diff options
| -rw-r--r-- | global/overlay/etc/puppet/manifests/cosmos-site.pp | 8 | ||||
| -rw-r--r-- | global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp | 5 |
2 files changed, 10 insertions, 3 deletions
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index eb2781e..a519ccf 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -815,7 +815,7 @@ node 'web-a1.sunet.se' { } node 'ca.sunet.se' { - file { ["/var/www","/var/www/html","/var/lib/ca","/var/lib/ca/infra","/var/lib/ca/infra/requests","/var/lib/ca/infra/requests/client"]: ensure => directory } -> + file { ["/var/www","/var/www/html","/var/lib/ca","/var/lib/ca/infra","/var/lib/ca/infra/requests","/var/lib/ca/infra/requests/client","/var/lib/ca/infra/requests/server"]: ensure => directory } -> class { 'sunet::dockerhost': } -> sunet::docker_run { "ca.sunet.se_apache": image => 'httpd', @@ -829,8 +829,14 @@ node 'ca.sunet.se' { public_repo_dir => "/var/www/html/infra" } sunet::ici_ca::autosign{"infra_ca_clients": + ca => "infra_ca", autosign_dir => "/var/lib/ca/infra/requests/client", autosign_type => "client", } + sunet::ici_ca::autosign{"infra_ca_servers": + ca => "infra_ca", + autosign_dir => "/var/lib/ca/infra/requests/server", + autosign_type => "server", + } class { 'webserver': } } diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp b/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp index a8924c0..172c02e 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp @@ -26,11 +26,12 @@ define sunet::ici_ca($pkcs11_module="/usr/lib/softhsm/libsofthsm.so", } } -define sunet::ici_ca::autosign($autosign_dir=undef, +define sunet::ici_ca::autosign($ca=undef, + $autosign_dir=undef, $autosign_type="client") { cron {'ici_autosign_${name}': - command => "test -f /var/lib/ici/${name}/ca.crt && /usr/bin/ici ${name} issue -t ${autosign_type} ${autosign_dir}", + command => "test -f /var/lib/ici/${ca}/ca.crt && /usr/bin/ici ${ca} issue -t ${autosign_type} ${autosign_dir}", user => "root", minute => "*/5" } |