rnelson0/certs · SSL Certificate File Management · Puppet Forge
source link: https://forge.puppet.com/modules/rnelson0/certs
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
certs
Rob Nelson
rnelson013,885 downloads
529 latest version
5.0 quality score
Version information
This version is compatible with:
Start using this module
Documentation
certs
Table of Contents
Overview
Provides SSL certificate files required by apache and other webservers via the certs::vhost define. These files can then be provided to apache::vhost and other classes that require the files to already exist on a managed node.
Setup
Setup Requirements
The certificate files must come from an external store. Recommended stores are a site-specific (and private!) module containing SSL files or a network- accessible filesystem, such as NFS, that the managed node can access.
Beginning with certs
Once a file store is determined, include at least one certs::vhost define
and specify the file store location as the source_path
. You may optionally
specify a target_path
if the default location of /etc/ssl/certs
is not
desired.
Usage
No trailing slash should be provided to source_path
.
certs::vhost { 'www.example.com':
source_path => 'puppet:///modules/site_certificates',
}
Creates /etc/ssl/certs/www.example.com.crt
and
/etc/ssl/certs/www.example.com.key
based off of
puppet:///site_certificates/www.example.com.crt
and
puppet:///site_certificates/www.example.com.key
.
certs::vhost { 'www.example.com':
target_path => '/etc/httpd/ssl.d',
source_path => 'puppet:///modules/site_certificates',
}
Creates the same crt and key files in /etc/httpd/ssl.d
.
Certs::Vhost<| |> -> Apache::Vhost<| |>
When providing the certificate files to the apache::vhost
or similar classes
it is best to ensure they are properly dependent upon the certs::vhost
.
To use the vault options, you must have a module that is API compatible with puppet-vault_lookup installed. If you are not using vault, this dependency is optional.
certs::vhost { 'www.example.com':
target_path => '/etc/httpd/ssl.d',
source_path => '/v1/kv/puppet/ssl',
vault => true,
}
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK