/
params.pp
94 lines (94 loc) · 3.22 KB
/
params.pp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# Private class
class ca_cert::params {
case $facts['os']['family'] {
'Debian': {
$trusted_cert_dir = '/usr/local/share/ca-certificates'
$update_cmd = 'update-ca-certificates'
$cert_dir_group = 'staff'
$ca_file_group = 'root'
$ca_file_mode = '0444'
$ca_file_extension = 'crt'
$package_name = 'ca-certificates'
case $facts['os']['name'] {
'Ubuntu': {
$cert_dir_mode = '0755'
}
/(Debian|Kali)/: {
$cert_dir_mode = '2665'
}
default: {
fail("Unsupported operatingsystem (${facts['os']['name']})")
}
}
}
'RedHat': {
$trusted_cert_dir = '/etc/pki/ca-trust/source/anchors'
$distrusted_cert_dir = '/etc/pki/ca-trust/source/blacklist'
$update_cmd = 'update-ca-trust extract'
$cert_dir_group = 'root'
$cert_dir_mode = '0755'
$ca_file_group = 'root'
$ca_file_mode = '0644'
$ca_file_extension = 'crt'
$package_name = 'ca-certificates'
}
'Archlinux': {
$trusted_cert_dir = '/etc/ca-certificates/trust-source/anchors/'
$distrusted_cert_dir = '/etc/ca-certificates/trust-source/blacklist'
$update_cmd = 'trust extract-compat'
$cert_dir_group = 'root'
$cert_dir_mode = '0755'
$ca_file_group = 'root'
$ca_file_mode = '0644'
$ca_file_extension = 'crt'
$package_name = 'ca-certificates'
}
'Suse': {
if $facts['os']['release']['major'] =~ /(10|11)/ {
$trusted_cert_dir = '/etc/ssl/certs'
$update_cmd = 'c_rehash'
$ca_file_extension = 'pem'
$package_name = 'openssl-certs'
}
elsif versioncmp($facts['os']['release']['major'], '12') >= 0 {
$trusted_cert_dir = '/etc/pki/trust/anchors'
$distrusted_cert_dir = '/etc/pki/trust/blacklist'
$update_cmd = 'update-ca-certificates'
$ca_file_extension = 'crt'
$package_name = 'ca-certificates'
}
$cert_dir_group = 'root'
$cert_dir_mode = '0755'
$ca_file_group = 'root'
$ca_file_mode = '0644'
}
'AIX': {
$trusted_cert_dir = '/var/ssl/certs'
$update_cmd = '/usr/bin/c_rehash'
$cert_dir_group = 'system'
$cert_dir_mode = '0755'
$ca_file_group = 'system'
$ca_file_mode = '0644'
$ca_file_extension = 'crt'
$package_name = 'ca-certificates'
}
'Solaris': {
if versioncmp($facts['os']['release']['major'], '11') >= 0 {
$trusted_cert_dir = '/etc/certs/CA/'
$update_cmd = '/usr/sbin/svcadm restart /system/ca-certificates'
$cert_dir_group = 'sys'
$cert_dir_mode = '0755'
$ca_file_group = 'root'
$ca_file_mode = '0444'
$ca_file_extension = 'pem'
$package_name = 'ca-certificates'
}
else {
fail("Unsupported OS Major release (${facts['os']['release']['major']})")
}
}
default: {
fail("Unsupported osfamily (${facts['os']['family']})")
}
}
}