Adding key_size option on the certmonger_certificate function
certmonger_certificate function currently does not support creating certificates with private keys stronger than 2048bits. Adding a key_size option. key_size option were added on puppet_certmonger on the v2.6.0 upstream: https://github.com/saltedsignal/puppet-certmonger/releases/tag/v2.6.0 Change-Id: I4da96f2164cf1d136f9471f1d6251bdd8cfd2d0b
This commit is contained in:
parent
eaca38aa67
commit
190aebca60
@ -35,7 +35,7 @@ mod 'fdio',
|
|||||||
|
|
||||||
mod 'certmonger',
|
mod 'certmonger',
|
||||||
:git => 'https://github.com/saltedsignal/puppet-certmonger',
|
:git => 'https://github.com/saltedsignal/puppet-certmonger',
|
||||||
:ref => 'v1.1.1'
|
:ref => 'v2.6.0'
|
||||||
|
|
||||||
mod 'ptp',
|
mod 'ptp',
|
||||||
:git => 'https://github.com/redhat-nfvpe/ptp',
|
:git => 'https://github.com/redhat-nfvpe/ptp',
|
||||||
|
@ -39,6 +39,10 @@
|
|||||||
# (Optional) The service principal that is set for the service in kerberos.
|
# (Optional) The service principal that is set for the service in kerberos.
|
||||||
# Defaults to undef
|
# Defaults to undef
|
||||||
#
|
#
|
||||||
|
# [*key_size*]
|
||||||
|
# (Optional) Specifies the private key size used when creating the certificate.
|
||||||
|
# Defaults to 2048bits.
|
||||||
|
#
|
||||||
class tripleo::certmonger::ceph_dashboard (
|
class tripleo::certmonger::ceph_dashboard (
|
||||||
$hostname,
|
$hostname,
|
||||||
$service_certificate,
|
$service_certificate,
|
||||||
@ -46,6 +50,7 @@ class tripleo::certmonger::ceph_dashboard (
|
|||||||
$postsave_cmd = undef,
|
$postsave_cmd = undef,
|
||||||
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
||||||
$principal = undef,
|
$principal = undef,
|
||||||
|
$key_size = 2048,
|
||||||
) {
|
) {
|
||||||
|
|
||||||
ensure_resource('file', '/usr/bin/certmonger-dashboard-refresh.sh', {
|
ensure_resource('file', '/usr/bin/certmonger-dashboard-refresh.sh', {
|
||||||
@ -64,6 +69,7 @@ class tripleo::certmonger::ceph_dashboard (
|
|||||||
principal => $principal,
|
principal => $principal,
|
||||||
postsave_cmd => $postsave_cmd,
|
postsave_cmd => $postsave_cmd,
|
||||||
ca => $certmonger_ca,
|
ca => $certmonger_ca,
|
||||||
|
key_size => $key_size,
|
||||||
wait => true,
|
wait => true,
|
||||||
require => Class['::certmonger'],
|
require => Class['::certmonger'],
|
||||||
}
|
}
|
||||||
|
@ -39,6 +39,10 @@
|
|||||||
# (Optional) The service principal that is set for the service in kerberos.
|
# (Optional) The service principal that is set for the service in kerberos.
|
||||||
# Defaults to undef
|
# Defaults to undef
|
||||||
#
|
#
|
||||||
|
# [*key_size*]
|
||||||
|
# (Optional) Specifies the private key size used when creating the certificate.
|
||||||
|
# Defaults to 2048bits.
|
||||||
|
#
|
||||||
class tripleo::certmonger::ceph_grafana (
|
class tripleo::certmonger::ceph_grafana (
|
||||||
$hostname,
|
$hostname,
|
||||||
$service_certificate,
|
$service_certificate,
|
||||||
@ -46,6 +50,7 @@ class tripleo::certmonger::ceph_grafana (
|
|||||||
$postsave_cmd = undef,
|
$postsave_cmd = undef,
|
||||||
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
||||||
$principal = undef,
|
$principal = undef,
|
||||||
|
$key_size = 2048,
|
||||||
) {
|
) {
|
||||||
|
|
||||||
ensure_resource('file', '/usr/bin/certmonger-grafana-refresh.sh', {
|
ensure_resource('file', '/usr/bin/certmonger-grafana-refresh.sh', {
|
||||||
@ -64,6 +69,7 @@ class tripleo::certmonger::ceph_grafana (
|
|||||||
principal => $principal,
|
principal => $principal,
|
||||||
postsave_cmd => $postsave_cmd,
|
postsave_cmd => $postsave_cmd,
|
||||||
ca => $certmonger_ca,
|
ca => $certmonger_ca,
|
||||||
|
key_size => $key_size,
|
||||||
wait => true,
|
wait => true,
|
||||||
require => Class['::certmonger'],
|
require => Class['::certmonger'],
|
||||||
}
|
}
|
||||||
|
@ -42,6 +42,10 @@
|
|||||||
# (Optional) The service principal that is set for the service in kerberos.
|
# (Optional) The service principal that is set for the service in kerberos.
|
||||||
# Defaults to undef
|
# Defaults to undef
|
||||||
#
|
#
|
||||||
|
# [*key_size*]
|
||||||
|
# (Optional) Specifies the private key size used when creating the certificate.
|
||||||
|
# Defaults to 2048bits.
|
||||||
|
#
|
||||||
class tripleo::certmonger::ceph_rgw (
|
class tripleo::certmonger::ceph_rgw (
|
||||||
$hostname,
|
$hostname,
|
||||||
$service_certificate,
|
$service_certificate,
|
||||||
@ -50,6 +54,7 @@ class tripleo::certmonger::ceph_rgw (
|
|||||||
$postsave_cmd = undef,
|
$postsave_cmd = undef,
|
||||||
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
||||||
$principal = undef,
|
$principal = undef,
|
||||||
|
$key_size = 2048,
|
||||||
) {
|
) {
|
||||||
|
|
||||||
ensure_resource('file', '/usr/bin/certmonger-rgw-refresh.sh', {
|
ensure_resource('file', '/usr/bin/certmonger-rgw-refresh.sh', {
|
||||||
@ -68,6 +73,7 @@ class tripleo::certmonger::ceph_rgw (
|
|||||||
principal => $principal,
|
principal => $principal,
|
||||||
postsave_cmd => $postsave_cmd,
|
postsave_cmd => $postsave_cmd,
|
||||||
ca => $certmonger_ca,
|
ca => $certmonger_ca,
|
||||||
|
key_size => $key_size,
|
||||||
wait => true,
|
wait => true,
|
||||||
require => Class['::certmonger'],
|
require => Class['::certmonger'],
|
||||||
}
|
}
|
||||||
|
@ -44,6 +44,10 @@
|
|||||||
# (Optional) The haproxy service principal that is set for etcd in kerberos.
|
# (Optional) The haproxy service principal that is set for etcd in kerberos.
|
||||||
# Defaults to undef
|
# Defaults to undef
|
||||||
#
|
#
|
||||||
|
# [*key_size*]
|
||||||
|
# (Optional) Specifies the private key size used when creating the certificate.
|
||||||
|
# Defaults to 2048bits.
|
||||||
|
#
|
||||||
class tripleo::certmonger::etcd (
|
class tripleo::certmonger::etcd (
|
||||||
$hostname,
|
$hostname,
|
||||||
$service_certificate,
|
$service_certificate,
|
||||||
@ -52,6 +56,7 @@ class tripleo::certmonger::etcd (
|
|||||||
$dnsnames = $hostname,
|
$dnsnames = $hostname,
|
||||||
$postsave_cmd = undef,
|
$postsave_cmd = undef,
|
||||||
$principal = undef,
|
$principal = undef,
|
||||||
|
$key_size = 2048,
|
||||||
) {
|
) {
|
||||||
include certmonger
|
include certmonger
|
||||||
|
|
||||||
@ -70,6 +75,7 @@ class tripleo::certmonger::etcd (
|
|||||||
dnsname => $dnsnames,
|
dnsname => $dnsnames,
|
||||||
principal => $principal,
|
principal => $principal,
|
||||||
postsave_cmd => $postsave_cmd,
|
postsave_cmd => $postsave_cmd,
|
||||||
|
key_size => $key_size,
|
||||||
ca => $certmonger_ca,
|
ca => $certmonger_ca,
|
||||||
wait => true,
|
wait => true,
|
||||||
require => Class['::certmonger'],
|
require => Class['::certmonger'],
|
||||||
|
@ -48,6 +48,10 @@
|
|||||||
# The post-save-command that certmonger will use once it renews the
|
# The post-save-command that certmonger will use once it renews the
|
||||||
# certificate.
|
# certificate.
|
||||||
#
|
#
|
||||||
|
# [*key_size*]
|
||||||
|
# (Optional) Specifies the private key size used when creating the certificate.
|
||||||
|
# Defaults to 2048bits.
|
||||||
|
#
|
||||||
define tripleo::certmonger::haproxy (
|
define tripleo::certmonger::haproxy (
|
||||||
$service_pem,
|
$service_pem,
|
||||||
$service_certificate,
|
$service_certificate,
|
||||||
@ -57,6 +61,7 @@ define tripleo::certmonger::haproxy (
|
|||||||
$dnsnames = undef,
|
$dnsnames = undef,
|
||||||
$principal = undef,
|
$principal = undef,
|
||||||
$postsave_cmd = undef,
|
$postsave_cmd = undef,
|
||||||
|
$key_size = 2048,
|
||||||
){
|
){
|
||||||
include certmonger
|
include certmonger
|
||||||
include haproxy::params
|
include haproxy::params
|
||||||
@ -103,6 +108,7 @@ define tripleo::certmonger::haproxy (
|
|||||||
keyfile => $service_key,
|
keyfile => $service_key,
|
||||||
postsave_cmd => $postsave_cmd,
|
postsave_cmd => $postsave_cmd,
|
||||||
principal => $principal_real,
|
principal => $principal_real,
|
||||||
|
key_size => $key_size,
|
||||||
eku => ['id-kp-clientAuth', 'id-kp-serverAuth'],
|
eku => ['id-kp-clientAuth', 'id-kp-serverAuth'],
|
||||||
wait => true,
|
wait => true,
|
||||||
tag => 'haproxy-cert',
|
tag => 'haproxy-cert',
|
||||||
|
@ -44,6 +44,10 @@
|
|||||||
# [*principal*]
|
# [*principal*]
|
||||||
# The haproxy service principal that is set for HAProxy in kerberos.
|
# The haproxy service principal that is set for HAProxy in kerberos.
|
||||||
#
|
#
|
||||||
|
# [*key_size*]
|
||||||
|
# (Optional) Specifies the private key size used when creating the certificate.
|
||||||
|
# Defaults to 2048bits.
|
||||||
|
#
|
||||||
define tripleo::certmonger::httpd (
|
define tripleo::certmonger::httpd (
|
||||||
$hostname,
|
$hostname,
|
||||||
$service_certificate,
|
$service_certificate,
|
||||||
@ -52,6 +56,7 @@ define tripleo::certmonger::httpd (
|
|||||||
$dnsnames = undef,
|
$dnsnames = undef,
|
||||||
$postsave_cmd = undef,
|
$postsave_cmd = undef,
|
||||||
$principal = undef,
|
$principal = undef,
|
||||||
|
$key_size = 2048,
|
||||||
) {
|
) {
|
||||||
include certmonger
|
include certmonger
|
||||||
include apache::params
|
include apache::params
|
||||||
@ -71,6 +76,7 @@ define tripleo::certmonger::httpd (
|
|||||||
principal => $principal,
|
principal => $principal,
|
||||||
postsave_cmd => $postsave_cmd,
|
postsave_cmd => $postsave_cmd,
|
||||||
ca => $certmonger_ca,
|
ca => $certmonger_ca,
|
||||||
|
key_size => $key_size,
|
||||||
wait => true,
|
wait => true,
|
||||||
tag => 'apache-cert',
|
tag => 'apache-cert',
|
||||||
require => Class['::certmonger'],
|
require => Class['::certmonger'],
|
||||||
|
@ -40,6 +40,10 @@
|
|||||||
# (Optional) The service principal that is set for the service in kerberos.
|
# (Optional) The service principal that is set for the service in kerberos.
|
||||||
# Defaults to undef
|
# Defaults to undef
|
||||||
#
|
#
|
||||||
|
# [*key_size*]
|
||||||
|
# (Optional) Specifies the private key size used when creating the certificate.
|
||||||
|
# Defaults to 2048bits.
|
||||||
|
#
|
||||||
define tripleo::certmonger::libvirt (
|
define tripleo::certmonger::libvirt (
|
||||||
$hostname,
|
$hostname,
|
||||||
$service_certificate,
|
$service_certificate,
|
||||||
@ -47,6 +51,7 @@ define tripleo::certmonger::libvirt (
|
|||||||
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
||||||
$postsave_cmd = undef,
|
$postsave_cmd = undef,
|
||||||
$principal = undef,
|
$principal = undef,
|
||||||
|
$key_size = 2048,
|
||||||
) {
|
) {
|
||||||
include certmonger
|
include certmonger
|
||||||
include nova::params
|
include nova::params
|
||||||
@ -61,6 +66,7 @@ define tripleo::certmonger::libvirt (
|
|||||||
principal => $principal,
|
principal => $principal,
|
||||||
postsave_cmd => $postsave_cmd_real,
|
postsave_cmd => $postsave_cmd_real,
|
||||||
ca => $certmonger_ca,
|
ca => $certmonger_ca,
|
||||||
|
key_size => $key_size,
|
||||||
wait => true,
|
wait => true,
|
||||||
tag => 'libvirt-cert',
|
tag => 'libvirt-cert',
|
||||||
require => Class['::certmonger'],
|
require => Class['::certmonger'],
|
||||||
|
@ -48,6 +48,10 @@
|
|||||||
# (Optional) Service to reload when certificate is created/renewed
|
# (Optional) Service to reload when certificate is created/renewed
|
||||||
# Defaults to $::nova::params::libvirt_service_name
|
# Defaults to $::nova::params::libvirt_service_name
|
||||||
#
|
#
|
||||||
|
# [*key_size*]
|
||||||
|
# (Optional) Specifies the private key size used when creating the certificate.
|
||||||
|
# Defaults to 2048bits.
|
||||||
|
#
|
||||||
define tripleo::certmonger::libvirt_vnc (
|
define tripleo::certmonger::libvirt_vnc (
|
||||||
$hostname,
|
$hostname,
|
||||||
$service_certificate,
|
$service_certificate,
|
||||||
@ -57,6 +61,7 @@ define tripleo::certmonger::libvirt_vnc (
|
|||||||
$principal = undef,
|
$principal = undef,
|
||||||
$cacertfile = undef,
|
$cacertfile = undef,
|
||||||
$notify_service = undef,
|
$notify_service = undef,
|
||||||
|
$key_size = 2048,
|
||||||
) {
|
) {
|
||||||
include certmonger
|
include certmonger
|
||||||
include nova::params
|
include nova::params
|
||||||
@ -74,6 +79,7 @@ define tripleo::certmonger::libvirt_vnc (
|
|||||||
principal => $principal,
|
principal => $principal,
|
||||||
postsave_cmd => $postsave_cmd_real,
|
postsave_cmd => $postsave_cmd_real,
|
||||||
ca => $certmonger_ca,
|
ca => $certmonger_ca,
|
||||||
|
key_size => $key_size,
|
||||||
cacertfile => $cacertfile,
|
cacertfile => $cacertfile,
|
||||||
wait => true,
|
wait => true,
|
||||||
tag => 'libvirt-cert',
|
tag => 'libvirt-cert',
|
||||||
|
@ -40,6 +40,10 @@
|
|||||||
# (Optional) The service principal that is set for the service in kerberos.
|
# (Optional) The service principal that is set for the service in kerberos.
|
||||||
# Defaults to undef
|
# Defaults to undef
|
||||||
#
|
#
|
||||||
|
# [*key_size*]
|
||||||
|
# (Optional) Specifies the private key size used when creating the certificate.
|
||||||
|
# Defaults to 2048bits.
|
||||||
|
#
|
||||||
class tripleo::certmonger::memcached (
|
class tripleo::certmonger::memcached (
|
||||||
$hostname,
|
$hostname,
|
||||||
$service_certificate,
|
$service_certificate,
|
||||||
@ -47,6 +51,7 @@ class tripleo::certmonger::memcached (
|
|||||||
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
||||||
$postsave_cmd = '/usr/bin/certmonger-memcached-refresh.sh',
|
$postsave_cmd = '/usr/bin/certmonger-memcached-refresh.sh',
|
||||||
$principal = undef,
|
$principal = undef,
|
||||||
|
$key_size = 2048,
|
||||||
) {
|
) {
|
||||||
include certmonger
|
include certmonger
|
||||||
|
|
||||||
@ -66,6 +71,7 @@ class tripleo::certmonger::memcached (
|
|||||||
principal => $principal,
|
principal => $principal,
|
||||||
postsave_cmd => $postsave_cmd,
|
postsave_cmd => $postsave_cmd,
|
||||||
ca => $certmonger_ca,
|
ca => $certmonger_ca,
|
||||||
|
key_size => $key_size,
|
||||||
wait => true,
|
wait => true,
|
||||||
require => Class['::certmonger'],
|
require => Class['::certmonger'],
|
||||||
}
|
}
|
||||||
|
@ -40,6 +40,10 @@
|
|||||||
# (Optional) The haproxy service principal that is set for metrics_qdr in kerberos.
|
# (Optional) The haproxy service principal that is set for metrics_qdr in kerberos.
|
||||||
# Defaults to undef
|
# Defaults to undef
|
||||||
#
|
#
|
||||||
|
# [*key_size*]
|
||||||
|
# (Optional) Specifies the private key size used when creating the certificate.
|
||||||
|
# Defaults to 2048bits.
|
||||||
|
#
|
||||||
class tripleo::certmonger::metrics_qdr (
|
class tripleo::certmonger::metrics_qdr (
|
||||||
$hostname,
|
$hostname,
|
||||||
$service_certificate,
|
$service_certificate,
|
||||||
@ -47,6 +51,7 @@ class tripleo::certmonger::metrics_qdr (
|
|||||||
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
||||||
$postsave_cmd = undef,
|
$postsave_cmd = undef,
|
||||||
$principal = undef,
|
$principal = undef,
|
||||||
|
$key_size = 2048,
|
||||||
) {
|
) {
|
||||||
include certmonger
|
include certmonger
|
||||||
include qdr::params
|
include qdr::params
|
||||||
@ -67,6 +72,7 @@ class tripleo::certmonger::metrics_qdr (
|
|||||||
principal => $principal,
|
principal => $principal,
|
||||||
postsave_cmd => $postsave_cmd,
|
postsave_cmd => $postsave_cmd,
|
||||||
ca => $certmonger_ca,
|
ca => $certmonger_ca,
|
||||||
|
key_size => $key_size,
|
||||||
wait => true,
|
wait => true,
|
||||||
require => Class['::certmonger'],
|
require => Class['::certmonger'],
|
||||||
}
|
}
|
||||||
|
@ -46,6 +46,10 @@
|
|||||||
# (Optional) The haproxy service principal that is set for MySQL in kerberos.
|
# (Optional) The haproxy service principal that is set for MySQL in kerberos.
|
||||||
# Defaults to undef
|
# Defaults to undef
|
||||||
#
|
#
|
||||||
|
# [*key_size*]
|
||||||
|
# (Optional) Specifies the private key size used when creating the certificate.
|
||||||
|
# Defaults to 2048bits.
|
||||||
|
#
|
||||||
class tripleo::certmonger::mysql (
|
class tripleo::certmonger::mysql (
|
||||||
$hostname,
|
$hostname,
|
||||||
$service_certificate,
|
$service_certificate,
|
||||||
@ -54,6 +58,7 @@ class tripleo::certmonger::mysql (
|
|||||||
$dnsnames = $hostname,
|
$dnsnames = $hostname,
|
||||||
$postsave_cmd = undef,
|
$postsave_cmd = undef,
|
||||||
$principal = undef,
|
$principal = undef,
|
||||||
|
$key_size = 2048,
|
||||||
) {
|
) {
|
||||||
include certmonger
|
include certmonger
|
||||||
|
|
||||||
@ -66,6 +71,7 @@ class tripleo::certmonger::mysql (
|
|||||||
principal => $principal,
|
principal => $principal,
|
||||||
postsave_cmd => $postsave_cmd,
|
postsave_cmd => $postsave_cmd,
|
||||||
ca => $certmonger_ca,
|
ca => $certmonger_ca,
|
||||||
|
key_size => $key_size,
|
||||||
wait => true,
|
wait => true,
|
||||||
require => Class['::certmonger'],
|
require => Class['::certmonger'],
|
||||||
}
|
}
|
||||||
|
@ -38,6 +38,10 @@
|
|||||||
# (Optional) The haproxy service principal that is set for neutron in kerberos.
|
# (Optional) The haproxy service principal that is set for neutron in kerberos.
|
||||||
# Defaults to undef
|
# Defaults to undef
|
||||||
#
|
#
|
||||||
|
# [*key_size*]
|
||||||
|
# (Optional) Specifies the private key size used when creating the certificate.
|
||||||
|
# Defaults to 2048bits.
|
||||||
|
#
|
||||||
class tripleo::certmonger::neutron (
|
class tripleo::certmonger::neutron (
|
||||||
$hostname,
|
$hostname,
|
||||||
$service_certificate,
|
$service_certificate,
|
||||||
@ -45,6 +49,7 @@ class tripleo::certmonger::neutron (
|
|||||||
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
||||||
$postsave_cmd = undef,
|
$postsave_cmd = undef,
|
||||||
$principal = undef,
|
$principal = undef,
|
||||||
|
$key_size = 2048,
|
||||||
) {
|
) {
|
||||||
include certmonger
|
include certmonger
|
||||||
|
|
||||||
@ -64,6 +69,7 @@ class tripleo::certmonger::neutron (
|
|||||||
principal => $principal,
|
principal => $principal,
|
||||||
postsave_cmd => $postsave_cmd,
|
postsave_cmd => $postsave_cmd,
|
||||||
ca => $certmonger_ca,
|
ca => $certmonger_ca,
|
||||||
|
key_size => $key_size,
|
||||||
wait => true,
|
wait => true,
|
||||||
require => Class['::certmonger'],
|
require => Class['::certmonger'],
|
||||||
}
|
}
|
||||||
|
@ -38,6 +38,10 @@
|
|||||||
# (Optional) The haproxy service principal that is set for neutron in kerberos.
|
# (Optional) The haproxy service principal that is set for neutron in kerberos.
|
||||||
# Defaults to undef
|
# Defaults to undef
|
||||||
#
|
#
|
||||||
|
# [*key_size*]
|
||||||
|
# (Optional) Specifies the private key size used when creating the certificate.
|
||||||
|
# Defaults to 2048bits.
|
||||||
|
#
|
||||||
class tripleo::certmonger::neutron_ovn (
|
class tripleo::certmonger::neutron_ovn (
|
||||||
$hostname,
|
$hostname,
|
||||||
$service_certificate,
|
$service_certificate,
|
||||||
@ -45,6 +49,7 @@ class tripleo::certmonger::neutron_ovn (
|
|||||||
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
||||||
$postsave_cmd = undef,
|
$postsave_cmd = undef,
|
||||||
$principal = undef,
|
$principal = undef,
|
||||||
|
$key_size = 2048,
|
||||||
) {
|
) {
|
||||||
include certmonger
|
include certmonger
|
||||||
|
|
||||||
@ -57,6 +62,7 @@ class tripleo::certmonger::neutron_ovn (
|
|||||||
principal => $principal,
|
principal => $principal,
|
||||||
postsave_cmd => $postsave_cmd,
|
postsave_cmd => $postsave_cmd,
|
||||||
ca => $certmonger_ca,
|
ca => $certmonger_ca,
|
||||||
|
key_size => $key_size,
|
||||||
wait => true,
|
wait => true,
|
||||||
require => Class['::certmonger'],
|
require => Class['::certmonger'],
|
||||||
}
|
}
|
||||||
|
@ -42,6 +42,9 @@
|
|||||||
# [*notify_service*]
|
# [*notify_service*]
|
||||||
# (Optional) Service to reload when certificate is created/renewed
|
# (Optional) Service to reload when certificate is created/renewed
|
||||||
# Defaults to $::nova::params::libvirt_service_name
|
# Defaults to $::nova::params::libvirt_service_name
|
||||||
|
# [*key_size*]
|
||||||
|
# (Optional) Specifies the private key size used when creating the certificate.
|
||||||
|
# Defaults to 2048bits.
|
||||||
#
|
#
|
||||||
class tripleo::certmonger::novnc_proxy (
|
class tripleo::certmonger::novnc_proxy (
