Adding key_size option on the certmonger_certificate function

certmonger_certificate function currently does not support
creating certificates with private keys stronger than 2048bits.
Adding a key_size option.

key_size option were added on puppet_certmonger on the v2.6.0
upstream: https://github.com/saltedsignal/puppet-certmonger/releases/tag/v2.6.0

Change-Id: I4da96f2164cf1d136f9471f1d6251bdd8cfd2d0b
This commit is contained in:
Raildo 2020-10-09 10:52:26 -03:00 committed by Raildo Mascena de Sousa Filho
parent eaca38aa67
commit 190aebca60
23 changed files with 132 additions and 1 deletions

@ -35,7 +35,7 @@ mod 'fdio',
mod 'certmonger', mod 'certmonger',
:git => 'https://github.com/saltedsignal/puppet-certmonger', :git => 'https://github.com/saltedsignal/puppet-certmonger',
:ref => 'v1.1.1' :ref => 'v2.6.0'
mod 'ptp', mod 'ptp',
:git => 'https://github.com/redhat-nfvpe/ptp', :git => 'https://github.com/redhat-nfvpe/ptp',

@ -39,6 +39,10 @@
# (Optional) The service principal that is set for the service in kerberos. # (Optional) The service principal that is set for the service in kerberos.
# Defaults to undef # Defaults to undef
# #
# [*key_size*]
# (Optional) Specifies the private key size used when creating the certificate.
# Defaults to 2048bits.
#
class tripleo::certmonger::ceph_dashboard ( class tripleo::certmonger::ceph_dashboard (
$hostname, $hostname,
$service_certificate, $service_certificate,
@ -46,6 +50,7 @@ class tripleo::certmonger::ceph_dashboard (
$postsave_cmd = undef, $postsave_cmd = undef,
$certmonger_ca = hiera('certmonger_ca', 'local'), $certmonger_ca = hiera('certmonger_ca', 'local'),
$principal = undef, $principal = undef,
$key_size = 2048,
) { ) {
ensure_resource('file', '/usr/bin/certmonger-dashboard-refresh.sh', { ensure_resource('file', '/usr/bin/certmonger-dashboard-refresh.sh', {
@ -64,6 +69,7 @@ class tripleo::certmonger::ceph_dashboard (
principal => $principal, principal => $principal,
postsave_cmd => $postsave_cmd, postsave_cmd => $postsave_cmd,
ca => $certmonger_ca, ca => $certmonger_ca,
key_size => $key_size,
wait => true, wait => true,
require => Class['::certmonger'], require => Class['::certmonger'],
} }

@ -39,6 +39,10 @@
# (Optional) The service principal that is set for the service in kerberos. # (Optional) The service principal that is set for the service in kerberos.
# Defaults to undef # Defaults to undef
# #
# [*key_size*]
# (Optional) Specifies the private key size used when creating the certificate.
# Defaults to 2048bits.
#
class tripleo::certmonger::ceph_grafana ( class tripleo::certmonger::ceph_grafana (
$hostname, $hostname,
$service_certificate, $service_certificate,
@ -46,6 +50,7 @@ class tripleo::certmonger::ceph_grafana (
$postsave_cmd = undef, $postsave_cmd = undef,
$certmonger_ca = hiera('certmonger_ca', 'local'), $certmonger_ca = hiera('certmonger_ca', 'local'),
$principal = undef, $principal = undef,
$key_size = 2048,
) { ) {
ensure_resource('file', '/usr/bin/certmonger-grafana-refresh.sh', { ensure_resource('file', '/usr/bin/certmonger-grafana-refresh.sh', {
@ -64,6 +69,7 @@ class tripleo::certmonger::ceph_grafana (
principal => $principal, principal => $principal,
postsave_cmd => $postsave_cmd, postsave_cmd => $postsave_cmd,
ca => $certmonger_ca, ca => $certmonger_ca,
key_size => $key_size,
wait => true, wait => true,
require => Class['::certmonger'], require => Class['::certmonger'],
} }

@ -42,6 +42,10 @@
# (Optional) The service principal that is set for the service in kerberos. # (Optional) The service principal that is set for the service in kerberos.
# Defaults to undef # Defaults to undef
# #
# [*key_size*]
# (Optional) Specifies the private key size used when creating the certificate.
# Defaults to 2048bits.
#
class tripleo::certmonger::ceph_rgw ( class tripleo::certmonger::ceph_rgw (
$hostname, $hostname,
$service_certificate, $service_certificate,
@ -50,6 +54,7 @@ class tripleo::certmonger::ceph_rgw (
$postsave_cmd = undef, $postsave_cmd = undef,
$certmonger_ca = hiera('certmonger_ca', 'local'), $certmonger_ca = hiera('certmonger_ca', 'local'),
$principal = undef, $principal = undef,
$key_size = 2048,
) { ) {
ensure_resource('file', '/usr/bin/certmonger-rgw-refresh.sh', { ensure_resource('file', '/usr/bin/certmonger-rgw-refresh.sh', {
@ -68,6 +73,7 @@ class tripleo::certmonger::ceph_rgw (
principal => $principal, principal => $principal,
postsave_cmd => $postsave_cmd, postsave_cmd => $postsave_cmd,
ca => $certmonger_ca, ca => $certmonger_ca,
key_size => $key_size,
wait => true, wait => true,
require => Class['::certmonger'], require => Class['::certmonger'],
} }

@ -44,6 +44,10 @@
# (Optional) The haproxy service principal that is set for etcd in kerberos. # (Optional) The haproxy service principal that is set for etcd in kerberos.
# Defaults to undef # Defaults to undef
# #
# [*key_size*]
# (Optional) Specifies the private key size used when creating the certificate.
# Defaults to 2048bits.
#
class tripleo::certmonger::etcd ( class tripleo::certmonger::etcd (
$hostname, $hostname,
$service_certificate, $service_certificate,
@ -52,6 +56,7 @@ class tripleo::certmonger::etcd (
$dnsnames = $hostname, $dnsnames = $hostname,
$postsave_cmd = undef, $postsave_cmd = undef,
$principal = undef, $principal = undef,
$key_size = 2048,
) { ) {
include certmonger include certmonger
@ -70,6 +75,7 @@ class tripleo::certmonger::etcd (
dnsname => $dnsnames, dnsname => $dnsnames,
principal => $principal, principal => $principal,
postsave_cmd => $postsave_cmd, postsave_cmd => $postsave_cmd,
key_size => $key_size,
ca => $certmonger_ca, ca => $certmonger_ca,
wait => true, wait => true,
require => Class['::certmonger'], require => Class['::certmonger'],

@ -48,6 +48,10 @@
# The post-save-command that certmonger will use once it renews the # The post-save-command that certmonger will use once it renews the
# certificate. # certificate.
# #
# [*key_size*]
# (Optional) Specifies the private key size used when creating the certificate.
# Defaults to 2048bits.
#
define tripleo::certmonger::haproxy ( define tripleo::certmonger::haproxy (
$service_pem, $service_pem,
$service_certificate, $service_certificate,
@ -57,6 +61,7 @@ define tripleo::certmonger::haproxy (
$dnsnames = undef, $dnsnames = undef,
$principal = undef, $principal = undef,
$postsave_cmd = undef, $postsave_cmd = undef,
$key_size = 2048,
){ ){
include certmonger include certmonger
include haproxy::params include haproxy::params
@ -103,6 +108,7 @@ define tripleo::certmonger::haproxy (
keyfile => $service_key, keyfile => $service_key,
postsave_cmd => $postsave_cmd, postsave_cmd => $postsave_cmd,
principal => $principal_real, principal => $principal_real,
key_size => $key_size,
eku => ['id-kp-clientAuth', 'id-kp-serverAuth'], eku => ['id-kp-clientAuth', 'id-kp-serverAuth'],
wait => true, wait => true,
tag => 'haproxy-cert', tag => 'haproxy-cert',

