Skip to content

rnelson0/puppet-certs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

125 Commits

.vscode

.vscode

 
 

data

data

 
 

manifests

manifests

 
 

spec

spec

 
 

.fixtures.yml

.fixtures.yml

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

.gitlab-ci.yml

.gitlab-ci.yml

 
 

.pdkignore

.pdkignore

 
 

.pmtignore

.pmtignore

 
 

.puppet-lint.rc

.puppet-lint.rc

 
 

.rspec

.rspec

 
 

.rubocop.yml

.rubocop.yml

 
 

.sync.yml

.sync.yml

 
 

.travis.yml

.travis.yml

 
 

.yardopts

.yardopts

 
 

CHANGELOG.md

CHANGELOG.md

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

Gemfile

Gemfile

 
 

README.md

README.md

 
 

Rakefile

Rakefile

 
 

appveyor.yml

appveyor.yml

 
 

hiera.yaml

hiera.yaml

 
 

metadata.json

metadata.json

 
 

Repository files navigation

certs

Build Status Puppet Forge Puppet Forge Downloads Stories in Ready Stories In Progress

Table of Contents

  1. Overview
  2. Setup - The basics of getting started with certs
  3. Usage - Configuration options and additional functionality

Overview

Provides SSL certificate files required by apache and other webservers via the certs::vhost define. These files can then be provided to apache::vhost and other classes that require the files to already exist on a managed node.

Setup

Setup Requirements

The certificate files must come from an external store. Recommended stores are a site-specific (and private!) module containing SSL files or a network- accessible filesystem, such as NFS, that the managed node can access.

Beginning with certs

Once a file store is determined, include at least one certs::vhost define and specify the file store location as the source_path. You may optionally specify a target_path if the default location of /etc/ssl/certs is not desired.

Usage

No trailing slash should be provided to source_path.

certs::vhost { 'www.example.com':
  source_path => 'puppet:///modules/site_certificates',
}

Creates /etc/ssl/certs/www.example.com.crt and /etc/ssl/certs/www.example.com.key based off of puppet:///site_certificates/www.example.com.crt and puppet:///site_certificates/www.example.com.key.

certs::vhost { 'www.example.com':
  target_path => '/etc/httpd/ssl.d',
  source_path => 'puppet:///modules/site_certificates',
}

Creates the same crt and key files in /etc/httpd/ssl.d.

Certs::Vhost<| |> -> Apache::Vhost<| |>

If you wish for your certificate and key to go to different paths, you can specify them accordingly. If one or bothof these values are not passed, target_path will be used.

certs::vhost { 'www.example.com':
  crt_target_path => '/etc/pki/certs',
  key_target_path => '/etc/pki/private',
  source_path => 'puppet:///modules/site_certificates',
}

When providing the certificate files to the apache::vhost or similar classes it is best to ensure they are properly dependent upon the certs::vhost.

To use the vault options, you must have a module that is API compatible with puppet-vault_lookup installed. If you are not using vault, this dependency is optional. Some types of certificates may have been encoded with base64 for compatibility with Vault, you can specify base64_vault_crt to decode this certificate type.

certs::vhost { 'www.example.com':
  target_path      => '/etc/httpd/ssl.d',
  source_path      => '/v1/kv/puppet/ssl',
  vault            => true,
  base64_vault_crt => true,
}

You can optionally specify file options such as owner and mode by using the file_options variable.

certs::vhost { 'www.example.com':
  target_path  => '/etc/httpd/ssl.d',
  source_path  => 'puppet:///modules/site_certificates',
  file_options => { owner => 'root',
                    group => 'root',
                    mode  => '0644',}
}

About

SSL Certificate File Management for Puppet

Topics

puppet-module

Resources

Readme
Activity

Stars

4 stars

Watchers

3 watching

Forks

5 forks
Report repository

Releases

5 tags

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages