prep for hsm proxy
This commit is contained in:
parent
439784bb4a
commit
1f16fe89f1
1 changed files with 17 additions and 1 deletions
|
|
@ -137,7 +137,8 @@ class md_repo_client {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class md_signer($dest_host=undef,$dest_dir="") {
|
class md_signer($dest_host=undef,$dest_dir="",$luna_version="6.2") {
|
||||||
|
$pkcs11pin = hiera('pkcs11pin',"")
|
||||||
package { ['xsltproc','libxml2-utils']: ensure => latest } ->
|
package { ['xsltproc','libxml2-utils']: ensure => latest } ->
|
||||||
sunet::snippets::secret_file {"/etc/credentials/metadata.key":
|
sunet::snippets::secret_file {"/etc/credentials/metadata.key":
|
||||||
hiera_key => 'eidas_metadata_key',
|
hiera_key => 'eidas_metadata_key',
|
||||||
|
|
@ -149,6 +150,21 @@ class md_signer($dest_host=undef,$dest_dir="") {
|
||||||
pipeline => "${name}.fd",
|
pipeline => "${name}.fd",
|
||||||
volumes => ["/etc/credentials:/etc/credentials"]
|
volumes => ["/etc/credentials:/etc/credentials"]
|
||||||
}
|
}
|
||||||
|
file {['/etc/luna','/etc/luna/cert']: ensure => directory } ->
|
||||||
|
sunet::docker_run {"${name}_hsmproxy":
|
||||||
|
hostname => "${::fqdn}",
|
||||||
|
image => 'docker.sunet.se/luna-client',
|
||||||
|
imagetag => $luna_version,
|
||||||
|
volumes => ['/dev/log:/dev/log','/etc/luna/cert:/usr/safenet/lunaclient/cert'],
|
||||||
|
env => ["PKCS11PIN=${pkcs11pin}"]
|
||||||
|
}
|
||||||
|
sunet::scriptherder::cronjob { "${name}_restart_hsmproxy":
|
||||||
|
cmd => "/usr/sbin/service docker-${name}-hsmproxy restart'",
|
||||||
|
minute => '9',
|
||||||
|
hour => '0',
|
||||||
|
ok_criteria => ['exit_status=0','max_age=48h'],
|
||||||
|
warn_criteria => ['exit_status=1','max_age=50h'],
|
||||||
|
}
|
||||||
if ($dest_host) {
|
if ($dest_host) {
|
||||||
sunet::ssh_host_credential { "${name}-publish-credential":
|
sunet::ssh_host_credential { "${name}-publish-credential":
|
||||||
hostname => $dest_host,
|
hostname => $dest_host,
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue