puppetlabs-puppetdb icon indicating copy to clipboard operation
puppetlabs-puppetdb copied to clipboard

Published 20 hours ago verified publisher icon puppetlabs

Should support specifying the paths to the SSL cert, key & CA

Open nogweii opened this issue 12 years ago • 0 comments

There doesn't seem to be a way to specify the path to the SSL certificate, key or CA. In the mean time, I've made this :tada: (many thanks to @insertjokehere for basicca)

  $puppetdb_keydir = '/etc/puppetdb/ssl'

  file { $puppetdb_keydir:
    ensure  => directory,
    require => Package[$puppetdb::params::puppetdb_package]
  }

  basicca::selfsignedcert { "puppetdbcert":
    keypath     => "${puppetdb_keydir}/private.key",
    csrpath     => "${puppetdb_keydir}/request.csr",
    certpath    => "${puppetdb_keydir}/public.crt",
    keysize     => 2048,
    issuelength => 365,
    subject     => "/commonName=${fqdn}/",
    require     => File[$puppetdb_keydir]
  }

  class { 'puppetdb': }

  ini_setting { 'puppetdb_ssl_key':
    path    => "${puppetdb::params::confdir}/jetty.ini",
    ensure  => present,
    section => 'jetty',
    setting => 'ssl-key',
    value   => "${puppetdb_keydir}/private.key",
    require => Basicca::Selfsignedcert['puppetdbcert'],
  }

  ini_setting { 'puppetdb_ssl_cert':
    path    => "${puppetdb::params::confdir}/jetty.ini",
    ensure  => present,
    section => 'jetty',
    setting => 'ssl-cert',
    value   => "${puppetdb_keydir}/public.crt",
    require => Basicca::Selfsignedcert['puppetdbcert'],
  }

  # Make sure the certs are generated before starting PuppetDB
  Basicca::Selfsignedcert['puppetdbcert'] ->
  Class['puppetdb::server::jetty_ini'] ->
  Ini_Setting['puppetdb_ssl_key'] ->
  Ini_Setting['puppetdb_ssl_cert'] ->
  Service[$puppetdb::params::puppetdb_service]

nogweii avatar Nov 27 '13 20:11 nogweii