-
Notifications
You must be signed in to change notification settings - Fork 11
/
deploy.pp
107 lines (95 loc) · 2.59 KB
/
deploy.pp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# Deploy collected certificate and CA files.
#
# @summary Deploy collected certificate and CA files.
#
# @example
# dehydrated::certificate::deploy { 'namevar': }
#
# @api private
#
define dehydrated::certificate::deploy (
Dehydrated::DN $dn = $name,
Optional[String] $key_password = undef,
) {
if ! defined(Class['dehydrated']) {
fail('You must include the dehydrated base class first.')
}
require dehydrated::setup
$dehydrated_domains = $facts['dehydrated_domains']
$_config = $dehydrated_domains[$dn]
$base_filename = $_config['base_filename']
$base_dir = $dehydrated::base_dir
$csr_dir = $dehydrated::csr_dir
$key_dir = $dehydrated::key_dir
$crt_dir = $dehydrated::crt_dir
$cnf = "${base_dir}/${base_filename}.cnf"
$crt = "${crt_dir}/${base_filename}.crt"
$key = "${key_dir}/${base_filename}.key"
$pfx = "${key_dir}/${base_filename}.pfx"
$csr = "${csr_dir}/${base_filename}.csr"
$dh = "${crt_dir}/${base_filename}.dh"
$ca = "${crt_dir}/${base_filename}_ca.pem"
$crt_full_chain = "${crt_dir}/${base_filename}_fullchain.pem"
$crt_full_chain_with_key = "${key_dir}/${base_filename}_fullchain_with_key.pem"
Concat {
owner => $dehydrated::user,
group => $dehydrated::group,
}
concat { $crt_full_chain :
mode => '0644',
}
concat { $crt_full_chain_with_key :
mode => '0640',
notify => Dehydrated_pfx[$pfx],
}
concat::fragment { "${dn}_key" :
target => $crt_full_chain_with_key,
source => $key,
order => '01',
require => Dehydrated_key[$key],
}
concat::fragment { "${dn}_fullchain" :
target => $crt_full_chain_with_key,
source => $crt_full_chain,
order => '10',
subscribe => Concat[$crt_full_chain],
}
concat::fragment { "${dn}_crt" :
target => $crt_full_chain,
source => $crt,
order => '10',
require => File[$crt],
}
concat::fragment { "${dn}_dh" :
target => $crt_full_chain,
source => $dh,
order => '30',
require => File[$dh],
}
concat::fragment { "${dn}_ca" :
target => $crt_full_chain,
source => $ca,
order => '50',
require => File[$ca],
}
if ($dehydrated::build_pfx_files) {
$dehydrated_pfx_ensure = 'present'
} else {
$dehydrated_pfx_ensure = 'absent'
}
dehydrated_pfx { $pfx:
ensure => $dehydrated_pfx_ensure,
pkcs12_name => $dn,
key_password => $key_password,
password => $key_password,
ca => $ca,
certificate => $crt,
private_key => $key,
require => [
File[$crt],
File[$ca],
File[$key],
Dehydrated_key[$key],
],
}
}