summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLeif Johansson <leifj@sunet.se>2015-03-24 22:39:18 +0100
committerLeif Johansson <leifj@sunet.se>2015-03-24 22:39:18 +0100
commit2fb5f25dcec2ceb1b51cce03b563909dae7f816b (patch)
tree19606cbbe8f57c78de842d3c14a1d0b4435540ee
parent7b54599dd9093c658a7cb34afcfa546ec7faa3de (diff)
-rw-r--r--global/overlay/etc/puppet/manifests/cosmos-site.pp14
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp17
2 files changed, 19 insertions, 12 deletions
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index b56fe08..d15e78c 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -822,9 +822,13 @@ node 'ca.sunet.se' {
ports => ["80:80"]
}
file { "/var/lib/ca/infra/requests/client": ensure => directory } ->
- sunet::ici_ca(pkcs11_pin => hiera('ca_infra_pkcs11_pin'),
- autosign_dir => "/var/lib/ca/infra/requests/client",
- autosign_type => "client",
- public_repo_url => "http://ca.sunet.se/infra",
- public_repo_dir => "/var/www/html/infra")
+ sunet::ici_ca{"infra_ca":
+ pkcs11_pin => hiera('ca_infra_pkcs11_pin'),
+ public_repo_url => "http://ca.sunet.se/infra",
+ public_repo_dir => "/var/www/html/infra"
+ }
+ sunet::ici_ca::autosign{"infra_ca_clients":
+ autosign_dir => "/var/lib/ca/infra/requests/client",
+ autosign_type => "client",
+ }
}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp b/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp
index 97839e8..ed7811d 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp
@@ -17,13 +17,6 @@ define sunet::ici_ca($pkcs11_module="/usr/lib/softhsm/libsofthsm.so",
path => "/var/lib/ici/${name}/ca.config",
content => template("sunet/ici_ca/ca.config.erb")
} ->
- if ($autosign_dir) {
- cron {'ici_autosign':
- command => "test -f /var/lib/ici/${name}/ca.crt && /usr/bin/ici ${name} issue -t ${autosign_type} ${autosign_dir}"
- user => "root",
- minut => "*/5"
- }
- }
if ($public_repo_dir && $public_repo_url) {
cron {'ici_publish':
command => "test -f /var/lib/ici/${name}/ca.crt && /usr/bin/ici ${name} publish ${public_repo}"
@@ -32,3 +25,13 @@ define sunet::ici_ca($pkcs11_module="/usr/lib/softhsm/libsofthsm.so",
}
}
}
+
+define sunet::ici_ca::autosign($autosign_dir=undef,
+ $autosign_type="peer")
+{
+ cron {'ici_autosign_${name}':
+ command => "test -f /var/lib/ici/${name}/ca.crt && /usr/bin/ici ${name} issue -t ${autosign_type} ${autosign_dir}"
+ user => "root",
+ minut => "*/5"
+ }
+}