diff options
Diffstat (limited to 'global/overlay/etc/puppet/modules/sunet')
-rw-r--r-- | global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp | 34 | ||||
-rw-r--r-- | global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb | 8 |
2 files changed, 42 insertions, 0 deletions
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp b/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp new file mode 100644 index 0000000..b4175a9 --- /dev/null +++ b/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp @@ -0,0 +1,34 @@ +define sunet::ici_ca($pkcs11_module="/usr/lib/softhsm/libsofthsm.so", + $pkcs11_pin=undef, + $pkcs11_key_slot="0", + $pkcs11_key_id="abcd", + $autosign_dir=undef, + $autosign_type="peer", + $public_repo_url=undef, + $public_repo_dir=undef) +{ + apt::ppa {'ppa:leifj/ici': } -> + package { 'ici': ensure => latest } -> + exec { '${name}_setup_ca': + command => "/usr/bin/ici ${name} init", + creates => "/var/lib/ici/${name}" + } -> + file { '${name}_ca_config': + path => "/var/lib/ici/${name}/ca.config", + content => template("sunet/ici_ca/ca.config.erb") + } -> + if ($autosign_dir) { + cron {'ici_autosign': + command => "test -f /var/lib/ici/${name}/ca.crt && /usr/bin/ici ${name} -t ${autosign_type} issue ${autosign_dir}" + user => "root", + minut => "*/5" + } + } + if ($public_repo_dir && $public_repo_url) { + cron {'ici_publish': + command => "test -f /var/lib/ici/${name}/ca.crt && /usr/bin/ici ${name} publish ${public_repo}" + user => "root", + minut => "*/5" + } + } +} diff --git a/global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb b/global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb new file mode 100644 index 0000000..86eb224 --- /dev/null +++ b/global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb @@ -0,0 +1,8 @@ +ICI_CA_KEY_ID=<%= @pkcs11_key_id %> +ICI_CA_KEY_SLOT=<%= @pkcs11_key_slot %> +ICI_PKCS11=<%= @pkcs11_module %> +ICI_PKCS11_PIN=<%= @pkcs11_pin %> +ICI_MD=sha256 +ICI_PUBLIC_URL=<%= @public_repo_url %> +SOFTHSM_CONF=/var/lib/ici/<%= @name %>/softhsm.conf +export SOFTHSM_CONF |