@ -44,6 +44,10 @@
# [*principal*] # [*principal*]
# The haproxy service principal that is set for HAProxy in kerberos. # The haproxy service principal that is set for HAProxy in kerberos.
# #
# [*key_size*]
# (Optional) Specifies the private key size used when creating the certificate.
# Defaults to 2048bits.
#
define tripleo::certmonger::httpd ( define tripleo::certmonger::httpd (
$hostname, $hostname,
$service_certificate, $service_certificate,
@ -52,6 +56,7 @@ define tripleo::certmonger::httpd (
$dnsnames = undef, $dnsnames = undef,
$postsave_cmd = undef, $postsave_cmd = undef,
$principal = undef, $principal = undef,
$key_size = 2048,
) { ) {
include certmonger include certmonger
include apache::params include apache::params
@ -71,6 +76,7 @@ define tripleo::certmonger::httpd (
principal => $principal, principal => $principal,
postsave_cmd => $postsave_cmd, postsave_cmd => $postsave_cmd,
ca => $certmonger_ca, ca => $certmonger_ca,
key_size => $key_size,
wait => true, wait => true,
tag => 'apache-cert', tag => 'apache-cert',
require => Class['::certmonger'], require => Class['::certmonger'],

@ -40,6 +40,10 @@
# (Optional) The service principal that is set for the service in kerberos. # (Optional) The service principal that is set for the service in kerberos.
# Defaults to undef # Defaults to undef
# #
# [*key_size*]
# (Optional) Specifies the private key size used when creating the certificate.
# Defaults to 2048bits.
#
define tripleo::certmonger::libvirt ( define tripleo::certmonger::libvirt (
$hostname, $hostname,
$service_certificate, $service_certificate,
@ -47,6 +51,7 @@ define tripleo::certmonger::libvirt (
$certmonger_ca = hiera('certmonger_ca', 'local'), $certmonger_ca = hiera('certmonger_ca', 'local'),
$postsave_cmd = undef, $postsave_cmd = undef,
$principal = undef, $principal = undef,
$key_size = 2048,
) { ) {
include certmonger include certmonger
include nova::params include nova::params
@ -61,6 +66,7 @@ define tripleo::certmonger::libvirt (
principal => $principal, principal => $principal,
postsave_cmd => $postsave_cmd_real, postsave_cmd => $postsave_cmd_real,
ca => $certmonger_ca, ca => $certmonger_ca,
key_size => $key_size,
wait => true, wait => true,
tag => 'libvirt-cert', tag => 'libvirt-cert',
require => Class['::certmonger'], require => Class['::certmonger'],

@ -48,6 +48,10 @@
# (Optional) Service to reload when certificate is created/renewed # (Optional) Service to reload when certificate is created/renewed
# Defaults to $::nova::params::libvirt_service_name # Defaults to $::nova::params::libvirt_service_name
# #
# [*key_size*]
# (Optional) Specifies the private key size used when creating the certificate.
# Defaults to 2048bits.
#
define tripleo::certmonger::libvirt_vnc ( define tripleo::certmonger::libvirt_vnc (
$hostname, $hostname,
$service_certificate, $service_certificate,
@ -57,6 +61,7 @@ define tripleo::certmonger::libvirt_vnc (
$principal = undef, $principal = undef,
$cacertfile = undef, $cacertfile = undef,
$notify_service = undef, $notify_service = undef,
$key_size = 2048,
) { ) {
include certmonger include certmonger
include nova::params include nova::params
@ -74,6 +79,7 @@ define tripleo::certmonger::libvirt_vnc (
principal => $principal, principal => $principal,
postsave_cmd => $postsave_cmd_real, postsave_cmd => $postsave_cmd_real,
ca => $certmonger_ca, ca => $certmonger_ca,
key_size => $key_size,
cacertfile => $cacertfile, cacertfile => $cacertfile,
wait => true, wait => true,
tag => 'libvirt-cert', tag => 'libvirt-cert',

@ -40,6 +40,10 @@
# (Optional) The service principal that is set for the service in kerberos. # (Optional) The service principal that is set for the service in kerberos.
# Defaults to undef # Defaults to undef
# #
# [*key_size*]
# (Optional) Specifies the private key size used when creating the certificate.
# Defaults to 2048bits.
#
class tripleo::certmonger::memcached ( class tripleo::certmonger::memcached (
$hostname, $hostname,
$service_certificate, $service_certificate,
@ -47,6 +51,7 @@ class tripleo::certmonger::memcached (
$certmonger_ca = hiera('certmonger_ca', 'local'), $certmonger_ca = hiera('certmonger_ca', 'local'),
$postsave_cmd = '/usr/bin/certmonger-memcached-refresh.sh', $postsave_cmd = '/usr/bin/certmonger-memcached-refresh.sh',
$principal = undef, $principal = undef,
$key_size = 2048,
) { ) {
include certmonger include certmonger
@ -66,6 +71,7 @@ class tripleo::certmonger::memcached (
principal => $principal, principal => $principal,
postsave_cmd => $postsave_cmd, postsave_cmd => $postsave_cmd,
ca => $certmonger_ca, ca => $certmonger_ca,
key_size => $key_size,
wait => true, wait => true,
require => Class['::certmonger'], require => Class['::certmonger'],
} }

@ -40,6 +40,10 @@
# (Optional) The haproxy service principal that is set for metrics_qdr in kerberos. # (Optional) The haproxy service principal that is set for metrics_qdr in kerberos.
# Defaults to undef # Defaults to undef
# #
# [*key_size*]
# (Optional) Specifies the private key size used when creating the certificate.
# Defaults to 2048bits.
#
class tripleo::certmonger::metrics_qdr ( class tripleo::certmonger::metrics_qdr (
$hostname, $hostname,
$service_certificate, $service_certificate,
@ -47,6 +51,7 @@ class tripleo::certmonger::metrics_qdr (
$certmonger_ca = hiera('certmonger_ca', 'local'), $certmonger_ca = hiera('certmonger_ca', 'local'),
$postsave_cmd = undef, $postsave_cmd = undef,
$principal = undef, $principal = undef,
$key_size = 2048,
) { ) {
include certmonger include certmonger
include qdr::params include qdr::params
@ -67,6 +72,7 @@ class tripleo::certmonger::metrics_qdr (
principal => $principal, principal => $principal,
postsave_cmd => $postsave_cmd, postsave_cmd => $postsave_cmd,
ca => $certmonger_ca, ca => $certmonger_ca,
key_size => $key_size,
wait => true, wait => true,
require => Class['::certmonger'], require => Class['::certmonger'],
} }

@ -46,6 +46,10 @@
# (Optional) The haproxy service principal that is set for MySQL in kerberos. # (Optional) The haproxy service principal that is set for MySQL in kerberos.
# Defaults to undef # Defaults to undef
# #
# [*key_size*]
# (Optional) Specifies the private key size used when creating the certificate.
# Defaults to 2048bits.
#
class tripleo::certmonger::mysql ( class tripleo::certmonger::mysql (
$hostname, $hostname,
$service_certificate, $service_certificate,
@ -54,6 +58,7 @@ class tripleo::certmonger::mysql (
$dnsnames = $hostname, $dnsnames = $hostname,
$postsave_cmd = undef, $postsave_cmd = undef,
$principal = undef, $principal = undef,
$key_size = 2048,
) { ) {
include certmonger include certmonger
@ -66,6 +71,7 @@ class tripleo::certmonger::mysql (
principal => $principal, principal => $principal,
postsave_cmd => $postsave_cmd, postsave_cmd => $postsave_cmd,
ca => $certmonger_ca, ca => $certmonger_ca,
key_size => $key_size,
wait => true, wait => true,
require => Class['::certmonger'], require => Class['::certmonger'],
} }

@ -38,6 +38,10 @@
# (Optional) The haproxy service principal that is set for neutron in kerberos. # (Optional) The haproxy service principal that is set for neutron in kerberos.
# Defaults to undef # Defaults to undef
# #
# [*key_size*]
# (Optional) Specifies the private key size used when creating the certificate.
# Defaults to 2048bits.
#
class tripleo::certmonger::neutron ( class tripleo::certmonger::neutron (
$hostname, $hostname,
$service_certificate, $service_certificate,
@ -45,6 +49,7 @@ class tripleo::certmonger::neutron (
$certmonger_ca = hiera('certmonger_ca', 'local'), $certmonger_ca = hiera('certmonger_ca', 'local'),
$postsave_cmd = undef, $postsave_cmd = undef,
$principal = undef, $principal = undef,
$key_size = 2048,
) { ) {
include certmonger include certmonger
@ -64,6 +69,7 @@ class tripleo::certmonger::neutron (
principal => $principal, principal => $principal,
postsave_cmd => $postsave_cmd, postsave_cmd => $postsave_cmd,
ca => $certmonger_ca, ca => $certmonger_ca,
key_size => $key_size,
wait => true, wait => true,
require => Class['::certmonger'], require => Class['::certmonger'],
} }

@ -38,6 +38,10 @@
# (Optional) The haproxy service principal that is set for neutron in kerberos. # (Optional) The haproxy service principal that is set for neutron in kerberos.
# Defaults to undef # Defaults to undef
# #
# [*key_size*]
# (Optional) Specifies the private key size used when creating the certificate.
# Defaults to 2048bits.
#
class tripleo::certmonger::neutron_ovn ( class tripleo::certmonger::neutron_ovn (
$hostname, $hostname,
$service_certificate, $service_certificate,
@ -45,6 +49,7 @@ class tripleo::certmonger::neutron_ovn (
$certmonger_ca = hiera('certmonger_ca', 'local'), $certmonger_ca = hiera('certmonger_ca', 'local'),
$postsave_cmd = undef, $postsave_cmd = undef,
$principal = undef, $principal = undef,
$key_size = 2048,
) { ) {
include certmonger include certmonger
@ -57,6 +62,7 @@ class tripleo::certmonger::neutron_ovn (
principal => $principal, principal => $principal,
postsave_cmd => $postsave_cmd, postsave_cmd => $postsave_cmd,
ca => $certmonger_ca, ca => $certmonger_ca,
key_size => $key_size,
wait => true, wait => true,
require => Class['::certmonger'], require => Class['::certmonger'],
} }

@ -42,6 +42,9 @@
# [*notify_service*] # [*notify_service*]
# (Optional) Service to reload when certificate is created/renewed # (Optional) Service to reload when certificate is created/renewed
# Defaults to $::nova::params::libvirt_service_name # Defaults to $::nova::params::libvirt_service_name
# [*key_size*]
# (Optional) Specifies the private key size used when creating the certificate.
# Defaults to 2048bits.
# #
class tripleo::certmonger::novnc_proxy ( class tripleo::certmonger::novnc_proxy (
$hostname, $hostname,
@ -50,6 +53,7 @@ class tripleo::certmonger::novnc_proxy (
$certmonger_ca = hiera('certmonger_ca', 'local'), $certmonger_ca = hiera('certmonger_ca', 'local'),
$notify_service = undef, $notify_service = undef,
$postsave_cmd = undef, $postsave_cmd = undef,
$key_size = 2048,
$principal = undef, $principal = undef,
) { ) {
include certmonger include certmonger
@ -73,6 +77,7 @@ class tripleo::certmonger::novnc_proxy (
principal => $principal, principal => $principal,
postsave_cmd => $postsave_cmd, postsave_cmd => $postsave_cmd,
ca => $certmonger_ca, ca => $certmonger_ca,
key_size => $key_size,
wait => true, wait => true,
tag => 'novnc-proxy', tag => 'novnc-proxy',
require => Class['::certmonger'], require => Class['::certmonger'],

@ -39,6 +39,10 @@
# (Optional) The haproxy service principal that is set for openvswitch in kerberos. # (Optional) The haproxy service principal that is set for openvswitch in kerberos.
# Defaults to undef # Defaults to undef
# #
# [*key_size*]
# (Optional) Specifies the private key size used when creating the certificate.
# Defaults to 2048bits.
#
class tripleo::certmonger::openvswitch ( class tripleo::certmonger::openvswitch (
$hostname, $hostname,
$service_certificate, $service_certificate,
@ -46,6 +50,7 @@ class tripleo::certmonger::openvswitch (
$certmonger_ca = hiera('certmonger_ca', 'local'), $certmonger_ca = hiera('certmonger_ca', 'local'),
$postsave_cmd = 'systemctl reload openvswitch', $postsave_cmd = 'systemctl reload openvswitch',
$principal = undef, $principal = undef,
$key_size = 2048,
) { ) {
include certmonger include certmonger
@ -58,6 +63,7 @@ class tripleo::certmonger::openvswitch (
principal => $principal, principal => $principal,
postsave_cmd => $postsave_cmd, postsave_cmd => $postsave_cmd,
ca => $certmonger_ca, ca => $certmonger_ca,
key_size => $key_size,
wait => true, wait => true,
require => Class['::certmonger'], require => Class['::certmonger'],
} }

@ -38,6 +38,10 @@
# (Optional) The haproxy service principal that is set for neutron in kerberos. # (Optional) The haproxy service principal that is set for neutron in kerberos.
# Defaults to undef # Defaults to undef
# #
# [*key_size*]
# (Optional) Specifies the private key size used when creating the certificate.
# Defaults to 2048bits.
#
class tripleo::certmonger::ovn_controller ( class tripleo::certmonger::ovn_controller (
$hostname, $hostname,
$service_certificate, $service_certificate,
@ -45,6 +49,7 @@ class tripleo::certmonger::ovn_controller (
$certmonger_ca = hiera('certmonger_ca', 'local'), $certmonger_ca = hiera('certmonger_ca', 'local'),
$postsave_cmd = undef, $postsave_cmd = undef,
$principal = undef, $principal = undef,
$key_size = 2048,
) { ) {
include certmonger include certmonger
@ -57,6 +62,7 @@ class tripleo::certmonger::ovn_controller (
principal => $principal, principal => $principal,
postsave_cmd => $postsave_cmd, postsave_cmd => $postsave_cmd,
ca => $certmonger_ca, ca => $certmonger_ca,
key_size => $key_size,
wait => true, wait => true,
require => Class['::certmonger'], require => Class['::certmonger'],
} }

@ -38,6 +38,10 @@
# (Optional) The haproxy service principal that is set for neutron in kerberos. # (Optional) The haproxy service principal that is set for neutron in kerberos.
# Defaults to undef # Defaults to undef
# #
# [*key_size*]
# (Optional) Specifies the private key size used when creating the certificate.
# Defaults to 2048bits.
#
class tripleo::certmonger::ovn_dbs ( class tripleo::certmonger::ovn_dbs (
$hostname, $hostname,
$service_certificate, $service_certificate,
@ -45,6 +49,7 @@ class tripleo::certmonger::ovn_dbs (
$certmonger_ca = hiera('certmonger_ca', 'local'), $certmonger_ca = hiera('certmonger_ca', 'local'),
$postsave_cmd = undef, $postsave_cmd = undef,
$principal = undef, $principal = undef,
$key_size = 2048,
) { ) {
include certmonger include certmonger
@ -57,6 +62,7 @@ class tripleo::certmonger::ovn_dbs (
principal => $principal, principal => $principal,
postsave_cmd => $postsave_cmd, postsave_cmd => $postsave_cmd,
ca => $certmonger_ca, ca => $certmonger_ca,
key_size => $key_size,
wait => true, wait => true,
require => Class['::certmonger'], require => Class['::certmonger'],
} }

@ -38,6 +38,10 @@
# (Optional) The haproxy service principal that is set for neutron in kerberos. # (Optional) The haproxy service principal that is set for neutron in kerberos.
# Defaults to undef # Defaults to undef
# #
# [*key_size*]
# (Optional) Specifies the private key size used when creating the certificate.
# Defaults to 2048bits.
#
class tripleo::certmonger::ovn_metadata ( class tripleo::certmonger::ovn_metadata (
$hostname, $hostname,
$service_certificate, $service_certificate,
@ -45,6 +49,7 @@ class tripleo::certmonger::ovn_metadata (
$certmonger_ca = hiera('certmonger_ca', 'local'), $certmonger_ca = hiera('certmonger_ca', 'local'),
$postsave_cmd = undef, $postsave_cmd = undef,
$principal = undef, $principal = undef,
$key_size = 2048,
) { ) {
include certmonger include certmonger
@ -57,6 +62,7 @@ class tripleo::certmonger::ovn_metadata (
principal => $principal, principal => $principal,
postsave_cmd => $postsave_cmd, postsave_cmd => $postsave_cmd,
ca => $certmonger_ca, ca => $certmonger_ca,
key_size => $key_size,
wait => true, wait => true,
require => Class['::certmonger'], require => Class['::certmonger'],
} }

@ -38,6 +38,10 @@
# (Optional) The haproxy service principal that is set for neutron in kerberos. # (Optional) The haproxy service principal that is set for neutron in kerberos.
# Defaults to undef # Defaults to undef
# #
# [*key_size*]
# (Optional) Specifies the private key size used when creating the certificate.
# Defaults to 2048bits.
#
class tripleo::certmonger::ovn_octavia ( class tripleo::certmonger::ovn_octavia (
$hostname, $hostname,
$service_certificate, $service_certificate,
@ -45,6 +49,7 @@ class tripleo::certmonger::ovn_octavia (
$certmonger_ca = hiera('certmonger_ca', 'local'), $certmonger_ca = hiera('certmonger_ca', 'local'),
$postsave_cmd = undef, $postsave_cmd = undef,
$principal = undef, $principal = undef,
$key_size = 2048,
) { ) {
include certmonger include certmonger
@ -57,6 +62,7 @@ class tripleo::certmonger::ovn_octavia (
principal => $principal, principal => $principal,
postsave_cmd => $postsave_cmd, postsave_cmd => $postsave_cmd,
ca => $certmonger_ca, ca => $certmonger_ca,
key_size => $key_size,
wait => true, wait => true,
require => Class['::certmonger'], require => Class['::certmonger'],
} }

@ -43,6 +43,10 @@
# (Optional) Specifies that path to write the CA cerftificate to. # (Optional) Specifies that path to write the CA cerftificate to.
# Defaults to undef # Defaults to undef
# #
# [*key_size*]
# (Optional) Specifies the private key size used when creating the certificate.
# Defaults to 2048bits.
#
define tripleo::certmonger::qemu ( define tripleo::certmonger::qemu (
$hostname, $hostname,
$service_certificate, $service_certificate,
@ -51,6 +55,7 @@ define tripleo::certmonger::qemu (
$cacertfile = undef, $cacertfile = undef,
$postsave_cmd = undef, $postsave_cmd = undef,
$principal = undef, $principal = undef,
$key_size = 2048,
) { ) {
include certmonger include certmonger
include nova::params include nova::params
@ -64,6 +69,7 @@ define tripleo::certmonger::qemu (
principal => $principal, principal => $principal,
postsave_cmd => $postsave_cmd, postsave_cmd => $postsave_cmd,
ca => $certmonger_ca, ca => $certmonger_ca,
key_size => $key_size,
cacertfile => $cacertfile, cacertfile => $cacertfile,
wait => true, wait => true,
tag => 'qemu-cert', tag => 'qemu-cert',

@ -39,6 +39,10 @@
# (Optional) The service principal that is set for the service in kerberos. # (Optional) The service principal that is set for the service in kerberos.
# Defaults to undef # Defaults to undef
# #
# [*key_size*]
# (Optional) Specifies the private key size used when creating the certificate.
# Defaults to 2048bits.
#
class tripleo::certmonger::rabbitmq ( class tripleo::certmonger::rabbitmq (
$hostname, $hostname,
$service_certificate, $service_certificate,
@ -46,6 +50,7 @@ class tripleo::certmonger::rabbitmq (
$certmonger_ca = hiera('certmonger_ca', 'local'), $certmonger_ca = hiera('certmonger_ca', 'local'),
$postsave_cmd = undef, $postsave_cmd = undef,
$principal = undef, $principal = undef,
$key_size = 2048,
) { ) {
include certmonger include certmonger
@ -65,6 +70,7 @@ class tripleo::certmonger::rabbitmq (
principal => $principal, principal => $principal,
postsave_cmd => $postsave_cmd, postsave_cmd => $postsave_cmd,
ca => $certmonger_ca, ca => $certmonger_ca,
key_size => $key_size,
wait => true, wait => true,
require => Class['::certmonger'], require => Class['::certmonger'],
} }

@ -45,6 +45,10 @@
# (Optional) The service principal that is set for the service in kerberos. # (Optional) The service principal that is set for the service in kerberos.
# Defaults to undef # Defaults to undef
# #
# [*key_size*]
# (Optional) Specifies the private key size used when creating the certificate.
# Defaults to 2048bits.
#
class tripleo::certmonger::redis ( class tripleo::certmonger::redis (
$hostname, $hostname,
$service_certificate, $service_certificate,
@ -53,6 +57,7 @@ class tripleo::certmonger::redis (
$dnsnames = $hostname, $dnsnames = $hostname,
$postsave_cmd = undef, $postsave_cmd = undef,
$principal = undef, $principal = undef,
$key_size = 2048,
) { ) {
include certmonger include certmonger
@ -72,6 +77,7 @@ class tripleo::certmonger::redis (
principal => $principal, principal => $principal,
postsave_cmd => $postsave_cmd, postsave_cmd => $postsave_cmd,
ca => $certmonger_ca, ca => $certmonger_ca,
key_size => $key_size,
wait => true, wait => true,
require => Class['::certmonger'], require => Class['::certmonger'],
} }