Merge "Parameterize certificates in infracloud"

2016-08-25 15:03:16 +00:00 · 2016-08-25 15:03:16 +00:00 · 23e791aeb1
parent 3b186237d7 93a562cb39
commit 23e791aeb1
3 changed files with 41 additions and 54 deletions
--- a/manifests/cacert.pp
+++ b/manifests/cacert.pp
@ -2,61 +2,30 @@
 class infracloud::cacert (
  $cacert_content,
 ) {
-  case $::osfamily {
-    'Debian': {
-      file { '/usr/local/share/ca-certificates':
-        ensure => 'directory',
-        owner  => 'root',
-        group  => 'root',
-        mode   => '0755',
-      }
+  include ::infracloud::params

-      file { '/usr/local/share/ca-certificates/openstack_infra_ca.crt':
-        ensure  => present,
-        owner   => 'root',
-        group   => 'root',
-        mode    => '0444',
-        content =>  $cacert_content,
-        replace => true,
-        require => File['/usr/local/share/ca-certificates'],
-      }
+  file { $::infracloud::params::cert_path:
+    ensure => 'directory',
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0755',
+  }

-      exec { 'update-ca-certificates':
-        command     => '/usr/sbin/update-ca-certificates',
-        subscribe   => [
-          File['/usr/local/share/ca-certificates/openstack_infra_ca.crt'],
-        ],
-        refreshonly => true,
-      }
-    }
-    'Redhat': {
-      file { '/etc/pki/ca-trust/source/anchors':
-        ensure => 'directory',
-        owner  => 'root',
-        group  => 'root',
-        mode   => '0755',
-      }
+  file { "${::infracloud::params::cert_path}/openstack_infra_ca.crt":
+    ensure  => present,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0444',
+    content =>  $cacert_content,
+    replace => true,
+    require => File[$::infracloud::params::cert_path],
+  }

-      file { '/etc/pki/ca-trust/source/anchors/openstack_infra_ca.crt':
-        ensure  => present,
-        owner   => 'root',
-        group   => 'root',
-        mode    => '0444',
-        content =>  $cacert_content,
-        replace => true,
-        require => File['/etc/pki/ca-trust/source/anchors'],
-      }
-
-      exec { 'update-ca-certificates':
-        command     => '/usr/bin/update-ca-trust',
-        subscribe   => [
-          File['/etc/pki/ca-trust/source/anchors/openstack_infra_ca.crt'],
-        ],
-        refreshonly => true,
-      }
-    }
-    default: {
-      fail("Unsupported osfamily: ${::osfamily}. Only RedHat and Debian families are supported")
-    }
+  exec { 'update-ca-certificates':
+    command       => $::infracloud::params::cert_command,
+    subscribe     => [
+        File["${::infracloud::params::cert_path}/openstack_infra_ca.crt"],
+      ],
+      refreshonly => true,
  }
 }
--- a/manifests/controller.pp
+++ b/manifests/controller.pp
@ -26,7 +26,9 @@ class infracloud::controller(

  $keystone_auth_uri = "https://${controller_public_address}:5000"
  $keystone_admin_uri = "https://${controller_public_address}:35357"
-  $ssl_cert_path = '/usr/local/share/ca-certificates/openstack_infra_ca.crt'
+
+  include ::infracloud::params
+  $ssl_cert_path = "${::infracloud::params::cert_path}/openstack_infra_ca.crt"

  ### Certificate Chain ###

--- a/manifests/params.pp
+++ b/manifests/params.pp
@ -0,0 +1,16 @@
+# common parameters to be reused in infracloud
+class infracloud::params {
+  case $::osfamily {
+    'Debian': {
+      $cert_path = '/usr/local/share/ca-certificates'
+      $cert_command = '/usr/bin/update-ca-certificates'
+    }
+    'Redhat': {
+      $cert_path = '/etc/pki/ca-trust/source/anchors'
+      $cert_command = '/usr/bin/update-ca-trust'
+    }
+    default: {
+        fail('Only Debian and RedHat distros are supported.')
+    }
+  }
+}