feat: manage puppetca
- manage the puppet ca.cfg - distribute the crl.pem from the puppetca to masters
This commit is contained in:
@@ -0,0 +1,35 @@
|
||||
# Class: profiles::puppet::puppetca
|
||||
#
|
||||
# This class manages Puppet CA
|
||||
class profiles::puppet::puppetca (
|
||||
Boolean $allow_subject_alt_names = false,
|
||||
Boolean $allow_authorization_extensions = false,
|
||||
Boolean $enable_infra_crl = false,
|
||||
Boolean $is_puppetca = false,
|
||||
) {
|
||||
|
||||
# manage the ca.cfg file
|
||||
file { '/etc/puppetlabs/puppetserver/conf.d/ca.conf':
|
||||
ensure => 'file',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => template('profiles/puppet/puppet_ca.cfg.erb'),
|
||||
notify => Service['puppetserver'],
|
||||
}
|
||||
|
||||
# manage the crl file
|
||||
if $is_puppetca {
|
||||
# export the puppet crl.pem
|
||||
@@file { '/etc/puppetlabs/puppet/ssl/crl.pem':
|
||||
ensure => file,
|
||||
content => file('/etc/puppetlabs/puppet/ssl/crl.pem'),
|
||||
tag => 'crl_pem_export',
|
||||
}
|
||||
}else{
|
||||
# import the puppet crl.pem
|
||||
File <<| tag == 'crl_pem_export' |>> {
|
||||
require => Service['puppetserver'],
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user