Merge pull request #45 from ehelms/refs-7745

Refs #7745: Deploy client cert bundle specifically for use by the Capsul...
theforeman · Jan 27, 2015 · a1e0bce · a1e0bce
2 parents ae87768 + 57f483a
commit a1e0bce
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 4 deletions.
diff --git a/manifests/apache.pp b/manifests/apache.pp
@@ -57,7 +57,7 @@
     } ->
     file { $apache_key:
       owner => $::apache::user,
-      group => $::foreman::group,
+      group => $::certs::group,
       mode  => '0440',
     } ->
     Service['httpd']

diff --git a/manifests/foreman_proxy.pp b/manifests/foreman_proxy.pp
@@ -15,6 +15,8 @@
   ) inherits certs::params {
 
   $proxy_cert_name = "${::certs::foreman_proxy::hostname}-foreman-proxy"
+  $foreman_proxy_client_cert_name = "${::certs::foreman_proxy::hostname}-foreman-proxy-client"
+  $foreman_proxy_ssl_client_bundle = "${certs::pki_dir}/private/${foreman_proxy_client_cert_name}-bundle.pem"
 
   if $::certs::server_cert {
     cert { $proxy_cert_name:
@@ -46,8 +48,6 @@
     }
   }
 
-  $foreman_proxy_client_cert_name = "${::certs::foreman_proxy::hostname}-foreman-proxy-client"
-
   # cert for authentication of foreman_proxy against foreman
   cert { $foreman_proxy_client_cert_name:
     hostname      => $::certs::foreman_proxy::hostname,
@@ -98,6 +98,14 @@
     pubkey { $foreman_ssl_ca_cert:
       key_pair => $::certs::server_ca
     } ~>
+    key_bundle { $foreman_proxy_ssl_client_bundle:
+      key_pair => Cert[$foreman_proxy_client_cert_name],
+    } ~>
+    file { $foreman_proxy_ssl_client_bundle:
+      ensure => file,
+      owner  => $::certs::group,
+      mode   => '0644'
+    } ~>
     file { $foreman_ssl_key:
       ensure => file,
       owner  => 'foreman-proxy',

diff --git a/manifests/katello.pp b/manifests/katello.pp
@@ -30,7 +30,7 @@
     owner  => 'root',
     group  => 'root',
     mode   => '0644',
-  } ->
+  } ~>
   # We need to deliver the server_ca for yum and rhsm to trust the server
   # and the default_ca for goferd to trust the qpid
   certs_bootstrap_rpm { $candlepin_consumer_name: