Merge "Parameterize certificates in infracloud"
This commit is contained in:
commit
23e791aeb1
|
@ -2,61 +2,30 @@
|
|||
class infracloud::cacert (
|
||||
$cacert_content,
|
||||
) {
|
||||
case $::osfamily {
|
||||
'Debian': {
|
||||
file { '/usr/local/share/ca-certificates':
|
||||
ensure => 'directory',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
}
|
||||
include ::infracloud::params
|
||||
|
||||
file { '/usr/local/share/ca-certificates/openstack_infra_ca.crt':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
content => $cacert_content,
|
||||
replace => true,
|
||||
require => File['/usr/local/share/ca-certificates'],
|
||||
}
|
||||
file { $::infracloud::params::cert_path:
|
||||
ensure => 'directory',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
}
|
||||
|
||||
exec { 'update-ca-certificates':
|
||||
command => '/usr/sbin/update-ca-certificates',
|
||||
subscribe => [
|
||||
File['/usr/local/share/ca-certificates/openstack_infra_ca.crt'],
|
||||
],
|
||||
refreshonly => true,
|
||||
}
|
||||
}
|
||||
'Redhat': {
|
||||
file { '/etc/pki/ca-trust/source/anchors':
|
||||
ensure => 'directory',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
}
|
||||
file { "${::infracloud::params::cert_path}/openstack_infra_ca.crt":
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
content => $cacert_content,
|
||||
replace => true,
|
||||
require => File[$::infracloud::params::cert_path],
|
||||
}
|
||||
|
||||
file { '/etc/pki/ca-trust/source/anchors/openstack_infra_ca.crt':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
content => $cacert_content,
|
||||
replace => true,
|
||||
require => File['/etc/pki/ca-trust/source/anchors'],
|
||||
}
|
||||
|
||||
exec { 'update-ca-certificates':
|
||||
command => '/usr/bin/update-ca-trust',
|
||||
subscribe => [
|
||||
File['/etc/pki/ca-trust/source/anchors/openstack_infra_ca.crt'],
|
||||
],
|
||||
refreshonly => true,
|
||||
}
|
||||
}
|
||||
default: {
|
||||
fail("Unsupported osfamily: ${::osfamily}. Only RedHat and Debian families are supported")
|
||||
}
|
||||
exec { 'update-ca-certificates':
|
||||
command => $::infracloud::params::cert_command,
|
||||
subscribe => [
|
||||
File["${::infracloud::params::cert_path}/openstack_infra_ca.crt"],
|
||||
],
|
||||
refreshonly => true,
|
||||
}
|
||||
}
|
||||
|
|
|
@ -26,7 +26,9 @@ class infracloud::controller(
|
|||
|
||||
$keystone_auth_uri = "https://${controller_public_address}:5000"
|
||||
$keystone_admin_uri = "https://${controller_public_address}:35357"
|
||||
$ssl_cert_path = '/usr/local/share/ca-certificates/openstack_infra_ca.crt'
|
||||
|
||||
include ::infracloud::params
|
||||
$ssl_cert_path = "${::infracloud::params::cert_path}/openstack_infra_ca.crt"
|
||||
|
||||
### Certificate Chain ###
|
||||
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
# common parameters to be reused in infracloud
|
||||
class infracloud::params {
|
||||
case $::osfamily {
|
||||
'Debian': {
|
||||
$cert_path = '/usr/local/share/ca-certificates'
|
||||
$cert_command = '/usr/bin/update-ca-certificates'
|
||||
}
|
||||
'Redhat': {
|
||||
$cert_path = '/etc/pki/ca-trust/source/anchors'
|
||||
$cert_command = '/usr/bin/update-ca-trust'
|
||||
}
|
||||
default: {
|
||||
fail('Only Debian and RedHat distros are supported.')
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue