81687e2ead
In Puppet 3 there was a need to use absolute names to prevent issues. Since Puppet 4 everything is absolute by default which makes this not needed. We need to change this everywhere so that we can revert the pin in [1] that now prevents us from using the latest version of the puppet-lint check puppet-lint-absolute_classname_check that properly checks that we dont use absolute names. [1] https://review.opendev.org/#/c/697742/ Change-Id: I78b74fbeb08be7234189e4d266412fb7fb7a73c0
51 lines
1.4 KiB
Puppet
51 lines
1.4 KiB
Puppet
# Deploy SSL private keys
|
|
#
|
|
# [*key_path*]
|
|
# (optional) Path of SSL private key
|
|
# Defaults to undef.
|
|
#
|
|
# [*key_owner*]
|
|
# (optional) Owner of SSL private key
|
|
# Defaults to $name.
|
|
#
|
|
define openstack_integration::ssl_key(
|
|
$key_path = undef,
|
|
$key_owner = $name,
|
|
) {
|
|
|
|
include openstack_integration::config
|
|
|
|
if $key_path == undef {
|
|
$_key_path = "/etc/${name}/ssl/private/${::fqdn}.pem"
|
|
} else {
|
|
$_key_path = $key_path
|
|
}
|
|
|
|
# If the user isn't providing an unexpected path, create the directory
|
|
# structure.
|
|
if $key_path == undef {
|
|
file { "/etc/${name}/ssl":
|
|
ensure => directory,
|
|
owner => $name,
|
|
mode => '0775',
|
|
selinux_ignore_defaults => true,
|
|
}
|
|
file { "/etc/${name}/ssl/private":
|
|
ensure => directory,
|
|
owner => $name,
|
|
mode => '0755',
|
|
require => File["/etc/${name}/ssl"],
|
|
selinux_ignore_defaults => true,
|
|
before => File[$_key_path]
|
|
}
|
|
}
|
|
|
|
file { $_key_path:
|
|
ensure => present,
|
|
owner => $key_owner,
|
|
source => "puppet:///modules/openstack_integration/ipv${openstack_integration::config::ip_version}.key",
|
|
selinux_ignore_defaults => true,
|
|
mode => '0600',
|
|
}
|
|
}
|