From f631f7d41e5a2f12ae311ed901228f41537bed52 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Thu, 19 Mar 2015 14:46:53 +0100
Subject: ca setup

---
 .../etc/puppet/modules/sunet/manifests/ici_ca.pp   | 34 ++++++++++++++++++++++
 .../modules/sunet/templates/ici_ca/ca.config.erb   |  8 +++++
 2 files changed, 42 insertions(+)
 create mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp
 create mode 100644 global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb

(limited to 'global/overlay/etc/puppet/modules')

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp b/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp
new file mode 100644
index 0000000..b4175a9
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp
@@ -0,0 +1,34 @@
+define sunet::ici_ca($pkcs11_module="/usr/lib/softhsm/libsofthsm.so",
+                     $pkcs11_pin=undef,
+                     $pkcs11_key_slot="0",
+                     $pkcs11_key_id="abcd",
+                     $autosign_dir=undef,
+                     $autosign_type="peer",
+                     $public_repo_url=undef,
+                     $public_repo_dir=undef)
+{
+   apt::ppa {'ppa:leifj/ici': } ->
+   package { 'ici': ensure => latest } ->
+   exec { '${name}_setup_ca':
+      command => "/usr/bin/ici ${name} init",
+      creates => "/var/lib/ici/${name}"
+   } ->
+   file { '${name}_ca_config':
+      path => "/var/lib/ici/${name}/ca.config",
+      content => template("sunet/ici_ca/ca.config.erb")
+   } ->
+   if ($autosign_dir) {
+      cron {'ici_autosign':
+         command => "test -f /var/lib/ici/${name}/ca.crt && /usr/bin/ici ${name} -t ${autosign_type} issue ${autosign_dir}"
+         user    => "root",
+         minut   => "*/5"
+      }
+   }
+   if ($public_repo_dir && $public_repo_url) {
+      cron {'ici_publish':
+         command => "test -f /var/lib/ici/${name}/ca.crt && /usr/bin/ici ${name} publish ${public_repo}"
+         user    => "root",
+         minut   => "*/5"
+      }
+   }
+}
diff --git a/global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb b/global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb
new file mode 100644
index 0000000..86eb224
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb
@@ -0,0 +1,8 @@
+ICI_CA_KEY_ID=<%= @pkcs11_key_id %>
+ICI_CA_KEY_SLOT=<%= @pkcs11_key_slot %>
+ICI_PKCS11=<%= @pkcs11_module %>
+ICI_PKCS11_PIN=<%= @pkcs11_pin %>
+ICI_MD=sha256
+ICI_PUBLIC_URL=<%= @public_repo_url %>
+SOFTHSM_CONF=/var/lib/ici/<%= @name %>/softhsm.conf
+export SOFTHSM_CONF
-- 
cgit v1.1