feat: add incus auto-client certificate trust (#406)

- add fact to export vault public cert from agents
- add fact to export list of trusted incus client certs
- add method for incus clients to export their client cert to be trusted

Reviewed-on: #406
This commit was merged in pull request #406.
This commit is contained in:
2025-10-17 22:46:26 +11:00
parent fac90c66db
commit d8b354558d
7 changed files with 125 additions and 0 deletions
+16
View File
@@ -0,0 +1,16 @@
# incus::client
#
# This class configures a host as an incus client and exports its certificate
# for automatic trust management on incus servers.
#
class incus::client {
# Export this client's certificate for collection by incus servers
@@incus::client_cert { $facts['networking']['fqdn']:
hostname => $facts['networking']['fqdn'],
certificate => $facts['vault_cert_content'],
fingerprint => $facts['vault_cert_fingerprint'],
tag => 'incus_client',
}
}