Skip to content
Snippets Groups Projects
Commit 67d85ee3 authored by Fabien Combernous's avatar Fabien Combernous
Browse files

add parameter crldir_manage

parent 130febb3
No related branches found
No related tags found
1 merge request!18Resolve "add crldir_manage parameter"
Pipeline #35953 canceled
Stage: syntax
Stage: unit
Stage: acceptance
Hide whitespace changes
Inline Side-by-side
REFERENCE.md
+ 9
0
View file @ 67d85ee3
......@@ -96,6 +96,7 @@ The following parameters are available in the `cfssl` class:
* [`serve_config`](#serve_config)
* [`crl_manage`](#crl_manage)
* [`crldir`](#crldir)
* [`crldir_manage`](#crldir_manage)
* [`crl_expiry`](#crl_expiry)
* [`crl_gentimer`](#crl_gentimer)
* [`crl_extension`](#crl_extension)
......@@ -261,6 +262,14 @@ A directory where the CRL file is written.
Default value: `'/var/cfssl'`
##### <a name="crldir_manage"></a>`crldir_manage`
Data type: `Boolean`
Determines whether Puppet manages the `crldir` directory.
Default value: ``true``
##### <a name="crl_expiry"></a>`crl_expiry`
Data type: `Integer`
......
manifests/init.pp
+ 13
1
View file @ 67d85ee3
......@@ -45,6 +45,7 @@
# @param serve_config The configuration of CFSSL serve process.
# @param crl_manage If true a CRL file is generated from the served autority.
# @param crldir A directory where the CRL file is written.
# @param crldir_manage Determines whether Puppet manages the `crldir` directory.
# @param crl_expiry A value, in seconds, after which the CRL should expire from the moment of the request
# @param crl_gentimer Systemd timer https://www.freedesktop.org/software/systemd/man/systemd.time.html
# @param crl_extension The filename extension suffix used form generated CRL.
......@@ -71,6 +72,7 @@ class cfssl (
Cfssl::Serveconfig $serve_config = { signing => { 'default' => { expiry => '1h', usages => ['client auth'] } } },
Boolean $crl_manage = false,
Stdlib::Absolutepath $crldir = '/var/cfssl',
Boolean $crldir_manage = true,
Integer $crl_expiry = 604800,
String[1] $crl_gentimer = '*:00:00',
String[1] $crl_extension = 'pem',
......@@ -129,7 +131,7 @@ class cfssl (
}
}
file { [$confdir, "${confdir}/ca", $logdir, $crldir]:
file { [$confdir, "${confdir}/ca", $logdir]:
ensure => directory,
mode => '0700',
owner => $sysuser,
......@@ -137,6 +139,16 @@ class cfssl (
require => User[$sysuser],
}
if $crldir_manage {
file { $crldir:
ensure => directory,
mode => '0700',
owner => $sysuser,
group => $sysgroup,
require => User[$sysuser],
}
}
postgresql::server::db { $dbname:
user => $dbuser,
password => postgresql::postgresql_password($dbuser, $dbpassword),
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment