Skip to content

Commit

Permalink
Allow overriding passwords generated by extlib
Browse files Browse the repository at this point in the history
Update suggestions
  • Loading branch information
coreone committed Sep 23, 2023
1 parent 7242612 commit d1e4700
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 6 deletions.
16 changes: 12 additions & 4 deletions manifests/candlepin.pp
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,10 @@
Stdlib::Absolutepath $ca_cert = $certs::candlepin_ca_cert,
Stdlib::Absolutepath $ca_key = $certs::candlepin_ca_key,
Stdlib::Absolutepath $pki_dir = $certs::pki_dir,
Optional[String] $keystore_password = undef,
Stdlib::Absolutepath $keystore = $certs::candlepin_keystore,
String $keystore_password_file = 'keystore_password-file',
Optional[String] $truststore_password = undef,
Stdlib::Absolutepath $truststore = $certs::candlepin_truststore,
String $truststore_password_file = 'truststore_password-file',
String[2,2] $country = $certs::country,
Expand Down Expand Up @@ -68,8 +70,14 @@
build_dir => $certs::ssl_build_dir,
}

$keystore_password = extlib::cache_data('foreman_cache_data', $keystore_password_file, extlib::random_password(32))
$truststore_password = extlib::cache_data('foreman_cache_data', $truststore_password_file, extlib::random_password(32))
# Generate and cache the password on the master once
# In multi-puppetmaster setups, the user should specify their own
$final_keystore_password = pick(
$keystore_password, extlib::cache_data('foreman_cache_data', $keystore_password_file, extlib::random_password(32))
)
$final_truststore_password = pick(
$truststore_password, extlib::cache_data('foreman_cache_data', $truststore_password_file, extlib::random_password(32))
)
$keystore_password_path = "${pki_dir}/${keystore_password_file}"
$truststore_password_path = "${pki_dir}/${truststore_password_file}"
$client_key = $certs::foreman::client_key
Expand Down Expand Up @@ -110,7 +118,7 @@

file { $keystore_password_path:
ensure => file,
content => $keystore_password,
content => $final_keystore_password,
owner => 'root',
group => $group,
mode => '0440',
Expand All @@ -135,7 +143,7 @@

file { $truststore_password_path:
ensure => file,
content => $truststore_password,
content => $final_truststore_password,
owner => 'root',
group => $group,
mode => '0440',
Expand Down
4 changes: 3 additions & 1 deletion manifests/init.pp
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@
# $deploy:: Deploy the certs on the configured system. False means
# we want to apply it to a different system
#
# $ca_key_password:: Optional string to use for the CA key password
#
# $ca_common_name:: Common name for the generated CA certificate
#
# $country:: Country attribute for managed certificates
Expand Down Expand Up @@ -73,6 +75,7 @@
Boolean $generate = true,
Boolean $regenerate = false,
Boolean $deploy = true,
String[10] $ca_key_password = $certs::params::ca_key_password,
String $ca_common_name = $certs::params::ca_common_name,
String[2,2] $country = 'US',
String $state = 'North Carolina',
Expand Down Expand Up @@ -103,7 +106,6 @@
$ca_key = "${pki_dir}/private/${default_ca_name}.key"
$ca_cert = "${pki_dir}/certs/${default_ca_name}.crt"
$ca_cert_stripped = "${pki_dir}/certs/${default_ca_name}-stripped.crt"
$ca_key_password = extlib::cache_data('foreman_cache_data', 'ca_key_password', extlib::random_password(24))
$ca_key_password_file = "${ssl_build_dir}/${default_ca_name}.pwd"

$katello_server_ca_cert = "${pki_dir}/certs/${server_ca_name}.crt"
Expand Down
5 changes: 5 additions & 0 deletions manifests/params.pp
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,11 @@
$qpid_client_cert = "${pulp_pki_dir}/qpid/client.crt"
$qpid_client_ca_cert = "${pulp_pki_dir}/qpid/ca.crt"

# Generate and cache the password on the master once
# In multi-puppetmaster setups, the user should specify their own
$ca_key_password = extlib::cache_data('foreman_cache_data', 'ca_key_password', extlib::random_password(24))
$nss_db_password = extlib::cache_data('foreman_cache_data', 'certs-nss-db-password', extlib::random_password(32))

$qpid_router_server_cert = "${pki_dir}/qpid_router_server.crt"
$qpid_router_client_cert = "${pki_dir}/qpid_router_client.crt"
$qpid_router_server_key = "${pki_dir}/qpid_router_server.key"
Expand Down
2 changes: 1 addition & 1 deletion manifests/ssltools/nssdb.pp
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
class certs::ssltools::nssdb (
Stdlib::Absolutepath $nss_db_dir = "${certs::pki_dir}/nssdb",
Stdlib::Absolutepath $nss_db_password_file = "${certs::pki_dir}/nss_db_password-file",
String[10] $nss_db_password = extlib::cache_data('foreman_cache_data', 'certs-nss-db-password', extlib::random_password(32)),
String[10] $nss_db_password = $certs::params::nss_db_password,
String[1] $group = 'qpidd',
) {
ensure_packages(['nss-tools'])
Expand Down

0 comments on commit d1e4700

Please sign in to comment.