Defined Type: dehydrated::certificate::deploy

Defined in:
manifests/certificate/deploy.pp

Summary

Deploy collected certificate and CA files.

Overview

Deploy collected certificate and CA files.

Examples:

dehydrated::certificate::deploy { 'namevar': }

Parameters:

  • dn (Dehydrated::DN) (defaults to: $name)
  • key_password (Optional[String]) (defaults to: undef) 


10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
 
# File 'manifests/certificate/deploy.pp', line 10

define dehydrated::certificate::deploy(
  Dehydrated::DN $dn = $name,
  Optional[String] $key_password = undef,
) {

  if ! defined(Class['dehydrated']) {
    fail('You must include the dehydrated base class first.')
  }

  require ::dehydrated::setup

  $dehydrated_domains = $facts['dehydrated_domains']
  $_config = $dehydrated_domains[$dn]
  $base_filename = $_config['base_filename']

  $base_dir = $::dehydrated::base_dir
  $csr_dir  = $::dehydrated::csr_dir
  $key_dir  = $::dehydrated::key_dir
  $crt_dir  = $::dehydrated::crt_dir

  $cnf = "${base_dir}/${base_filename}.cnf"
  $crt = "${crt_dir}/${base_filename}.crt"
  $key = "${key_dir}/${base_filename}.key"
  $pfx = "${key_dir}/${base_filename}.pfx"
  $csr = "${csr_dir}/${base_filename}.csr"
  $dh  = "${crt_dir}/${base_filename}.dh"
  $ca = "${crt_dir}/${base_filename}_ca.pem"

  $crt_full_chain = "${crt_dir}/${base_filename}_fullchain.pem"
  $crt_full_chain_with_key = "${key_dir}/${base_filename}_fullchain_with_key.pem"

  Concat {
    owner => $::dehydrated::user,
    group => $::dehydrated::group,
  }

  concat { $crt_full_chain :
    mode => '0644',
  }
  concat { $crt_full_chain_with_key :
    mode   => '0640',
    notify => Dehydrated_pfx[$pfx],
  }

  concat::fragment { "${dn}_key" :
    target => $crt_full_chain_with_key,
    source => $key,
    order  => '01',
  }
  concat::fragment { "${dn}_fullchain" :
    target    => $crt_full_chain_with_key,
    source    => $crt_full_chain,
    order     => '10',
    subscribe => Concat[$crt_full_chain],
  }

  concat::fragment { "${dn}_crt" :
    target => $crt_full_chain,
    source => $crt,
    order  => '10',
  }
  concat::fragment { "${dn}_dh" :
    target => $crt_full_chain,
    source => $dh,
    order  => '30',
  }

  concat::fragment { "${dn}_ca" :
    target => $crt_full_chain,
    source => $ca,
    order  => '50',
  }

  if ($::dehydrated::build_pfx_files) {
    $dehydrated_pfx_ensure = 'present'
  } else {
    $dehydrated_pfx_ensure = 'absent'
  }
  dehydrated_pfx { $pfx:
    ensure       => $dehydrated_pfx_ensure,
    pkcs12_name  => $dn,
    key_password => $key_password,
    password     => $key_password,
    ca           => $ca,
    certificate  => $crt,
    private_key  => $key,
  }

}