|
||||||
$hostname,
|
$hostname,
|
||||||
@ -50,6 +53,7 @@ class tripleo::certmonger::novnc_proxy (
|
|||||||
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
||||||
$notify_service = undef,
|
$notify_service = undef,
|
||||||
$postsave_cmd = undef,
|
$postsave_cmd = undef,
|
||||||
|
$key_size = 2048,
|
||||||
$principal = undef,
|
$principal = undef,
|
||||||
) {
|
) {
|
||||||
include certmonger
|
include certmonger
|
||||||
@ -73,6 +77,7 @@ class tripleo::certmonger::novnc_proxy (
|
|||||||
principal => $principal,
|
principal => $principal,
|
||||||
postsave_cmd => $postsave_cmd,
|
postsave_cmd => $postsave_cmd,
|
||||||
ca => $certmonger_ca,
|
ca => $certmonger_ca,
|
||||||
|
key_size => $key_size,
|
||||||
wait => true,
|
wait => true,
|
||||||
tag => 'novnc-proxy',
|
tag => 'novnc-proxy',
|
||||||
require => Class['::certmonger'],
|
require => Class['::certmonger'],
|
||||||
|
@ -39,6 +39,10 @@
|
|||||||
# (Optional) The haproxy service principal that is set for openvswitch in kerberos.
|
# (Optional) The haproxy service principal that is set for openvswitch in kerberos.
|
||||||
# Defaults to undef
|
# Defaults to undef
|
||||||
#
|
#
|
||||||
|
# [*key_size*]
|
||||||
|
# (Optional) Specifies the private key size used when creating the certificate.
|
||||||
|
# Defaults to 2048bits.
|
||||||
|
#
|
||||||
class tripleo::certmonger::openvswitch (
|
class tripleo::certmonger::openvswitch (
|
||||||
$hostname,
|
$hostname,
|
||||||
$service_certificate,
|
$service_certificate,
|
||||||
@ -46,6 +50,7 @@ class tripleo::certmonger::openvswitch (
|
|||||||
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
||||||
$postsave_cmd = 'systemctl reload openvswitch',
|
$postsave_cmd = 'systemctl reload openvswitch',
|
||||||
$principal = undef,
|
$principal = undef,
|
||||||
|
$key_size = 2048,
|
||||||
) {
|
) {
|
||||||
include certmonger
|
include certmonger
|
||||||
|
|
||||||
@ -58,6 +63,7 @@ class tripleo::certmonger::openvswitch (
|
|||||||
principal => $principal,
|
principal => $principal,
|
||||||
postsave_cmd => $postsave_cmd,
|
postsave_cmd => $postsave_cmd,
|
||||||
ca => $certmonger_ca,
|
ca => $certmonger_ca,
|
||||||
|
key_size => $key_size,
|
||||||
wait => true,
|
wait => true,
|
||||||
require => Class['::certmonger'],
|
require => Class['::certmonger'],
|
||||||
}
|
}
|
||||||
|
@ -38,6 +38,10 @@
|
|||||||
# (Optional) The haproxy service principal that is set for neutron in kerberos.
|
# (Optional) The haproxy service principal that is set for neutron in kerberos.
|
||||||
# Defaults to undef
|
# Defaults to undef
|
||||||
#
|
#
|
||||||
|
# [*key_size*]
|
||||||
|
# (Optional) Specifies the private key size used when creating the certificate.
|
||||||
|
# Defaults to 2048bits.
|
||||||
|
#
|
||||||
class tripleo::certmonger::ovn_controller (
|
class tripleo::certmonger::ovn_controller (
|
||||||
$hostname,
|
$hostname,
|
||||||
$service_certificate,
|
$service_certificate,
|
||||||
@ -45,6 +49,7 @@ class tripleo::certmonger::ovn_controller (
|
|||||||
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
||||||
$postsave_cmd = undef,
|
$postsave_cmd = undef,
|
||||||
$principal = undef,
|
$principal = undef,
|
||||||
|
$key_size = 2048,
|
||||||
) {
|
) {
|
||||||
include certmonger
|
include certmonger
|
||||||
|
|
||||||
@ -57,6 +62,7 @@ class tripleo::certmonger::ovn_controller (
|
|||||||
principal => $principal,
|
principal => $principal,
|
||||||
postsave_cmd => $postsave_cmd,
|
postsave_cmd => $postsave_cmd,
|
||||||
ca => $certmonger_ca,
|
ca => $certmonger_ca,
|
||||||
|
key_size => $key_size,
|
||||||
wait => true,
|
wait => true,
|
||||||
require => Class['::certmonger'],
|
require => Class['::certmonger'],
|
||||||
}
|
}
|
||||||
|
@ -38,6 +38,10 @@
|
|||||||
# (Optional) The haproxy service principal that is set for neutron in kerberos.
|
# (Optional) The haproxy service principal that is set for neutron in kerberos.
|
||||||
# Defaults to undef
|
# Defaults to undef
|
||||||
#
|
#
|
||||||
|
# [*key_size*]
|
