summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--global/overlay/etc/puppet/manifests/cosmos-site.pp8
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp5
2 files changed, 10 insertions, 3 deletions
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index eb2781e..a519ccf 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -815,7 +815,7 @@ node 'web-a1.sunet.se' {
}
node 'ca.sunet.se' {
- file { ["/var/www","/var/www/html","/var/lib/ca","/var/lib/ca/infra","/var/lib/ca/infra/requests","/var/lib/ca/infra/requests/client"]: ensure => directory } ->
+ file { ["/var/www","/var/www/html","/var/lib/ca","/var/lib/ca/infra","/var/lib/ca/infra/requests","/var/lib/ca/infra/requests/client","/var/lib/ca/infra/requests/server"]: ensure => directory } ->
class { 'sunet::dockerhost': } ->
sunet::docker_run { "ca.sunet.se_apache":
image => 'httpd',
@@ -829,8 +829,14 @@ node 'ca.sunet.se' {
public_repo_dir => "/var/www/html/infra"
}
sunet::ici_ca::autosign{"infra_ca_clients":
+ ca => "infra_ca",
autosign_dir => "/var/lib/ca/infra/requests/client",
autosign_type => "client",
}
+ sunet::ici_ca::autosign{"infra_ca_servers":
+ ca => "infra_ca",
+ autosign_dir => "/var/lib/ca/infra/requests/server",
+ autosign_type => "server",
+ }
class { 'webserver': }
}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp b/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp
index a8924c0..172c02e 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp
@@ -26,11 +26,12 @@ define sunet::ici_ca($pkcs11_module="/usr/lib/softhsm/libsofthsm.so",
}
}
-define sunet::ici_ca::autosign($autosign_dir=undef,
+define sunet::ici_ca::autosign($ca=undef,
+ $autosign_dir=undef,
$autosign_type="client")
{
cron {'ici_autosign_${name}':
- command => "test -f /var/lib/ici/${name}/ca.crt && /usr/bin/ici ${name} issue -t ${autosign_type} ${autosign_dir}",
+ command => "test -f /var/lib/ici/${ca}/ca.crt && /usr/bin/ici ${ca} issue -t ${autosign_type} ${autosign_dir}",
user => "root",
minute => "*/5"
}