feat: automatically generate vault certs

- certificate will be generated for:
  - fqdn
  - hostname
  - primary ip address
  - localhost
  - 127.0.0.1
- update base profile to generate vault certificate for all
- create facts for use with vault_certs
This commit is contained in:
2024-02-25 19:13:46 +11:00
parent bc3084a1e7
commit 8009b59514
4 changed files with 143 additions and 0 deletions
@@ -0,0 +1,15 @@
# frozen_string_literal: true
# lib/facter/vault_cert_altnames.rb
require 'puppet'
Facter.add('vault_cert_altnames') do
setcode do
alt_names_file = '/etc/pki/tls/vault/alt_names'
if File.exist?(alt_names_file)
File.read(alt_names_file).split("\n")
else
[]
end
end
end
@@ -0,0 +1,21 @@
# frozen_string_literal: true
# lib/facter/vault_cert_expiring.rb
require 'puppet'
Facter.add(:vault_cert_expiring) do
setcode do
require 'openssl'
cert_path = '/etc/pki/tls/vault/certificate.crt'
if File.exist?(cert_path)
# If the certificate file exists, check its expiration
cert = OpenSSL::X509::Certificate.new(File.read(cert_path))
cert_expiry = cert.not_after
days_remaining = (cert_expiry - Time.now).to_i / (24 * 60 * 60)
days_remaining < 30
else
# Report true if the certificate file does not exist
true
end
end
end