-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathmanual.pp
More file actions
83 lines (70 loc) · 1.7 KB
/
manual.pp
File metadata and controls
83 lines (70 loc) · 1.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
# Manual certificate
# TODO: lets not accept expired cert from users.
# need to update the underlying module
# openssl::cert_date_valid($_cert_file)
define profile::system::certs::manual (
String $key,
String $cert,
Stdlib::Absolutepath $base_dir_parts,
Stdlib::Absolutepath $base_dir_combined,
Stdlib::Fqdn $domain = $title,
Optional[String] $ca = undef,
Optional[Array[Stdlib::Port]] $ports = undef,
) {
$_parts_dir = "${base_dir_parts}/${name}"
$_cert_file = "${_parts_dir}/cert.pem"
$_cert_key = "${_parts_dir}/key.pem"
$_cert_ca = "${_parts_dir}/ca.pem"
$_cert_combined = "${base_dir_combined}/${name}.pem"
File {
ensure => 'file',
owner => 'root',
group => 'root',
mode => '0400',
noop => false,
}
file { $_parts_dir:
ensure => 'directory',
}
file {
default:
require => File[$_parts_dir],
notify => File[$_cert_combined],
;
$_cert_file:
content => "${cert}\n",
mode => '0600',
;
$_cert_key:
content => "${key}\n",
;
}
if $ca {
file { $_cert_ca:
content => "${ca}\n",
require => File[$_parts_dir],
notify => File[$_cert_combined],
}
}
$_cert_combined_parts = [
$_cert_key,
$_cert_file,
if $ca {
$_cert_ca
},
].delete_undef_values
$key_and_cert = join([$key, $cert], "\n")
file { $_cert_combined:
content => $key_and_cert,
}
$_domain = extract_common_name($cert)
if $ports.empty {
monitor::domains { $_domain: }
} else {
$ports.each |$port| {
monitor::domains { "${_domain}_${port}":
domain => "https://${_domain}:${port}",
}
}
}
}