From 79bb7026d825704817abc7bfd7362b6780baeb8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ivan=20Ne=C4=8Das?= Date: Tue, 20 May 2014 14:51:55 +0200 Subject: [PATCH 1/2] Refs #5815 - generate certs for node qpid --- manifests/capsule.pp | 2 ++ manifests/pulp_child.pp | 28 ++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/manifests/capsule.pp b/manifests/capsule.pp index 3e4075ae..deb12ab5 100644 --- a/manifests/capsule.pp +++ b/manifests/capsule.pp @@ -24,6 +24,7 @@ class { 'certs::foreman': hostname => $capsule_fqdn } class { 'certs::foreman_proxy': hostname => $capsule_fqdn } class { 'certs::apache': hostname => $capsule_fqdn } + class { 'certs::qpid': hostname => $capsule_fqdn } class { 'certs::pulp_child': hostname => $capsule_fqdn } class { 'certs::pulp_parent': hostname => $parent_fqdn, @@ -35,6 +36,7 @@ subscribe => [Class['certs::puppet'], Class['certs::foreman'], Class['certs::foreman_proxy'], + Class['certs::qpid'], Class['certs::apache'], Class['certs::pulp_child']] } diff --git a/manifests/pulp_child.pp b/manifests/pulp_child.pp index 531dc007..0ae638a3 100644 --- a/manifests/pulp_child.pp +++ b/manifests/pulp_child.pp @@ -7,6 +7,23 @@ $ca = $::certs::default_ca ) { + cert { "${::certs::pulp_child::hostname}-qpid-client-cert": + hostname => $::certs::pulp_child::hostname, + common_name => 'pulp-qpid-client-cert', + purpose => client, + country => $::certs::country, + state => $::certs::state, + city => $::certs::city, + org => 'PULP', + org_unit => $::certs::org_unit, + expiration => $::certs::expiration, + ca => $ca, + generate => $generate, + regenerate => $regenerate, + deploy => $deploy, + password_file => $certs::ca_key_password_file, + } + if $deploy { pubkey { $pulp::consumers_ca_cert: key_pair => $ca, @@ -25,5 +42,16 @@ # Defined in certs::apache module key_pair => Cert["${hostname}-apache"], } + + Cert["${::certs::pulp_child::hostname}-qpid-client-cert"] ~> + key_bundle { $pulp::messaging_client_cert: + key_pair => Cert["${::certs::pulp_child::hostname}-qpid-client-cert"], + } ~> + file { $pulp::messaging_client_cert: + owner => 'apache', + group => 'apache', + mode => '0640', + } + } } From 09ca7a7a3399fb1a5b0ffd02b3425bed66f87986 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ivan=20Ne=C4=8Das?= Date: Wed, 21 May 2014 13:20:49 +0200 Subject: [PATCH 2/2] Refs #5815 - make sure the required users are present By making sure the packages that deploy users are there --- manifests/qpid.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/qpid.pp b/manifests/qpid.pp index c01fdf62..7faa4e0a 100644 --- a/manifests/qpid.pp +++ b/manifests/qpid.pp @@ -38,6 +38,7 @@ $pfx_path = "${certs::pki_dir}/${qpid_cert_name}.pfx" $nssdb_files = ["${::certs::nss_db_dir}/cert8.db", "${::certs::nss_db_dir}/key3.db", "${::certs::nss_db_dir}/secmod.db"] + Package['httpd'] -> Package['qpid-cpp-server'] -> Cert[$qpid_cert_name] ~> pubkey { $client_cert: key_pair => Cert["${::certs::qpid::hostname}-qpid-broker"]