diff options
Diffstat (limited to 'global/overlay/etc/puppet/modules/sunet/manifests')
-rw-r--r-- | global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp b/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp new file mode 100644 index 0000000..b4175a9 --- /dev/null +++ b/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp @@ -0,0 +1,34 @@ +define sunet::ici_ca($pkcs11_module="/usr/lib/softhsm/libsofthsm.so", + $pkcs11_pin=undef, + $pkcs11_key_slot="0", + $pkcs11_key_id="abcd", + $autosign_dir=undef, + $autosign_type="peer", + $public_repo_url=undef, + $public_repo_dir=undef) +{ + apt::ppa {'ppa:leifj/ici': } -> + package { 'ici': ensure => latest } -> + exec { '${name}_setup_ca': + command => "/usr/bin/ici ${name} init", + creates => "/var/lib/ici/${name}" + } -> + file { '${name}_ca_config': + path => "/var/lib/ici/${name}/ca.config", + content => template("sunet/ici_ca/ca.config.erb") + } -> + if ($autosign_dir) { + cron {'ici_autosign': + command => "test -f /var/lib/ici/${name}/ca.crt && /usr/bin/ici ${name} -t ${autosign_type} issue ${autosign_dir}" + user => "root", + minut => "*/5" + } + } + if ($public_repo_dir && $public_repo_url) { + cron {'ici_publish': + command => "test -f /var/lib/ici/${name}/ca.crt && /usr/bin/ici ${name} publish ${public_repo}" + user => "root", + minut => "*/5" + } + } +} |