73 lines
1.6 KiB
Puppet
73 lines
1.6 KiB
Puppet
notice('MODULAR: ssl_add_trust_chain.pp')
|
|
|
|
$public_ssl_hash = hiera('public_ssl')
|
|
$ssl_hash = hiera_hash('use_ssl', {})
|
|
|
|
Exec {
|
|
path => '/bin:/usr/bin:/sbin:/usr/sbin',
|
|
}
|
|
|
|
File {
|
|
ensure => file,
|
|
}
|
|
|
|
define file_link {
|
|
$service = $name
|
|
if !empty(file("/etc/pki/tls/certs/public_${service}.pem",'/dev/null')) {
|
|
file { "/usr/local/share/ca-certificates/${service}_public_haproxy.crt":
|
|
source => "/etc/pki/tls/certs/public_${service}.pem",
|
|
}
|
|
}
|
|
}
|
|
|
|
if !empty($ssl_hash) {
|
|
$services = [ 'horizon', 'keystone', 'nova', 'heat', 'glance', 'cinder',
|
|
'neutron', 'swift', 'sahara', 'murano', 'ceilometer', 'radosgw']
|
|
|
|
file_link { $services: }
|
|
|
|
} elsif !empty($public_ssl_hash) {
|
|
case $::osfamily {
|
|
'RedHat': {
|
|
file { '/etc/pki/ca-trust/source/anchors/public_haproxy.pem':
|
|
source => '/etc/pki/tls/certs/public_haproxy.pem',
|
|
}
|
|
}
|
|
|
|
'Debian': {
|
|
file { '/usr/local/share/ca-certificates/public_haproxy.crt':
|
|
source => '/etc/pki/tls/certs/public_haproxy.pem',
|
|
}
|
|
}
|
|
|
|
default: {
|
|
fail("Unsupported OS: ${::osfamily}/${::operatingsystem}")
|
|
}
|
|
}
|
|
}
|
|
|
|
case $::osfamily {
|
|
'RedHat': {
|
|
exec { 'enable_trust':
|
|
command => 'update-ca-trust force-enable',
|
|
refreshonly => true,
|
|
notify => Exec['add_trust']
|
|
}
|
|
|
|
File <||> ~> Exec['enable_trust']
|
|
}
|
|
|
|
'Debian': {
|
|
File <||> ~> Exec['add_trust']
|
|
}
|
|
|
|
default: {
|
|
fail("Unsupported OS: ${::osfamily}/${::operatingsystem}")
|
|
}
|
|
}
|
|
|
|
exec { 'add_trust':
|
|
command => 'update-ca-certificates',
|
|
refreshonly => true,
|
|
}
|