Skip to content

Commit 06d407a

Browse files
ehelmsehelms
committed
Rely on the generated CA certificate location when deploying the CA cert
1 parent fcd5901 commit 06d407a

File tree

7 files changed

+39
-62
lines changed

7 files changed

+39
-62
lines changed

manifests/apache.pp

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -132,5 +132,21 @@
132132
cert_mode => '0440',
133133
require => $require_cert,
134134
}
135+
136+
file { $certs::katello_default_ca_cert:
137+
ensure => file,
138+
source => $certs::ca::default_ca_path,
139+
owner => 'root',
140+
group => 'root',
141+
mode => '0644',
142+
}
143+
144+
file { $certs::katello_server_ca_cert:
145+
ensure => file,
146+
source => $certs::ca::server_ca_path,
147+
owner => 'root',
148+
group => $certs::group,
149+
mode => '0644',
150+
}
135151
}
136152
}

manifests/ca.pp

Lines changed: 0 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -58,22 +58,4 @@
5858
ensure => absent,
5959
}
6060
}
61-
62-
if $deploy {
63-
file { $certs::katello_default_ca_cert:
64-
ensure => file,
65-
source => $default_ca_path,
66-
owner => 'root',
67-
group => 'root',
68-
mode => '0644',
69-
}
70-
71-
file { $katello_server_ca_cert:
72-
ensure => file,
73-
source => $server_ca_path,
74-
owner => $owner,
75-
group => $group,
76-
mode => '0644',
77-
}
78-
}
7961
}

manifests/foreman.pp

Lines changed: 6 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@
1515
String $org_unit = 'PUPPET',
1616
String $expiration = $certs::expiration,
1717
Stdlib::Absolutepath $ca_key_password_file = $certs::ca_key_password_file,
18-
Stdlib::Absolutepath $server_ca = $certs::katello_server_ca_cert,
18+
Stdlib::Absolutepath $server_ca = $certs::ca::server_ca_path,
1919
String $owner = 'root',
2020
String $group = 'foreman',
2121
) inherits certs {
@@ -55,12 +55,11 @@
5555
}
5656

5757
file { $ssl_ca_cert:
58-
ensure => file,
59-
source => $server_ca,
60-
owner => 'root',
61-
group => $group,
62-
mode => '0440',
63-
require => File[$server_ca],
58+
ensure => file,
59+
source => $server_ca,
60+
owner => 'root',
61+
group => $group,
62+
mode => '0440',
6463
}
6564
}
6665
}

manifests/foreman_proxy.pp

Lines changed: 12 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -18,15 +18,15 @@
1818
Stdlib::Absolutepath $foreman_ssl_key = '/etc/foreman-proxy/foreman_ssl_key.pem',
1919
Stdlib::Absolutepath $foreman_ssl_ca_cert = '/etc/foreman-proxy/foreman_ssl_ca.pem',
2020
Stdlib::Absolutepath $pki_dir = $certs::pki_dir,
21-
Stdlib::Absolutepath $server_ca_cert = $certs::katello_server_ca_cert,
21+
Stdlib::Absolutepath $server_ca_cert = $certs::ca::server_ca_path,
2222
Optional[Stdlib::Absolutepath] $server_cert = $certs::server_cert,
2323
Optional[Stdlib::Absolutepath] $server_key = $certs::server_key,
2424
Optional[Stdlib::Absolutepath] $server_cert_req = $certs::server_cert_req,
2525
String[2,2] $country = $certs::country,
2626
String $state = $certs::state,
2727
String $city = $certs::city,
2828
String $expiration = $certs::expiration,
29-
Stdlib::Absolutepath $default_ca_cert = $certs::katello_default_ca_cert,
29+
Stdlib::Absolutepath $default_ca_cert = $certs::ca::default_ca_path,
3030
Stdlib::Absolutepath $ca_key_password_file = $certs::ca_key_password_file,
3131
String $group = 'foreman-proxy',
3232
String $owner = 'root',
@@ -121,12 +121,11 @@
121121
}
122122

