141 lines
4.7 KiB
Puppet
141 lines
4.7 KiB
Puppet
# Copyright 2016 Hewlett Packard Enterprise Development Company, L.P.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
# == Class: phabricator::certificates
|
|
#
|
|
# Sets up SSL certificates for the module.
|
|
#
|
|
class phabricator::certificates (
|
|
# SSL Certificates.
|
|
$ssl_cert_file = $phabricator::vars::ssl_cert_file,
|
|
$ssl_cert_file_contents = $phabricator::vars::ssl_cert_file_contents,
|
|
$ssl_chain_file = $phabricator::vars::ssl_chain_file,
|
|
$ssl_chain_file_contents = $phabricator::vars::ssl_chain_file_contents,
|
|
$ssl_key_file = $phabricator::vars::ssl_key_file,
|
|
$ssl_key_file_contents = $phabricator::vars::ssl_key_file_contents,
|
|
) {
|
|
|
|
# To use the standard ssl-certs package snakeoil certificate, leave both
|
|
# $ssl_cert_file and $ssl_cert_file_contents empty. To use an existing
|
|
# certificate, specify its path for $ssl_cert_file and leave
|
|
# $ssl_cert_file_contents empty. To manage the certificate with puppet,
|
|
# provide $ssl_cert_file_contents and optionally specify the path to use for
|
|
# it in $ssl_cert_file.
|
|
if ($ssl_cert_file == undef) and ($ssl_cert_file_contents == undef) {
|
|
$cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
|
|
if ! defined(Package['ssl-cert']) {
|
|
package { 'ssl-cert':
|
|
ensure => present,
|
|
}
|
|
}
|
|
} else {
|
|
if $ssl_cert_file == undef {
|
|
$cert_file = "/etc/ssl/certs/${::fqdn}.pem"
|
|
if ! defined(File['/etc/ssl/certs']) {
|
|
file { '/etc/ssl/certs':
|
|
ensure => directory,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0755',
|
|
before => File[$cert_file],
|
|
}
|
|
}
|
|
} else {
|
|
$cert_file = $ssl_cert_file
|
|
}
|
|
if $ssl_cert_file_contents != undef {
|
|
file { $cert_file:
|
|
ensure => present,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0644',
|
|
content => $ssl_cert_file_contents,
|
|
}
|
|
}
|
|
}
|
|
|
|
# To avoid using an intermediate certificate chain, leave both
|
|
# $ssl_chain_file and $ssl_chain_file_contents empty. To use an existing
|
|
# chain, specify its path for $ssl_chain_file and leave
|
|
# $ssl_chain_file_contents empty. To manage the chain with puppet, provide
|
|
# $ssl_chain_file_contents and optionally specify the path to use for it in
|
|
# $ssl_chain_file.
|
|
if ($ssl_chain_file == undef) and ($ssl_chain_file_contents == undef) {
|
|
$chain_file = undef
|
|
} else {
|
|
if $ssl_chain_file == undef {
|
|
$chain_file = "/etc/ssl/certs/${::fqdn}_intermediate.pem"
|
|
if ! defined(File['/etc/ssl/certs']) {
|
|
file { '/etc/ssl/certs':
|
|
ensure => directory,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0755',
|
|
before => File[$chain_file],
|
|
}
|
|
}
|
|
} else {
|
|
$chain_file = $ssl_chain_file
|
|
}
|
|
if $ssl_chain_file_contents != undef {
|
|
file { $chain_file:
|
|
ensure => present,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0644',
|
|
content => $ssl_chain_file_contents,
|
|
}
|
|
}
|
|
}
|
|
|
|
# To use the standard ssl-certs package snakeoil key, leave both
|
|
# $ssl_key_file and $ssl_key_file_contents empty. To use an existing key,
|
|
# specify its path for $ssl_key_file and leave $ssl_key_file_contents empty.
|
|
# To manage the key with puppet, provide $ssl_key_file_contents and
|
|
# optionally specify the path to use for it in $ssl_key_file.
|
|
if ($ssl_key_file == undef) and ($ssl_key_file_contents == undef) {
|
|
$key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'
|
|
if ! defined(Package['ssl-cert']) {
|
|
package { 'ssl-cert':
|
|
ensure => present,
|
|
}
|
|
}
|
|
} else {
|
|
if $ssl_key_file == undef {
|
|
$key_file = "/etc/ssl/private/${::fqdn}.key"
|
|
if ! defined(File['/etc/ssl/private']) {
|
|
file { '/etc/ssl/private':
|
|
ensure => directory,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0700',
|
|
before => File[$key_file],
|
|
}
|
|
}
|
|
} else {
|
|
$key_file = $ssl_key_file
|
|
}
|
|
if $ssl_key_file_contents != undef {
|
|
file { $key_file:
|
|
ensure => present,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0600',
|
|
content => $ssl_key_file_contents,
|
|
}
|
|
}
|
|
}
|
|
|
|
}
|