate.crt': }
```
Advanced options:
```puppet
x509_cert { '/path/to/certificate.crt':
ensure => 'present',
password => 'j(D$',
template => '/other/path/to/template.cnf',
private_key => '/there/is/my/private.key',
days => 4536,
force => false,
}
```
### x509\_request
This type allows to generate SSL certificate signing requests from a private key. You need to deploy a `template` file (`templates/cert.cnf.erb` is an example).
Simple usage:
```puppet
x509_request { '/path/to/request.csr': }
```
Advanced options:
```puppet
x509_request { '/path/to/request.csr':
ensure => 'present',
password => 'j(D$',
template => '/other/path/to/template.cnf',
private_key => '/there/is/my/private.key',
force => false,
}
```
## Definitions
### openssl::certificate::x509
This definition is a wrapper around the `ssl_pkey`, `x509_cert` and `x509_request` types. It generates a certificate template, then generates the private key, certificate and certificate signing request and sets the owner of the files.
Simple usage:
```puppet
openssl::certificate::x509 { 'foo':
country => 'CH',
organization => 'Example.com',
commonname => $fqdn,
}
```
Advanced options:
```puppet
openssl::certificate::x509 { 'foo':
ensure => present,
country => 'CH',
organization => 'Example.com',
commonname => $fqdn,
state => 'Here',
locality => 'Myplace',
unit => 'MyUnit',
altnames => ['a.com', 'b.com', 'c.com'],
email => 'contact@foo.com',
days => 3456,
base_dir => '/var/www/ssl',
owner => 'www-data',
group => 'www-data',
password => 'j(D$',
force => false,
cnf_tpl => 'my_module/cert.cnf.erb'
}
```
### openssl::export::pkcs12
This definition generates a pkcs12 file:
```puppet
openssl::export::pkcs12 { 'foo':
ensure => 'present',
basedir => '/path/to/dir',
pkey => '/here/is/my/private.key',
cert => '/there/is/the/cert.crt',
in_pass => 'my_pkey_password',
out_pass => 'my_pkcs12_password',
}
```
## Contributing
Please report bugs and feature request using [GitHub issue
tracker](https://github.com/camptocamp/puppet-openssl/issues).
For pull requests, it is very much appreciated to check your Puppet manifest
with [puppet-lint](https://github.com/rodjek/puppet-lint) to follow the recommended Puppet style guidelines from the
[Puppet Labs style guide](http://docs.puppetlabs.com/guides/style_guide.html).
|