-
-
Notifications
You must be signed in to change notification settings - Fork 51
/
init.pp
91 lines (84 loc) · 2.49 KB
/
init.pp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
# == Class: ca_cert
#
# This module manages the user installed certificate authority (CA)
# certificates installed on the server. It does not manage operating
# system defaults CA certificates.
#
# === Parameters
#
# [*always_update_certs*]
# Run the appropriate update CA certificates command for your operating
# system on every Puppet run whether it is needed or not.
# [*purge_unmanaged_CAs*]
# When set to true (default: false), user installed CA
# certificates (in the appropriate directories) not managed by this
# module will be purged.
# [*install_package*]
# Whether or not this module should install the ca_certificates package.
# The package contains the system default (typically Mozilla) CA
# certificates, as well as the tools required for managing other installed
# CA certificates.
# [*ca_certs*]
# A hash of CA certificates that should be installed as part of the class
# declaration
# [*package_ensure*]
# The ensure parameter to pass to the package resource
#
# === Examples
#
# class { 'ca_cert': }
#
# class { 'ca_cert':
# manage_all_user_CAs => true,
# }
#
# === Authors
#
# Phil Fenstermacher <[email protected]>
#
class ca_cert (
Boolean $always_update_certs = false,
Boolean $purge_unmanaged_CAs = false,
Boolean $install_package = true,
Hash $ca_certs = {},
String $package_ensure = present,
String $package_name = $ca_cert::params::package_name,
) inherits ca_cert::params {
include ::ca_cert::params
include ::ca_cert::update
if $always_update_certs == true {
Exec <| title=='ca_cert_update' |> {
refreshonly => false,
}
}
if $install_package {
Class['::ca_cert'] -> Ca_cert::Ca <| |>
}
$trusted_cert_dir = $ca_cert::params::trusted_cert_dir
$cert_dir_group = $ca_cert::params::cert_dir_group
$cert_dir_mode = $ca_cert::params::cert_dir_mode
file { 'trusted_certs':
ensure => directory,
path => $trusted_cert_dir,
owner => 'root',
group => $cert_dir_group,
mode => $cert_dir_mode,
purge => $purge_unmanaged_CAs,
recurse => $purge_unmanaged_CAs,
notify => Exec['ca_cert_update'],
}
if $install_package == true {
if $package_ensure == present or $package_ensure == installed {
ensure_packages([$package_name])
}
else {
package { 'ca-certificates':
ensure => $package_ensure,
name => $package_name,
}
}
}
if !empty($ca_certs) {
create_resources('ca_cert::ca', $ca_certs)
}
}