||||||
|
# (Optional) Specifies the private key size used when creating the certificate.
|
||||||
|
# Defaults to 2048bits.
|
||||||
|
#
|
||||||
class tripleo::certmonger::ovn_dbs (
|
class tripleo::certmonger::ovn_dbs (
|
||||||
$hostname,
|
$hostname,
|
||||||
$service_certificate,
|
$service_certificate,
|
||||||
@ -45,6 +49,7 @@ class tripleo::certmonger::ovn_dbs (
|
|||||||
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
||||||
$postsave_cmd = undef,
|
$postsave_cmd = undef,
|
||||||
$principal = undef,
|
$principal = undef,
|
||||||
|
$key_size = 2048,
|
||||||
) {
|
) {
|
||||||
include certmonger
|
include certmonger
|
||||||
|
|
||||||
@ -57,6 +62,7 @@ class tripleo::certmonger::ovn_dbs (
|
|||||||
principal => $principal,
|
principal => $principal,
|
||||||
postsave_cmd => $postsave_cmd,
|
postsave_cmd => $postsave_cmd,
|
||||||
ca => $certmonger_ca,
|
ca => $certmonger_ca,
|
||||||
|
key_size => $key_size,
|
||||||
wait => true,
|
wait => true,
|
||||||
require => Class['::certmonger'],
|
require => Class['::certmonger'],
|
||||||
}
|
}
|
||||||
|
@ -38,6 +38,10 @@
|
|||||||
# (Optional) The haproxy service principal that is set for neutron in kerberos.
|
# (Optional) The haproxy service principal that is set for neutron in kerberos.
|
||||||
# Defaults to undef
|
# Defaults to undef
|
||||||
#
|
#
|
||||||
|
# [*key_size*]
|
||||||
|
# (Optional) Specifies the private key size used when creating the certificate.
|
||||||
|
# Defaults to 2048bits.
|
||||||
|
#
|
||||||
class tripleo::certmonger::ovn_metadata (
|
class tripleo::certmonger::ovn_metadata (
|
||||||
$hostname,
|
$hostname,
|
||||||
$service_certificate,
|
$service_certificate,
|
||||||
@ -45,6 +49,7 @@ class tripleo::certmonger::ovn_metadata (
|
|||||||
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
||||||
$postsave_cmd = undef,
|
$postsave_cmd = undef,
|
||||||
$principal = undef,
|
$principal = undef,
|
||||||
|
$key_size = 2048,
|
||||||
) {
|
) {
|
||||||
include certmonger
|
include certmonger
|
||||||
|
|
||||||
@ -57,6 +62,7 @@ class tripleo::certmonger::ovn_metadata (
|
|||||||
principal => $principal,
|
principal => $principal,
|
||||||
postsave_cmd => $postsave_cmd,
|
postsave_cmd => $postsave_cmd,
|
||||||
ca => $certmonger_ca,
|
ca => $certmonger_ca,
|
||||||
|
key_size => $key_size,
|
||||||
wait => true,
|
wait => true,
|
||||||
require => Class['::certmonger'],
|
require => Class['::certmonger'],
|
||||||
}
|
}
|
||||||
|
@ -38,6 +38,10 @@
|
|||||||
# (Optional) The haproxy service principal that is set for neutron in kerberos.
|
# (Optional) The haproxy service principal that is set for neutron in kerberos.
|
||||||
# Defaults to undef
|
# Defaults to undef
|
||||||
#
|
#
|
||||||
|
# [*key_size*]
|
||||||
|
# (Optional) Specifies the private key size used when creating the certificate.
|
||||||
|
# Defaults to 2048bits.
|
||||||
|
#
|
||||||
class tripleo::certmonger::ovn_octavia (
|
class tripleo::certmonger::ovn_octavia (
|
||||||
$hostname,
|
$hostname,
|
||||||
$service_certificate,
|
$service_certificate,
|
||||||
@ -45,6 +49,7 @@ class tripleo::certmonger::ovn_octavia (
|
|||||||
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
||||||
$postsave_cmd = undef,
|
$postsave_cmd = undef,
|
||||||
$principal = undef,
|
$principal = undef,
|
||||||
|
$key_size = 2048,
|
||||||
) {
|
) {
|
||||||
include certmonger
|
include certmonger
|
||||||
|
|
||||||
@ -57,6 +62,7 @@ class tripleo::certmonger::ovn_octavia (
|
|||||||
principal => $principal,
|
principal => $principal,
|
||||||
postsave_cmd => $postsave_cmd,
|
postsave_cmd => $postsave_cmd,
|
||||||
ca => $certmonger_ca,
|
ca => $certmonger_ca,
|
||||||
|
key_size => $key_size,
|
||||||
wait => true,
|
wait => true,
|
||||||
require => Class['::certmonger'],
|
require => Class['::certmonger'],
|
||||||
}
|
}
|
||||||
|
@ -43,6 +43,10 @@
|
|||||||
# (Optional) Specifies that path to write the CA cerftificate to.
|
# (Optional) Specifies that path to write the CA cerftificate to.
|
