prep for hsm proxy

This commit is contained in:
Leif Johansson 2018-06-20 11:59:37 +02:00
parent 439784bb4a
commit 1f16fe89f1

View file

@ -137,7 +137,8 @@ class md_repo_client {
}
}
class md_signer($dest_host=undef,$dest_dir="") {
class md_signer($dest_host=undef,$dest_dir="",$luna_version="6.2") {
$pkcs11pin = hiera('pkcs11pin',"")
package { ['xsltproc','libxml2-utils']: ensure => latest } ->
sunet::snippets::secret_file {"/etc/credentials/metadata.key":
hiera_key => 'eidas_metadata_key',
@ -149,6 +150,21 @@ class md_signer($dest_host=undef,$dest_dir="") {
pipeline => "${name}.fd",
volumes => ["/etc/credentials:/etc/credentials"]
}
file {['/etc/luna','/etc/luna/cert']: ensure => directory } ->
sunet::docker_run {"${name}_hsmproxy":
hostname => "${::fqdn}",
image => 'docker.sunet.se/luna-client',
imagetag => $luna_version,
volumes => ['/dev/log:/dev/log','/etc/luna/cert:/usr/safenet/lunaclient/cert'],
env => ["PKCS11PIN=${pkcs11pin}"]
}
sunet::scriptherder::cronjob { "${name}_restart_hsmproxy":
cmd => "/usr/sbin/service docker-${name}-hsmproxy restart'",
minute => '9',
hour => '0',
ok_criteria => ['exit_status=0','max_age=48h'],
warn_criteria => ['exit_status=1','max_age=50h'],
}
if ($dest_host) {
sunet::ssh_host_credential { "${name}-publish-credential":
hostname => $dest_host,