Page Menu
Home
Software Heritage
Search
Configure Global Search
Log In
Files
F9125444
domain.pp
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
3 KB
Subscribers
None
domain.pp
View Options
# == Define hitch::domain
#
# This define installs pem files to the config root, and configures
# them in the hitch config file.
#
# The CA certificate (if present), server certificate, key and DH
# parameters are concatenated, and placed in the hitch configuration.
#
# You can specify cacert, cert and key with either _content or _source
# suffix.
#
# Parameters:
#
# @param ensure [Enum['present','absent']]
# The desired state of the hitch domain. Default is 'present'.
#
# @param default [Boolean]
# If there are multiple domains, set this to true to make this the
# default domain used by hitch. If there is only one domain, it
# will be the default domain no matter what you set here. Defaults
# to false.
#
# @param [Optional[String]] cacert_content
# A PEM encoded CA certificate.
#
# @param [Optional[Stdlib::Filesource]] cacert_source
# Path to a PEM encoded CA certificate.
#
# @param [Optional[String]] cert_content
# A PEM encoded certificate. This must be a certificate matching the
# key.
#
# @param [Optional[Stdlib::Filesource]] cert_source
# Path to a PEM encoded certificate. This must be a certificate
# matching the key.
#
# @param [Optional[String]] key_content
# A PEM encoded key. This must be a key matching the certificate.
#
# @param [Optional[Stdlib::Filesource]] key_source
# Path to a PEM encoded key. This must be a key matching the
# certificate.
#
define
hitch
::
domain
(
Enum
[
'present'
,
'absent'
]
$ensure
=
present
,
Boolean
$default
=
false
,
Optional
[
String
]
$cert_content
=
undef
,
Optional
[
String
]
$key_content
=
undef
,
Optional
[
String
]
$cacert_content
=
undef
,
Optional
[
Stdlib
::
Filesource
]
$cert_source
=
undef
,
Optional
[
Stdlib
::
Filesource
]
$key_source
=
undef
,
Optional
[
Stdlib
::
Filesource
]
$cacert_source
=
undef
,
)
{
if
(
$key_content
and
$cert_content)
{
validate_x509_rsa_key_pair
(
$cert_content,
$key_content)
}
include
::
hitch
$config_root
=
$hitch::config_root
$config_file
=
$hitch::config_file
$dhparams_file
=
$hitch::dhparams_file
$pem_file="${config_root}/${title}.pem"
Concat
::
Fragment
{
notify
=>
Class
[
'hitch::service'
],
}
# Add a line to the hitch config file
concat
::
fragment
{
"hitch::domain ${title}"
:
target
=>
$config_file,
content
=>
"pem-file = \"
${pem_file}\"\n",
}
# Create the pem file, with (optional) ca certificate chain, a
# certificate, a key, and finally the dh parameters
concat
{
$pem_file:
ensure
=>
$ensure,
mode
=>
'0640'
,
owner
=>
$::hitch::file_owner,
group
=>
$::hitch::group,
notify
=>
Class
[
'hitch::service'
],
}
concat
::
fragment
{
"${title} key"
:
target
=>
$pem_file,
order
=>
'01'
,
content
=>
$key_content,
source
=>
$key_source,
}
concat
::
fragment
{
"${title} cert"
:
target
=>
$pem_file,
order
=>
'02'
,
content
=>
$cert_content,
source
=>
$cert_source,
}
if
(
$cacert_content
or
$cacert_source)
{
concat
::
fragment
{
"${title} cacert"
:
target
=>
$pem_file,
order
=>
'03'
,
content
=>
$cacert_content,
source
=>
$cacert_source,
}
}
concat
::
fragment
{
"${title} dhparams"
:
target
=>
$pem_file,
source
=>
$dhparams_file,
order
=>
'04'
,
}
}
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sat, Jun 21, 8:49 PM (3 w, 6 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3305351
Attached To
rSPHIT Hitch TLS proxy puppet module
Event Timeline
Log In to Comment