Start setting up step-ca files

global/overlay/etc/puppet/modules/cdn/manifests/ca.pp

@@ -3,6 +3,58 @@ class cdn::ca(
 )
 {
 
+  $ca_secrets = lookup({ 'name' => 'cdn::ca-secrets', 'default_value' => undef })
+
+  file { '/opt/step-ca':
+    ensure => directory,
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0755',
+  }
+
+  # The owner/group matches the 'step' user in the step-ca container
+  file { '/opt/step-ca/data':
+    ensure => directory,
+    owner  => '1000',
+    group  => '1000',
+    mode   => '0750',
+  }
+
+  # Files used for initial install of step-ca
+  file { '/opt/step-ca/init':
+    ensure => directory,
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0755',
+  }
+
+  file { '/opt/step-ca/init/secrets':
+    ensure => directory,
+    owner  => '1000',
+    group  => '1000',
+    mode   => '0750',
+  }
+
+  if $ca_secrets['key_password'] {
+    file { '/opt/step-ca/init/secrets/key-password':
+      ensure => file,
+      owner  => '1000',
+      group  => '1000',
+      mode   => '0640',
+      content => template('cdn/ca/password.erb'),
+    }
+  }
+
+  if $ca_secrets['provisioner_password'] {
+    file { '/opt/step-ca/init/secrets/provisioner-password':
+      ensure => file,
+      owner  => '1000',
+      group  => '1000',
+      mode   => '0640',
+      content => template('cdn/ca/password.erb'),
+    }
+  }
+
   sunet::nftables::docker_expose { 'expose step-ca' :
     allow_clients => 'any',
     port          => 9000,
@@ -11,7 +63,7 @@ class cdn::ca(
 
 #  sunet::docker_compose { 'sunet-cdn-ca':
 #    content          => template('cdn/ca/docker-compose.yml.erb'),
-#    service_name     => 'cdn-l4lb',
+#    service_name     => 'cdn-ca',
 #    compose_dir      => '/opt/sunet-cdn/compose',
 #    compose_filename => 'docker-compose.yml',
 #    description      => 'SUNET CDN CA',

global/overlay/etc/puppet/modules/cdn/templates/ca/password.erb

@@ -0,0 +1 @@
+<%= @private_key_password %>