||||||
# Defaults to undef
|
# Defaults to undef
|
||||||
#
|
#
|
||||||
|
# [*key_size*]
|
||||||
|
# (Optional) Specifies the private key size used when creating the certificate.
|
||||||
|
# Defaults to 2048bits.
|
||||||
|
#
|
||||||
define tripleo::certmonger::qemu (
|
define tripleo::certmonger::qemu (
|
||||||
$hostname,
|
$hostname,
|
||||||
$service_certificate,
|
$service_certificate,
|
||||||
@ -51,6 +55,7 @@ define tripleo::certmonger::qemu (
|
|||||||
$cacertfile = undef,
|
$cacertfile = undef,
|
||||||
$postsave_cmd = undef,
|
$postsave_cmd = undef,
|
||||||
$principal = undef,
|
$principal = undef,
|
||||||
|
$key_size = 2048,
|
||||||
) {
|
) {
|
||||||
include certmonger
|
include certmonger
|
||||||
include nova::params
|
include nova::params
|
||||||
@ -64,6 +69,7 @@ define tripleo::certmonger::qemu (
|
|||||||
principal => $principal,
|
principal => $principal,
|
||||||
postsave_cmd => $postsave_cmd,
|
postsave_cmd => $postsave_cmd,
|
||||||
ca => $certmonger_ca,
|
ca => $certmonger_ca,
|
||||||
|
key_size => $key_size,
|
||||||
cacertfile => $cacertfile,
|
cacertfile => $cacertfile,
|
||||||
wait => true,
|
wait => true,
|
||||||
tag => 'qemu-cert',
|
tag => 'qemu-cert',
|
||||||
|
@ -39,6 +39,10 @@
|
|||||||
# (Optional) The service principal that is set for the service in kerberos.
|
# (Optional) The service principal that is set for the service in kerberos.
|
||||||
# Defaults to undef
|
# Defaults to undef
|
||||||
#
|
#
|
||||||
|
# [*key_size*]
|
||||||
|
# (Optional) Specifies the private key size used when creating the certificate.
|
||||||
|
# Defaults to 2048bits.
|
||||||
|
#
|
||||||
class tripleo::certmonger::rabbitmq (
|
class tripleo::certmonger::rabbitmq (
|
||||||
$hostname,
|
$hostname,
|
||||||
$service_certificate,
|
$service_certificate,
|
||||||
@ -46,6 +50,7 @@ class tripleo::certmonger::rabbitmq (
|
|||||||
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
$certmonger_ca = hiera('certmonger_ca', 'local'),
|
||||||
$postsave_cmd = undef,
|
$postsave_cmd = undef,
|
||||||
$principal = undef,
|
$principal = undef,
|
||||||
|
$key_size = 2048,
|
||||||
) {
|
) {
|
||||||
include certmonger
|
include certmonger
|
||||||
|
|
||||||
@ -65,6 +70,7 @@ class tripleo::certmonger::rabbitmq (
|
|||||||
principal => $principal,
|
principal => $principal,
|
||||||
postsave_cmd => $postsave_cmd,
|
postsave_cmd => $postsave_cmd,
|
||||||
ca => $certmonger_ca,
|
ca => $certmonger_ca,
|
||||||
|
key_size => $key_size,
|
||||||
wait => true,
|
wait => true,
|
||||||
require => Class['::certmonger'],
|
require => Class['::certmonger'],
|
||||||
}
|
}
|
||||||
|
@ -45,6 +45,10 @@
|
|||||||
# (Optional) The service principal that is set for the service in kerberos.
|
# (Optional) The service principal that is set for the service in kerberos.
|
||||||
# Defaults to undef
|
# Defaults to undef
|
||||||
#
|
#
|
||||||
|
# [*key_size*]
|
||||||
|
# (Optional) Specifies the private key size used when creating the certificate.
|
||||||
|
# Defaults to 2048bits.
|
||||||
|
#
|
||||||
class tripleo::certmonger::redis (
|
class tripleo::certmonger::redis (
|
||||||
$hostname,
|
$hostname,
|
||||||
$service_certificate,
|
$service_certificate,
|
||||||
@ -53,6 +57,7 @@ class tripleo::certmonger::redis (
|
|||||||
$dnsnames = $hostname,
|
$dnsnames = $hostname,
|
||||||
$postsave_cmd = undef,
|
$postsave_cmd = undef,
|
||||||
$principal = undef,
|
$principal = undef,
|
||||||
|
$key_size = 2048,
|
||||||
) {
|
) {
|
||||||
include certmonger
|
include certmonger
|
||||||
|
|
||||||
@ -72,6 +77,7 @@ class tripleo::certmonger::redis (
|
|||||||
principal => $principal,
|
principal => $principal,
|
||||||
postsave_cmd => $postsave_cmd,
|
postsave_cmd => $postsave_cmd,
|
||||||
ca => $certmonger_ca,
|
ca => $certmonger_ca,
|
||||||
|
key_size => $key_size,
|
||||||
wait => true,
|
wait => true,
|
||||||
require => Class['::certmonger'],
|
require => Class['::certmonger'],
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user