From f631f7d41e5a2f12ae311ed901228f41537bed52 Mon Sep 17 00:00:00 2001 From: Leif Johansson <leifj@sunet.se> Date: Thu, 19 Mar 2015 14:46:53 +0100 Subject: ca setup --- .../etc/puppet/modules/sunet/manifests/ici_ca.pp | 34 ++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp (limited to 'global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp b/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp new file mode 100644 index 0000000..b4175a9 --- /dev/null +++ b/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp @@ -0,0 +1,34 @@ +define sunet::ici_ca($pkcs11_module="/usr/lib/softhsm/libsofthsm.so", + $pkcs11_pin=undef, + $pkcs11_key_slot="0", + $pkcs11_key_id="abcd", + $autosign_dir=undef, + $autosign_type="peer", + $public_repo_url=undef, + $public_repo_dir=undef) +{ + apt::ppa {'ppa:leifj/ici': } -> + package { 'ici': ensure => latest } -> + exec { '${name}_setup_ca': + command => "/usr/bin/ici ${name} init", + creates => "/var/lib/ici/${name}" + } -> + file { '${name}_ca_config': + path => "/var/lib/ici/${name}/ca.config", + content => template("sunet/ici_ca/ca.config.erb") + } -> + if ($autosign_dir) { + cron {'ici_autosign': + command => "test -f /var/lib/ici/${name}/ca.crt && /usr/bin/ici ${name} -t ${autosign_type} issue ${autosign_dir}" + user => "root", + minut => "*/5" + } + } + if ($public_repo_dir && $public_repo_url) { + cron {'ici_publish': + command => "test -f /var/lib/ici/${name}/ca.crt && /usr/bin/ici ${name} publish ${public_repo}" + user => "root", + minut => "*/5" + } + } +} -- cgit v1.1