123123
file { $proxy_ca_cert:
124-
ensure => file,
125-
source => $default_ca_cert,
126-
owner => $owner,
127-
group => $group,
128-
mode => '0440',
129-
require => File[$default_ca_cert],
124+
ensure => file,
125+
source => $default_ca_cert,
126+
owner => $owner,
127+
group => $group,
128+
mode => '0440',
130129
}
131130

132131
certs::keypair { $foreman_proxy_client_cert_name:
@@ -143,12 +142,11 @@
143142
}
144143

145144
file { $foreman_ssl_ca_cert:
146-
ensure => file,
147-
source => $server_ca_cert,
148-
owner => $owner,
149-
group => $group,
150-
mode => '0440',
151-
require => File[$server_ca_cert],
145+
ensure => file,
146+
source => $server_ca_cert,
147+
owner => $owner,
148+
group => $group,
149+
mode => '0440',
152150
}
153151

154152
cert_key_bundle { $foreman_proxy_ssl_client_bundle:

manifests/iop_advisor_engine.pp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@
4141

4242
$server_cert = "${cert_directory}/server.cert"
4343
$server_key = "${cert_directory}/server.key"
44-
$server_ca_cert = $certs::katello_server_ca_cert
44+
$server_ca_cert = $certs::ca::server_ca_path
4545

4646
$client_cert = $certs::foreman_proxy::foreman_ssl_cert
4747
$client_key = $certs::foreman_proxy::foreman_ssl_key

manifests/puppet.pp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
String $city = $certs::city,
1414
String $expiration = $certs::expiration,
1515
Stdlib::Absolutepath $ca_key_password_file = $certs::ca_key_password_file,
16-
Stdlib::Absolutepath $server_ca = $certs::katello_server_ca_cert,
16+
Stdlib::Absolutepath $server_ca = $certs::ca::server_ca_path,
1717
Stdlib::Absolutepath $pki_dir = $certs::pki_dir,
1818
String $owner = 'root',
1919
String $group = 'puppet',

spec/acceptance/certs_spec.rb

Lines changed: 3 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
describe 'certs' do
44
before(:all) do
5-
on default, 'rm -rf /root/ssl-build'
5+
on default, 'rm -rf /root/ssl-build /etc/pki/katello'
66
end
77

88
context 'with default params' do
@@ -36,22 +36,8 @@
3636
it { should be_encrypted }
3737
end
3838

39-
describe x509_certificate('/etc/pki/katello/certs/katello-default-ca.crt') do
40-
it { should be_certificate }
41-
it { should be_valid }
42-
it { should have_purpose 'SSL server CA' }
43-
its(:issuer) { should match_without_whitespace(/C = US, ST = North Carolina, L = Raleigh, O = Katello, OU = SomeOrgUnit, CN = #{fact('fqdn')}/) }
44-
its(:subject) { should match_without_whitespace(/C = US, ST = North Carolina, L = Raleigh, O = Katello, OU = SomeOrgUnit, CN = #{fact('fqdn')}/) }
45-
its(:keylength) { should be >= 4096 }
46-
end
47-
48-
describe x509_certificate('/etc/pki/katello/certs/katello-server-ca.crt') do
49-
it { should be_certificate }
50-
it { should be_valid }
51-
it { should have_purpose 'SSL server CA' }
52-
its(:issuer) { should match_without_whitespace(/C = US, ST = North Carolina, L = Raleigh, O = Katello, OU = SomeOrgUnit, CN = #{fact('fqdn')}/) }
53-
its(:subject) { should match_without_whitespace(/C = US, ST = North Carolina, L = Raleigh, O = Katello, OU = SomeOrgUnit, CN = #{fact('fqdn')}/) }
54-
its(:keylength) { should be >= 4096 }
39+
describe file('/etc/pki/katello/certs/katello-default-ca.crt') do
40+
it { should_not exist }
5541
end
5642

5743
describe file('/etc/pki/katello/private/katello-default-ca.key') do
@@ -69,10 +55,6 @@
6955
describe file('/root/ssl-build/katello-default-ca.pwd') do
7056
it { should exist }
7157
end
72-
73-
describe file('/etc/pki/katello/private/katello-default-ca.pwd') do
74-
it { should_not exist }
75-
end
7658
end
7759

7860
context 'with deploy false' do

0 commit comments

Comments
 (0)