diff options
-rw-r--r-- | global/overlay/etc/puppet/manifests/cosmos-site.pp | 14 | ||||
-rw-r--r-- | global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp | 17 |
2 files changed, 19 insertions, 12 deletions
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index b56fe08..d15e78c 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -822,9 +822,13 @@ node 'ca.sunet.se' { ports => ["80:80"] } file { "/var/lib/ca/infra/requests/client": ensure => directory } -> - sunet::ici_ca(pkcs11_pin => hiera('ca_infra_pkcs11_pin'), - autosign_dir => "/var/lib/ca/infra/requests/client", - autosign_type => "client", - public_repo_url => "http://ca.sunet.se/infra", - public_repo_dir => "/var/www/html/infra") + sunet::ici_ca{"infra_ca": + pkcs11_pin => hiera('ca_infra_pkcs11_pin'), + public_repo_url => "http://ca.sunet.se/infra", + public_repo_dir => "/var/www/html/infra" + } + sunet::ici_ca::autosign{"infra_ca_clients": + autosign_dir => "/var/lib/ca/infra/requests/client", + autosign_type => "client", + } } diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp b/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp index 97839e8..ed7811d 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp @@ -17,13 +17,6 @@ define sunet::ici_ca($pkcs11_module="/usr/lib/softhsm/libsofthsm.so", path => "/var/lib/ici/${name}/ca.config", content => template("sunet/ici_ca/ca.config.erb") } -> - if ($autosign_dir) { - cron {'ici_autosign': - command => "test -f /var/lib/ici/${name}/ca.crt && /usr/bin/ici ${name} issue -t ${autosign_type} ${autosign_dir}" - user => "root", - minut => "*/5" - } - } if ($public_repo_dir && $public_repo_url) { cron {'ici_publish': command => "test -f /var/lib/ici/${name}/ca.crt && /usr/bin/ici ${name} publish ${public_repo}" @@ -32,3 +25,13 @@ define sunet::ici_ca($pkcs11_module="/usr/lib/softhsm/libsofthsm.so", } } } + +define sunet::ici_ca::autosign($autosign_dir=undef, + $autosign_type="peer") +{ + cron {'ici_autosign_${name}': + command => "test -f /var/lib/ici/${name}/ca.crt && /usr/bin/ici ${name} issue -t ${autosign_type} ${autosign_dir}" + user => "root", + minut => "*/5" + } +} |