summaryrefslogtreecommitdiff
path: root/global/overlay/etc/puppet/modules
diff options
context:
space:
mode:
Diffstat (limited to 'global/overlay/etc/puppet/modules')
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp34
-rw-r--r--global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb8
2 files changed, 42 insertions, 0 deletions
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp b/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp
new file mode 100644
index 0000000..b4175a9
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp
@@ -0,0 +1,34 @@
+define sunet::ici_ca($pkcs11_module="/usr/lib/softhsm/libsofthsm.so",
+ $pkcs11_pin=undef,
+ $pkcs11_key_slot="0",
+ $pkcs11_key_id="abcd",
+ $autosign_dir=undef,
+ $autosign_type="peer",
+ $public_repo_url=undef,
+ $public_repo_dir=undef)
+{
+ apt::ppa {'ppa:leifj/ici': } ->
+ package { 'ici': ensure => latest } ->
+ exec { '${name}_setup_ca':
+ command => "/usr/bin/ici ${name} init",
+ creates => "/var/lib/ici/${name}"
+ } ->
+ file { '${name}_ca_config':
+ path => "/var/lib/ici/${name}/ca.config",
+ content => template("sunet/ici_ca/ca.config.erb")
+ } ->
+ if ($autosign_dir) {
+ cron {'ici_autosign':
+ command => "test -f /var/lib/ici/${name}/ca.crt && /usr/bin/ici ${name} -t ${autosign_type} issue ${autosign_dir}"
+ user => "root",
+ minut => "*/5"
+ }
+ }
+ if ($public_repo_dir && $public_repo_url) {
+ cron {'ici_publish':
+ command => "test -f /var/lib/ici/${name}/ca.crt && /usr/bin/ici ${name} publish ${public_repo}"
+ user => "root",
+ minut => "*/5"
+ }
+ }
+}
diff --git a/global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb b/global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb
new file mode 100644
index 0000000..86eb224
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb
@@ -0,0 +1,8 @@
+ICI_CA_KEY_ID=<%= @pkcs11_key_id %>
+ICI_CA_KEY_SLOT=<%= @pkcs11_key_slot %>
+ICI_PKCS11=<%= @pkcs11_module %>
+ICI_PKCS11_PIN=<%= @pkcs11_pin %>
+ICI_MD=sha256
+ICI_PUBLIC_URL=<%= @public_repo_url %>
+SOFTHSM_CONF=/var/lib/ici/<%= @name %>/softhsm.conf
+export SOFTHSM_CONF