feat: manage puppetca

- manage the puppet ca.cfg
- distribute the crl.pem from the puppetca to masters
This commit is contained in:
2024-05-03 21:29:25 +10:00
parent 052b07be83
commit df8a55c3dd
4 changed files with 49 additions and 0 deletions
@@ -0,0 +1,10 @@
certificate-authority: {
# allow CA to sign certificate requests that have subject alternative names.
allow-subject-alt-names: <%= @allow_subject_alt_names %>
# allow CA to sign certificate requests that have authorization extensions.
allow-authorization-extensions: <%= @allow_authorization_extensions %>
# enable the separate CRL for Puppet infrastructure nodes
enable-infra-crl: <%= @enable_infra_crl %>
}