From 01eddaf45c57e3f37fa9f4c93e416249497cf056 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ivan=20Ne=C4=8Das?= <inecas@redhat.com>
Date: Thu, 13 Feb 2014 23:55:34 +0100
Subject: [PATCH] Capsule related certs settings

Generate certs and configure certificates for capsule related
stuff (smart-proxy, pulp node etc).
---
 manifests/capsule.pp | 88 ++++++++++++++++++++++++++++++++++++++++++++
 manifests/foreman.pp | 14 +++++++
 manifests/params.pp  | 10 +++++
 3 files changed, 112 insertions(+)
 create mode 100644 manifests/capsule.pp

diff --git a/manifests/capsule.pp b/manifests/capsule.pp
new file mode 100644
index 00000000..8d23f433
--- /dev/null
+++ b/manifests/capsule.pp
@@ -0,0 +1,88 @@
+# Prepare the certificates for the node from the parent node
+#
+# === Parameters:
+#
+# $parent_fqdn::             fqdn of the parent node. Does not usually
+#                            need to be set.
+#
+# $child_fqdn::              fqdn of the child node. REQUIRED
+#
+# $certs_tar::               path to tar file with certs to generate
+#
+# $katello_user::            Katello username used for creating repo with certs.
+#                            This param indicates that we want to distribute the certs via
+#                            Katello repo
+#
+# $katello_password::        Katello password
+#
+# $katello_org::             Organization name to create a repository in
+#
+# $katello_repo_provider::   Provider name to create a repository in
+#
+# $katello_product::         Product name to create a repository in
+#
+# $katello_activation_key::  Activation key that registers the system
+#                            with access to the cert repo (OPTIONAL)
+#
+class certs::capsule (
+  $parent_fqdn            = $fqdn,
+  $child_fqdn             = $certs::params::node_fqdn,
+  $certs_tar              = $certs::params::certs_tar,
+  $katello_user           = $certs::params::katello_user,
+  $katello_password       = $certs::params::katello_password,
+  $katello_org            = $certs::params::katello_org,
+  $katello_repo_provider  = $certs::params::katello_repo_provider,
+  $katello_product        = $certs::params::katello_product,
+  $katello_activation_key = $certs::params::katello_activation_key
+  ) inherits certs::params {
+
+  validate_present($child_fqdn)
+
+  class { 'certs::puppet': }
+  class { 'certs::foreman_proxy': }
+  class { 'certs::apache': }
+  class { 'certs::pulp_child': }
+  class { 'certs::pulp_parent':
+    hostname => $parent_fqdn,
+    deploy   => true,
+  }
+
+  if $certs_tar {
+    certs::tar_create { $certs_tar:
+      subscribe => [Class['certs::puppet'],
+                    Class['certs::foreman'],
+                    Class['certs::foreman_proxy'],
+                    Class['certs::apache'],
+                    Class['certs::pulp_child']]
+    }
+  }
+
+  if $katello_user {
+
+    katello_repo { $child_fqdn:
+      user          => $katello_user,
+      password      => $katello_password,
+      org           => $katello_org,
+      repo_provider => $katello_repo_provider,
+      product       => $katello_product,
+      package_files => ['/root/ssl-build/*.noarch.rpm',
+                        "/root/ssl-build/${child_fqdn}/*.noarch.rpm"],
+      subscribe     => [Class['certs::puppet'],
+                        Class['certs::foreman'],
+                        Class['certs::foreman_proxy'],
+                        Class['certs::apache'],
+                        Class['certs::pulp_child']],
+    }
+
+    if $katello_activation_key {
+      katello_activation_key { $katello_activation_key:
+        user     => $katello_user,
+        password => $katello_password,
+        org      => $katello_org,
+        product  => $katello_product,
+        require  => Katello_repo[$child_fqdn]
+      }
+    }
+
+  }
+}
diff --git a/manifests/foreman.pp b/manifests/foreman.pp
index 54efcd17..930c8f61 100644
--- a/manifests/foreman.pp
+++ b/manifests/foreman.pp
@@ -44,5 +44,19 @@
     pubkey { $client_ca:
       cert => $ca,
     }
+
+    $foreman_config_cmd = "${::foreman::app_root}/script/foreman-config\
+      -k ssl_ca_file -v '${client_ca}'\
+      -k ssl_certificate -v '${client_cert}'\
+      -k ssl_priv_key -v '${client_key}'"
+    exec { 'foreman_certs_config':
+      environment => ["HOME=${::foreman::app_root}"],
+      cwd         => $::foreman::app_root,
+      command     => $foreman_config_cmd,
+      unless      => "${foreman_config_cmd} --dry-run",
+      user        => $::foreman::user,
+      require     => Class['foreman::service']
+    }
+
   }
 }
diff --git a/manifests/params.pp b/manifests/params.pp
index b22ad951..fc69e5fb 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -60,4 +60,14 @@
   $candlepin_keystore               = '/etc/pki/katello/keystore'
   $candlepin_certs_dir              = '/etc/candlepin/certs'
 
+  $certs_tar              = undef
+  # Settings for uploading packages to Katello
+  $katello_user           = undef
+  $katello_password       = undef
+  $katello_org            = 'Katello Infrastructure'
+  $katello_repo_provider  = 'node-installer'
+  $katello_product        = 'node-certs'
+  $katello_activation_key = undef
+
+
 }