From 04f5b572c986b88591ab5315faaa97c46e256924 Mon Sep 17 00:00:00 2001 From: Stephen Benjamin Date: Thu, 19 Feb 2015 10:44:45 +0100 Subject: [PATCH] refs #8175 - certificates for dispatch router --- manifests/capsule.pp | 1 + manifests/params.pp | 7 ++++ manifests/qpid_router.pp | 89 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 97 insertions(+) create mode 100644 manifests/qpid_router.pp diff --git a/manifests/capsule.pp b/manifests/capsule.pp index efa594c1..557178d1 100644 --- a/manifests/capsule.pp +++ b/manifests/capsule.pp @@ -26,6 +26,7 @@ class { 'certs::apache': hostname => $capsule_fqdn } class { 'certs::qpid': hostname => $capsule_fqdn } class { 'certs::pulp_child': hostname => $capsule_fqdn } + class { 'certs::qpid_router': hostname => $capsule_fqdn } if $certs_tar { certs::tar_create { $certs_tar: diff --git a/manifests/params.pp b/manifests/params.pp index e6f53328..8d180ce9 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -93,6 +93,13 @@ $messaging_client_cert = "${pki_dir}/qpid_client_striped.crt" + $qpid_dispatch_server_cert = "/etc/qpid-dispatch/server.crt" + $qpid_dispatch_client_cert = "/etc/qpid-dispatch/client.crt" + $qpid_dispatch_server_key = "/etc/qpid-dispatch/server.key" + $qpid_dispatch_client_key = "/etc/qpid-dispatch/client.key" + $qpid_dispatch_owner = "qpidd" + $qpid_dispatch_group = "root" + $pulp_server_ca_cert = '/etc/pki/pulp/server_ca.crt' # Pulp expects the node certificate to be located on this very location $nodes_cert_dir = '/etc/pki/pulp/nodes' diff --git a/manifests/qpid_router.pp b/manifests/qpid_router.pp new file mode 100644 index 00000000..d895131c --- /dev/null +++ b/manifests/qpid_router.pp @@ -0,0 +1,89 @@ +# Constains certs specific configurations for qpid_dispatch +class certs::qpid_router( + $hostname = $::certs::node_fqdn, + $generate = $::certs::generate, + $regenerate = $::certs::regenerate, + $deploy = $::certs::deploy, + $server_cert = $::certs::qpid_dispatch_server_cert, + $client_cert = $::certs::qpid_dispatch_client_cert, + $server_key = $::certs::qpid_dispatch_server_key, + $client_key = $::certs::qpid_dispatch_client_key, + $owner = $::certs::qpid_dispatch_owner, + $group = $::certs::qpid_dispatch_group, +) inherits certs::params { + + $server_keypair = "${hostname}-qdrouterd-server" + $client_keypair = "${hostname}-qdrouterd-client" + + cert { $server_keypair: + ensure => present, + hostname => $hostname, + country => $::certs::country, + state => $::certs::state, + city => $::certs::sity, + org => 'dispatch server', + org_unit => $::certs::org_unit, + expiration => $::certs::expiration, + ca => $::certs::default_ca, + generate => $generate, + regenerate => $regenerate, + deploy => $deploy, + purpose => server, + password_file => $certs::ca_key_password_file, + } + + cert { $client_keypair: + ensure => present, + hostname => $hostname, + country => $::certs::country, + state => $::certs::state, + city => $::certs::sity, + org => 'dispatch client', + org_unit => $::certs::org_unit, + expiration => $::certs::expiration, + ca => $::certs::default_ca, + generate => $generate, + regenerate => $regenerate, + deploy => $deploy, + purpose => client, + password_file => $certs::ca_key_password_file, + } + + if $deploy { + Cert[$server_keypair] ~> + privkey { $server_key: + key_pair => Cert[$server_keypair] + } ~> + file { $server_key: + owner => $owner, + group => $group, + mode => '0640', + } ~> + pubkey { $server_cert: + key_pair => Cert[$server_keypair] + } ~> + file { $server_cert: + owner => $owner, + group => $group, + mode => '0640', + } + + Cert[$client_keypair] ~> + privkey { $client_key: + key_pair => Cert[$client_keypair] + } ~> + file { $client_key: + owner => $owner, + group => $group, + mode => '0640', + } ~> + pubkey { $client_cert: + key_pair => Cert[$client_keypair] + } ~> + file { $client_cert: + owner => $owner, + group => $group, + mode => '0640', + } + } +}