feat: automatically generate vault certs
- certificate will be generated for: - fqdn - hostname - primary ip address - localhost - 127.0.0.1 - update base profile to generate vault certificate for all - create facts for use with vault_certs
This commit is contained in:
@@ -0,0 +1,15 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
# lib/facter/vault_cert_altnames.rb
|
||||
require 'puppet'
|
||||
|
||||
Facter.add('vault_cert_altnames') do
|
||||
setcode do
|
||||
alt_names_file = '/etc/pki/tls/vault/alt_names'
|
||||
if File.exist?(alt_names_file)
|
||||
File.read(alt_names_file).split("\n")
|
||||
else
|
||||
[]
|
||||
end
|
||||
end
|
||||
end
|
||||
@@ -0,0 +1,21 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
# lib/facter/vault_cert_expiring.rb
|
||||
require 'puppet'
|
||||
|
||||
Facter.add(:vault_cert_expiring) do
|
||||
setcode do
|
||||
require 'openssl'
|
||||
cert_path = '/etc/pki/tls/vault/certificate.crt'
|
||||
if File.exist?(cert_path)
|
||||
# If the certificate file exists, check its expiration
|
||||
cert = OpenSSL::X509::Certificate.new(File.read(cert_path))
|
||||
cert_expiry = cert.not_after
|
||||
days_remaining = (cert_expiry - Time.now).to_i / (24 * 60 * 60)
|
||||
days_remaining < 30
|
||||
else
|
||||
# Report true if the certificate file does not exist
|
||||
true
|
||||
end
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user