Added file permissions handling to ssl module
This commit is contained in:
Ossi Salmi
parent
955c8ce047
commit
714f5c0715
1 changed files with 39 additions and 2 deletions
|
|
@ -17,8 +17,12 @@ class ssl::openssl {
|
||||||
# Certificate output file.
|
# Certificate output file.
|
||||||
# $cn:
|
# $cn:
|
||||||
# Common name.
|
# Common name.
|
||||||
|
# $mode, $owner, $group:
|
||||||
|
# Certificate file permissions.
|
||||||
# $keyout:
|
# $keyout:
|
||||||
# Key output file. Defaults to ${name}.
|
# Key output file. Defaults to ${name}.
|
||||||
|
# $keymode, $keyowner, $keygroup:
|
||||||
|
# Key file permissions.
|
||||||
# $days:
|
# $days:
|
||||||
# Validity in days, defaults to 3650.
|
# Validity in days, defaults to 3650.
|
||||||
# $keysize:
|
# $keysize:
|
||||||
|
|
@ -26,12 +30,17 @@ class ssl::openssl {
|
||||||
# $subject:
|
# $subject:
|
||||||
# Extra subject information.
|
# Extra subject information.
|
||||||
#
|
#
|
||||||
define ssl::certificate($cn, $keyout="", $days="3650", $keysize="2048", $subject="") {
|
define ssl::certificate($cn, $mode, $owner, $group,
|
||||||
|
$keyout="", $keymode="", $keyowner="", $keygroup="",
|
||||||
|
$days="3650", $keysize="2048", $subject="") {
|
||||||
|
|
||||||
include ssl::openssl
|
include ssl::openssl
|
||||||
|
|
||||||
if $keyout {
|
if $keyout {
|
||||||
$keyout_real = $keyout
|
$keyout_real = $keyout
|
||||||
|
if !$keymode or !$keyowner or !$keygroup {
|
||||||
|
fail("\$keymode, \$keyowner and \$keygroup must be defined.")
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
$keyout_real = $name
|
$keyout_real = $name
|
||||||
}
|
}
|
||||||
|
|
@ -48,6 +57,24 @@ define ssl::certificate($cn, $keyout="", $days="3650", $keysize="2048", $subject
|
||||||
creates => [ "${name}", "${keyout_real}" ],
|
creates => [ "${name}", "${keyout_real}" ],
|
||||||
}
|
}
|
||||||
|
|
||||||
|
file { "${name}":
|
||||||
|
ensure => present,
|
||||||
|
mode => $mode,
|
||||||
|
owner => $owner,
|
||||||
|
group => $group,
|
||||||
|
require => Exec["openssl-req-${name}"],
|
||||||
|
}
|
||||||
|
|
||||||
|
if $keyout {
|
||||||
|
file { "${keyout}":
|
||||||
|
ensure => present,
|
||||||
|
mode => $keymode,
|
||||||
|
owner => $keyowner,
|
||||||
|
group => $keygroup,
|
||||||
|
require => Exec["openssl-req-${name}"],
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -57,10 +84,12 @@ define ssl::certificate($cn, $keyout="", $days="3650", $keysize="2048", $subject
|
||||||
#
|
#
|
||||||
# $name:
|
# $name:
|
||||||
# Output file.
|
# Output file.
|
||||||
|
# $mode, $owner, $group:
|
||||||
|
# Output file permissions.
|
||||||
# $keysize:
|
# $keysize:
|
||||||
# Key size. Defaults to 1024.
|
# Key size. Defaults to 1024.
|
||||||
#
|
#
|
||||||
define ssl::dhparam($keysize="1024") {
|
define ssl::dhparam($mode, $owner, $group, $keysize="1024") {
|
||||||
|
|
||||||
exec { "openssl-dhparam-${name}":
|
exec { "openssl-dhparam-${name}":
|
||||||
path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",
|
path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",
|
||||||
|
|
@ -68,4 +97,12 @@ define ssl::dhparam($keysize="1024") {
|
||||||
creates => "${name}",
|
creates => "${name}",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
file { "${name}":
|
||||||
|
ensure => present,
|
||||||
|
mode => $mode,
|
||||||
|
owner => $owner,
|
||||||
|
group => $group,
|
||||||
|
require => Exec["openssl-dhparam-${name}"],
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue