sunet-cdn/cdn-ops
2
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
cdn-ops/global/overlay/etc/puppet/modules/cdn/manifests/ca.pp
Patrik Lundin d9db9fee72
Add init script for setting provisioner file 
This is to deal with the problem that it makes sense to have a separate
passsword for encryption keys and the admin provisioner. It is currently
not possible to control this via the docker env flags so add this
workaround for now.
2024-10-08 12:35:41 +02:00

90 lines
2.1 KiB
Puppet
Raw Blame History

# Configure a SUNET CDN CA server
class cdn::ca(
String $step_ca_version = '0.27.4',
)
{
$ca_secrets = lookup({ 'name' => 'cdn::ca-secrets', 'default_value' => undef })
file { '/opt/step-ca':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
# The owner/group matches the 'step' user in the step-ca container
file { '/opt/step-ca/data':
ensure => directory,
owner => '1000',
group => '1000',
mode => '0750',
}
# Files used for initial install of step-ca
file { '/opt/step-ca/init':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
file { '/opt/step-ca/init/secrets':
ensure => directory,
owner => '1000',
group => '1000',
mode => '0750',
}
file { '/opt/step-ca/init/scripts':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
file { '/opt/step-ca/init/scripts/set-provisioner-pw':
ensure => file,
owner => 'root',
group => 'root',
mode => '0755',
content => file('cdn/ca/set-provisioner-pw'),
}
if $ca_secrets {
if $ca_secrets['key_password'] {
file { '/opt/step-ca/init/secrets/key-password':
ensure => file,
owner => '1000',
group => '1000',
mode => '0640',
content => template('cdn/ca/key-password.erb'),
}
}
if $ca_secrets['provisioner_password'] {
file { '/opt/step-ca/init/secrets/provisioner-password':
ensure => file,
owner => '1000',
group => '1000',
mode => '0640',
content => template('cdn/ca/provisioner-password.erb'),
}
}
}
sunet::nftables::docker_expose { 'expose step-ca' :
allow_clients => 'any',
port => 9000,
iif => $facts['networking']['primary'],
}
sunet::docker_compose { 'sunet-cdn-ca':
content => template('cdn/ca/docker-compose.yml.erb'),
service_name => 'cdn-ca',
compose_dir => '/opt/sunet-cdn/compose',
compose_filename => 'docker-compose.yml',
description => 'SUNET CDN CA',
}
}
Reference in a new issue View git blame Copy permalink