Skip to content

Commit

Permalink
refs #15931 - allow passing the cname parameter when generating certs (
Browse files Browse the repository at this point in the history 
…#120)

* refs #15931 - allow passing the cname parameter to all cert classes

this enables Kafo to set the subjectAltName of the certificates via
--certs-node-cname. The option can be given multiple times to add
multple cnames.

this enables Kafo to set the subjectAltName of the certificates via
--foreman-proxy-cname. The option can be given multiple times to add
multple cnames.
  • Loading branch information
@evgeni @ehelms
evgeni authored and ehelms committed Jan 17, 2017
1 parent b219b79 commit db68211
Show file tree
Hide file tree
Showing 12 changed files with 42 additions and 11 deletions.
3 changes: 3 additions & 0 deletions manifests/apache.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
class certs::apache (

$hostname = $::certs::node_fqdn,
$cname = $::certs::cname,
$generate = $::certs::generate,
$regenerate = $::certs::regenerate,
$deploy = $::certs::deploy,
Expand All @@ -15,6 +16,7 @@
cert { $apache_cert_name:
ensure => present,
hostname => $hostname,
cname => $cname,
generate => $generate,
deploy => $deploy,
regenerate => $regenerate,
Expand All @@ -26,6 +28,7 @@
cert { $apache_cert_name:
ensure => present,
hostname => $hostname,
cname => $cname,
country => $::certs::country,
state => $::certs::state,
city => $::certs::city,
Expand Down
2 changes: 2 additions & 0 deletions manifests/candlepin.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
class certs::candlepin (

$hostname = $::certs::node_fqdn,
$cname = $::certs::cname,
$generate = $::certs::generate,
$regenerate = $::certs::regenerate,
$deploy = $::certs::deploy,
Expand All @@ -26,6 +27,7 @@
cert { $java_client_cert_name:
ensure => present,
hostname => $hostname,
cname => $cname,
country => $::certs::country,
state => $::certs::state,
city => $::certs::city,
Expand Down
2 changes: 2 additions & 0 deletions manifests/foreman.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
class certs::foreman (

$hostname = $::certs::node_fqdn,
$cname = $::certs::cname,
$generate = $::certs::generate,
$regenerate = $::certs::regenerate,
$deploy = $::certs::deploy,
Expand All @@ -16,6 +17,7 @@
# cert for authentication of puppetmaster against foreman
cert { $client_cert_name:
hostname => $::certs::foreman::hostname,
cname => $::certs::foreman::cname,
purpose => client,
country => $::certs::country,
state => $::certs::state,
Expand Down
4 changes: 4 additions & 0 deletions manifests/foreman_proxy.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
class certs::foreman_proxy (

$hostname = $::certs::node_fqdn,
$cname = $::certs::cname,
$generate = $::certs::generate,
$regenerate = $::certs::regenerate,
$deploy = $::certs::deploy,
Expand All @@ -22,6 +23,7 @@
cert { $proxy_cert_name:
ensure => present,
hostname => $::certs::foreman_proxy::hostname,
cname => $::certs::foreman_proxy::cname,
generate => $generate,
regenerate => $regenerate,
deploy => $deploy,
Expand All @@ -33,6 +35,7 @@
# cert for ssl of foreman-proxy
cert { $proxy_cert_name:
hostname => $::certs::foreman_proxy::hostname,
cname => $::certs::foreman_proxy::cname,
purpose => server,
country => $::certs::country,
state => $::certs::state,
Expand All @@ -51,6 +54,7 @@
# cert for authentication of foreman_proxy against foreman
cert { $foreman_proxy_client_cert_name:
hostname => $::certs::foreman_proxy::hostname,
cname => $::certs::foreman_proxy::cname,
purpose => client,
country => $::certs::country,
state => $::certs::state,
Expand Down
24 changes: 14 additions & 10 deletions manifests/foreman_proxy_content.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,27 +9,31 @@
# $foreman_proxy_fqdn:: FQDN of the foreman proxy
# type:String
#
# $foreman_proxy_cname:: additional names of the foreman proxy
# type:Array
#
# $certs_tar:: Path to tar file with certs to generate
# type:Optional[Stdlib::Absolutepath]
#
class certs::foreman_proxy_content (
$parent_fqdn = $fqdn,
$foreman_proxy_fqdn = $certs::node_fqdn,
$certs_tar = $certs::params::certs_tar
$parent_fqdn = $fqdn,
$foreman_proxy_fqdn = $certs::node_fqdn,
$foreman_proxy_cname = $certs::cname,
$certs_tar = $certs::params::certs_tar
) inherits certs::params {

# until we support again pushing the cert rpms to the Katello,
# make sure the certs_tar path is present
validate_present($certs_tar)
validate_present($foreman_proxy_fqdn)

class { '::certs::puppet': hostname => $foreman_proxy_fqdn }
class { '::certs::foreman': hostname => $foreman_proxy_fqdn }
class { '::certs::foreman_proxy': hostname => $foreman_proxy_fqdn }
class { '::certs::apache': hostname => $foreman_proxy_fqdn }
class { '::certs::qpid': hostname => $foreman_proxy_fqdn }
class { '::certs::qpid_router': hostname => $foreman_proxy_fqdn }
class { '::certs::qpid_client': hostname => $foreman_proxy_fqdn }
class { '::certs::puppet': hostname => $foreman_proxy_fqdn, cname => $foreman_proxy_cname }
class { '::certs::foreman': hostname => $foreman_proxy_fqdn, cname => $foreman_proxy_cname }
class { '::certs::foreman_proxy': hostname => $foreman_proxy_fqdn, cname => $foreman_proxy_cname }
class { '::certs::apache': hostname => $foreman_proxy_fqdn, cname => $foreman_proxy_cname }
class { '::certs::qpid': hostname => $foreman_proxy_fqdn, cname => $foreman_proxy_cname }
class { '::certs::qpid_router': hostname => $foreman_proxy_fqdn, cname => $foreman_proxy_cname }
class { '::certs::qpid_client': hostname => $foreman_proxy_fqdn, cname => $foreman_proxy_cname }

if $certs_tar {
certs::tar_create { $certs_tar:
Expand Down
5 changes: 5 additions & 0 deletions manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,10 @@
# should be for
# type:String
#
# $cname:: The alternative names of the host the generated certificates
# should be for
# type:array
#
# $server_ca_cert:: Path to the CA that issued the ssl certificates for https
# if not specified, the default CA will be used
# type:Optional[Stdlib::Absolutepath]
Expand Down Expand Up @@ -92,6 +96,7 @@

$log_dir = $certs::params::log_dir,
$node_fqdn = $certs::params::node_fqdn,
$cname = $certs::params::cname,
$generate = $certs::params::generate,
$regenerate = $certs::params::regenerate,
$regenerate_ca = $certs::params::regenerate_ca,
Expand Down
1 change: 1 addition & 0 deletions manifests/params.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
$ssl_build_dir = '/root/ssl-build'

$node_fqdn = $::fqdn
$cname = []

$custom_repo = false

Expand Down
2 changes: 2 additions & 0 deletions manifests/pulp_client.pp
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
# Pulp Client Certs
class certs::pulp_client (
$hostname = $::certs::node_fqdn,
$cname = $::certs::cname,
$generate = $::certs::generate,
$regenerate = $::certs::regenerate,
$deploy = $::certs::deploy,
Expand All @@ -14,6 +15,7 @@

cert { $client_cert_name:
hostname => $hostname,
cname => $cname,
common_name => $common_name,
purpose => client,
country => $::certs::country,
Expand Down
2 changes: 2 additions & 0 deletions manifests/puppet.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
class certs::puppet (

$hostname = $::certs::node_fqdn,
$cname = $::certs::cname,
$generate = $::certs::generate,
$regenerate = $::certs::regenerate,
$deploy = $::certs::deploy,
Expand All @@ -17,6 +18,7 @@
# cert for authentication of puppetmaster against foreman
cert { $puppet_client_cert_name:
hostname => $::certs::puppet::hostname,
cname => $::certs::puppet::cname,
purpose => client,
country => $::certs::country,
state => $::certs::state,
Expand Down
3 changes: 2 additions & 1 deletion manifests/qpid.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
class certs::qpid (

$hostname = $::certs::node_fqdn,
$cname = $::certs::cname,
$generate = $::certs::generate,
$regenerate = $::certs::regenerate,
$deploy = $::certs::deploy,
Expand All @@ -14,7 +15,7 @@
cert { $qpid_cert_name:
ensure => present,
hostname => $::certs::qpid::hostname,
cname => 'localhost',
cname => concat($::certs::qpid::cname, 'localhost'),
country => $::certs::country,
state => $::certs::state,
city => $::certs::city,
Expand Down
2 changes: 2 additions & 0 deletions manifests/qpid_client.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
class certs::qpid_client (

$hostname = $::certs::node_fqdn,
$cname = $::certs::cname,
$generate = $::certs::generate,
$regenerate = $::certs::regenerate,
$deploy = $::certs::deploy,
Expand All @@ -12,6 +13,7 @@

cert { "${hostname}-qpid-client-cert":
hostname => $hostname,
cname => $cname,
common_name => 'pulp-qpid-client-cert',
purpose => client,
country => $::certs::country,
Expand Down
3 changes: 3 additions & 0 deletions manifests/qpid_router.pp
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
# Constains certs specific configurations for qpid dispatch router
class certs::qpid_router(
$hostname = $::certs::node_fqdn,
$cname = $::certs::cname,
$generate = $::certs::generate,
$regenerate = $::certs::regenerate,
$deploy = $::certs::deploy,
Expand All @@ -18,6 +19,7 @@
cert { $server_keypair:
ensure => present,
hostname => $hostname,
cname => $cname,
country => $::certs::country,
state => $::certs::state,
city => $::certs::city,
Expand All @@ -35,6 +37,7 @@
cert { $client_keypair:
ensure => present,
hostname => $hostname,
cname => $cname,
country => $::certs::country,
state => $::certs::state,
city => $::certs::city,
Expand Down

0 comments on commit db68211

Please sign in to comment.