-
Fabien Combernous authoredFabien Combernous authored
Reference
Table of Contents
Classes
Public Classes
-
cfssl: Install and configure CFSSL, serve process and CRL generation. -
cfssl::ca::gencrls: Creates services to generate CRL for a list of CA -
cfssl::ca::intermediates: Createscfssl::ca::intermediatedefined types. -
cfssl::ca::root: Init a selfsigned root authority -
cfssl::params: A short summary of the purpose of this class
Private Classes
-
cfssl::goose: Installs Goose, a database migration tool used by CFSSL
Defined types
Public Defined types
-
cfssl::ca::intermediate: Creates an intermediate authority signed by root authority
Private Defined types
-
cfssl::ca::gencrl: Creates a service to generate CRL for a CA
Creates a service to generate CRL for a CA
Data types
-
Cfssl::Authkey: Struct representing authentication key used by CFSSL serve during sign requests -
Cfssl::Ca::Key: Cryptographic algorithm used for creating key pairs. -
Cfssl::Serveconfig: Struct representing CFSSL serve configuration -
Cfssl::Signing::Profile: Struct describing a profile in CFSSL serve config file. -
Cfssl::Usage: List of usages accepted by CFSSL for X509 certificat
Classes
cfssl
Install and configure CFSSL, serve process and CRL generation.
Examples
class { 'cfssl':
rootca_manifest => {
cn => 'MYEXEMPLE ROOT CA',
subject => {
'C' => 'FR',
'L' => 'MONTPELLIER',
'O' => 'MYEXEMPLE ORG',
},
},
intermediatesca => {
'MYEXEMPLE INTERMDIATE CA' => {
subject => {
'C' => 'FR',
'L' => 'MONTPELLIER',
'O' => 'MYEXEMPLE ORG',
},
},
},
serve_ca => 'MYEXEMPLE INTERMDIATE CA',
crl_manage => true,
}Parameters
The following parameters are available in the cfssl class:
downloadurlversiondownloadchecksumchecksum_typesysuser_managesysusersysgroupbinding_ipportlog_levellogdirdbnamedbuserdbpasswordconfdirbinpathrootca_manifestintermediatescaserve_configcrl_managecrldircrldir_managecrl_expirycrl_gentimercrl_extensionserve_ca
downloadurl
Data type: Stdlib::HTTPSUrl
CFSSL download URL
Default value: 'https://github.com/cloudflare/cfssl/releases/download'
version
Data type: String[1]
Downloaded version of CFSSL binary
Default value: '1.6.3'
downloadchecksum
Data type: String[1]
Checksum of CFSSL binary
Default value: '16b42bfc592dc4d0ba1e51304f466cae7257edec13743384caf4106195ab6047'
checksum_type
Data type: Enum['md5', 'sha1', 'sha2','sha256', 'sha384', 'sha512']
Type of checksum used
Default value: 'sha256'
sysuser_manage
Data type: Boolean
To enable/disable the creation of sysuser and sysgroup. To permit manage users by external process.
Default value: true
sysuser
Data type: String[1]
Operating system user account owner of CFSSL files
Default value: 'cfssl'
sysgroup
Data type: String[1]
Operating system group owner of CFSSL files
Default value: 'cfssl'
binding_ip
Data type: Stdlib::IP::Address
IP adresse binded by CFSSL serve process.
Default value: '127.0.0.1'
port
Data type: Stdlib::Port
The port used by CFSSL serve process.
Default value: 8080
log_level
Data type: Enum['0','1','2','3','4']
The loglevel defined for CFSSL serve process.
Default value: '1'
logdir
Data type: Stdlib::Absolutepath
The directory where log are written.
Default value: '/var/log/cfssl'
dbname
Data type: String[1]
The name of database used by CFSSL.
Default value: 'db_cfssl'
dbuser
Data type: String[1]
A Postgresql role used by CFSSL to connect the database.
Default value: 'u_cfssl'
dbpassword
Data type: Variant[String[1], Sensitive[String]]
A password of the dbuser.
Default value: ('changeme')
confdir
Data type: Stdlib::Absolutepath
The directory where configurations are written.
Default value: '/etc/cfssl'
binpath
Data type: Stdlib::Absolutepath
The path when CFSSL binaries are.
Default value: '/usr/local/bin'
rootca_manifest
Data type: Hash