From d27bf2375af2174cff9766be2558158ff28fc5a2 Mon Sep 17 00:00:00 2001 From: Ossi Salmi Date: Wed, 30 Mar 2011 12:52:08 +0300 Subject: [PATCH] Changed ssl::certificate parameters Use $name for output file name to allow multiple defines with the same CN. --- ssl/manifests/init.pp | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/ssl/manifests/init.pp b/ssl/manifests/init.pp index ef6f8b2..a9b7968 100644 --- a/ssl/manifests/init.pp +++ b/ssl/manifests/init.pp @@ -13,31 +13,39 @@ class ssl::openssl { # # === Parameters: # -# $key: -# Key output file. -# $crt: +# $name: # Certificate output file. +# $cn: +# Common name. +# $keyout: +# Key output file. Defaults to ${name}. # $days: # Validity in days, defaults to 3650. # $keysize: # RSA key size, defaults to 2048. # $subject: -# Subject, defaults to "/CN=${name}". +# Extra subject information. # -define ssl::certificate($key, $crt, $days="3650", $keysize="2048", $subject="") { +define ssl::certificate($cn, $keyout="", $days="3650", $keysize="2048", $subject="") { include ssl::openssl - if $subject { - $subject_real = $subject + if $keyout { + $keyout_real = $keyout } else { - $subject_real = "/CN=${name}" + $keyout_real = $name + } + + if $subject { + $subject_real = "/CN=${cn}/${subject}" + } else { + $subject_real = "/CN=${cn}" } exec { "openssl-req-${name}": path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin", - command => "/bin/sh -c 'umask 077 ; openssl req -x509 -nodes -days ${days} -newkey rsa:${keysize} -subj \"${subject_real}\" -keyout ${key} -out ${crt}'", - creates => [ "${key}", "${crt}" ], + command => "/bin/sh -c 'umask 077 ; openssl req -x509 -nodes -days ${days} -newkey rsa:${keysize} -subj \"${subject_real}\" -keyout ${keyout_real} -out ${name}'", + creates => [ "${name}", "${keyout_real}" ], } }